Facebook Plunges Again
Tumblr 101: Tips And Tricks To Get Started
17 year-old security flaw in NTVDM makes the DOS prompt an enterprise nightmare
It has come to light that there is a security flaw in the NTVDM (NT DOS virtual machine), which is the process that runs when you open a command prompt (DOS window) on any 32-bit version of Windows. This flaw has existed since the very first version of the service on Windows NT and could allow a specially written 16-bit application to escalate the user's rights to that of administrator -- proof-of-concept code already exists for such an attack.
Microsoft has acknowledged the flaw in the NTVDM, but does not intend to immediately fix it. Instead, they have released a One Click Fix for this issue which changes a registry setting to prevent the NTVDM from launching.
The problem with this approach is that there are still 16-bit enterprise applications out there (both on client, and on servers) that work perfectly well and need to continue doing so. The options for companies relying on such legacy applications are limited: they can either stop using their applications (not really an option for some), or they are forced to live with the possibility that users could gain administrative rights on their machines.
The question boils down to whether Microsoft has an obligation to correct this problem in what is by today's standards an ancient piece of code that's sole purpose is to allow people to run ancient software. I would argue that while it's fair for Microsoft to stop shipping the NTVDM as they have in the latest version of Windows Server 2008, until they stop providing it across all of their operating systems, they need to support it and if that means fixing a very old security hole properly, then so be it.
Comments
6
Subscribe to commentsRUGRLNFeb 8th 2010 1:25PM
Well if it's been around for 17 yrs and not caused any harm...informing ppl about wasn't so wise now was it?
PeterFeb 8th 2010 1:53PM
Security by obscurity doesn't work.
PeterFeb 8th 2010 1:52PM
"I would argue that while it's fair for Microsoft to stop shipping the NTVDM as they have in the latest version of Windows Server 2008" - The only reason it's no included is that 16-bit applications cannot be run on any of Microsoft's 64 bit OSs. None of their 64 bit operating systems are affected by this bug.
AemonyFeb 8th 2010 8:33PM
True, which is also why Microsoft probably won't fix it. After all most Windows 8 rumors speculate of a x64 version release only.
pb2004Feb 9th 2010 5:01AM
"It has come to light that there is a security flaw in the NTVDM (NT DOS virtual machine), which is the process that runs when you open a command prompt (DOS window) on any 32-bit version of Windows."
Command Prompt isn't DOS window. Cmd.exe (process which is started by Command Prompt shortcut) is normal 32-bit/64-bit app and ntvdm is not used. Otherwise because Windowses x64 don't have ntvdm so would not have also cmd.exe. Examples of 16 bit processes in 32-bit Windowses are: sysedit.exe and command.com (this is actually DOS window).
bwcbizFeb 9th 2010 10:59AM
True. This isn't the command prompt. This is the wrapper program that Windows uses to run old 16-bit Windows programs. If you run Civilization 2 (for example) on Vista and open task manager you can see that it spawns an NTVDM.exe and then runs civ2.exe as a child process.
If you need to run pure DOS programs under Windows, there's always DOSBox.