Post Wed Jan 20, 2010 9:56 am

Windows hole discovered after 17 years

Travis Ormandy has published details about a 17 year old flaw in the  DOS virtual subsystem, which dates back to the NT3.1 days (http://www.h-online.com/security/news/i ... 08917.html).  Basically, it allows unprivileged users system level access.

Here is the technical write-up by Travis himself, http://archives.neohapsis.com/archives/ ... /0346.html.

It's officially CVE-2010-0232 aka Microsoft Windows NT #GP Trap Handler Allows Users to Switch Kernel Stack.
-Un
CISSP, GCIH, GCIA, C|EH, Sec+, Net+, MCP