A warning to all VARs supporting customers that use any 32-bit Windows version hailing all the way back to Windows 2000: There's a flaw in the kernel. But don't press the panic button. Here are some details to put you (and your customers) at ease.

Dave Courbanou

January 22, 2010

2 Min Read
Microsoft: 32-Bit Windows Kernel Has Hole

Windows 32 bug

Windows 32 bug

A warning to all VARs supporting customers that use any 32-bit Windows version hailing all the way back to Windows 2000: There’s a flaw in the kernel. But don’t press the panic button. Here are some details to put you (and your customers) at ease.

Basically, there’s a hole in the 32-bit kernel. What does that mean exactly? In theory, someone could install programs, manipulate data or mess with user account with full rights. It sounds scary, but it’s actually kind of lo- key. Even though Windows 7, Vista, XP and 2K (including their server counterparts) are affected, it’s hard to exploit without you already having super-lax security.

To perform the exploit, you’d need to already have access to the computer — and local access at that. So either someone internally would be performing exploit, or you, the user, forgot to lock your screen. Once the hacker is in, however, s/he could take it’s own account (or yours) and upgrade it to Admin access, letting the hacker do whatever s/he wants.

According to CNET:

Jerry Bryant, senior security program manager at Microsoft, said there isn’t anyone out there actively prodding at this security hole. “We are not currently aware of any active attacks against this vulnerability, and Microsoft believes the risk to customers, at this time, is limited…”

To be on the safe side, Microsoft will (of course) be releasing a patch. For the time being, there’s a Microsoft sanctioned workaround disabling the Windows Virtual DOS Machine (NTVDM) subsystem. It closes the hole, and for most users it’s not that big of a deal, since it’s essentially software that lets Windows run DOS and 16-bit Windows software.

And for all you out there using 64-bit versions of Windows, you’re in the clear.

Happy computing.

Read more about:

AgentsMSPsVARs/SIs

About the Author(s)

Dave Courbanou

Dave Courbanou

See more from Dave Courbanou
Free Newsletters for the Channel
Register for Your Free Newsletter Now
Subscribe

You May Also Like

Galleries
See all
Sep 16 - Sep 19, 2024
Join us for MSP Summit, September 16-19, 2024 in Atlanta, GA. You don't want to miss the industry’s most innovative and inspiring gathering of business leaders focused on growing their managed services businesses. This year’s MSP Summit will help attendees stay ahead of exponentially increasing security threats, expanding their range of services through a merger or acquisition and embrace a wide range of innovative new technologies. Get notified when registration opens.
Sign Up For Special Deal