Microsoft has confirmed it is on course to issue a patch next Tuesday for a recently discovered 17 year old Windows vulnerability.
In January Neowin reported on the recent discovery of a Windows vulnerability that has existed since the release of Windows NT 3.1 in 1993. The vulnerability has only recently been published but it appears 32-bit Windows operating systems have inherited the flaw since NT 3.1.
Microsoft issued a Security Advisory on the vulnerability. The software giant described the flaw as an "Elevation of Privilege (EoP) vulnerability in the Windows kernel, affecting all currently supported versions of 32-bit Windows." 64-bit versions of Windows, including Windows Server 2008 R2, are not affected. The problem exists due to a flaw in the Virtual DOS Machine (or VDM), which was used to support 16-bit applications. The flaw allows for a 16-bit program to manipulate the kernel stack of processes.
In a company blog posting on Thursday, Jerry Bryant, Sr. Security Communications Manager at Microsoft confirmed "we are on track to release an update for this issue next Tuesday (February 9)." Microsoft will also be releasing 13 bulletins - five rated Critical, seven rated Important, and one rated Moderate - addressing 26 vulnerabilities.
