Why The 17-Year Flaw in Microsoft Windows Is Dead Serious

In case you didn’t catch the buzz going around, the story of how an ancient Microsoft Windows flaw was found after 17 years is pretty-well explained at the Inquirer. The news was particularly shocking because it was a simple hole that has been in existence since Windows 3.1 all the way up to the latest Windows 7! That’s a serious bug.

Quite a few commenters on that site and others have down-played the vulnerability, saying things like “Meh, who uses 16-bit anyway?” Which goes to show that the home user doesn’t think like a hacker. Guess what? Most of the programs to exploit Windows security holes are 17 years old, too! In fact, if you were a hacker (we know, the correct word is “cracker,” but English is changing) downloading security-cracking software, you’d have more of a real problem getting updated software than you would getting legacy software.

Old software never dies in the hacker/cracker community. In fact, it goes back to the pre-Windows era, from BBS and IRC systems and Usenet archives. Back then it was covered under the blanket term ‘warez,’ and you could find vulnerability scanners, packet sniffers, rootkits, viruses, worms, and key loggers free for the download – complete with instructions! This stuff gets passed from generation to generation. There’s no doubt that a lot of it exploited DOS.

If you’re a corporate IT admin with Windows boxes under your charge, you should be taking this with top-priority seriousness.