One of the reasons I’ve never liked Windows is that it was never made to deal with the security problems of working in a networked, multi-user world. As a direct result, Windows has been fundamentally insecure for more than a decade. Even so, I was surprised to find that there’s a 17-year old security hole that’s been in Windows since NT and it’s still present today in Windows 7.
Wow. Even I’m shocked by this latest example of just how rotten Windows security is. It just reminds me again though that while Microsoft keeps adding features and attempting to patch its way out of security problems to Windows, Windows’ foundation is built on sand and not on the stone of good, solid design.
Tavis Ormandy, a Google security engineer, uncovered this new ‘old’ hole while digging around Windows. Ormandy found that way back in 1993 in Windows NT that Windows included a ‘feature’ to support BIOS service routines in legacy Windows 16bit applications.