Windows plagued by 17-year-old privilege escalation bug

[polonus]

Hi FwF,

My avatar is shown in Firefox or Flock, but I miss it in GoogleChrome, when I put the link into a new tab it gives connection problems for: http://forum.avast.com/index.php?action=dlattach;attach=5730;type=avatar
What is wrong there, should I clear the cache or what?

pol

[FreewheelinFrank]

Hi Polonus,

Works for me in Chrome on Linux.

[Hermite15]

Hi Polonus,

Works for me in Chrome on Linux.

off topic again: just when I was wondering if I was going to reinstall Linux or not...had my worse issue with it two days ago...solved in the meantime, but it shouldn't have happened in the first place...
http://forum.avast.com/index.php?topic=53644.msg455010#msg455010

ps: Chrome works fantastic in Linux

[FreewheelinFrank]

Hi Polonus,

Works for me in Chrome on Linux.

off topic again: just when I was wondering if I was going to reinstall Linux or not...had my worse issue with it two days ago...solved in the meantime, but it shouldn't have happened in the first place...
http://forum.avast.com/index.php?topic=53644.msg455010#msg455010

ps: Chrome works fantastic in Linux

Font rendering isn't as nice as Firefox or Opera.

Fonts render like in Firefox 3.0

Mind you, it took me a while to get used to the way fonts rendered in Firefox 3.5.

 

[Hermite15]

yeah, I know about the fonts, that's one thing that I hate about Linux, in Firefox and Chrome, the font rendering. A bit better in Opera. Anyway, I've tried everything, switch to Liberation Fonts, even imported fonts from Windows and apply them...just a no go...you get used to it after a while, if you run Linux only   Rebooting from Windows into Linux underlines the difference each time again  
 What I meant is that Chrome is still faster in Linux, well from what I've seen with the Google version of Chromium. Anyway, I know some people manage to get fantastic fonts in browsers in Linux, but I have no idea how, or I forgot. Someone explained how he did it a while ago on Mandriva's forums, and when I tried to reproduce it didn't work. Don't know what it was anymore.

ps: not sure about it but I wonder if in the end the 24 bit limitation isn't an issue...

[polonus]

Hi malware fighters,

To go back on topic, it is not an old hole - a 0day 16bit problem also present in Win7...: ( ISC.SANS, 19 Jan. 2010)

In a posting to a public mailing list, Tavis Ormandy disclosed a zero day privilege escalation vulnerability in the Windows kernel. All versions of Windows, starting with Windows NT 3.1 up to including Windows 7, are affected.

The vulnerability affects support for 16 bit applications. In most cases, it is safe to turn off support for 16 bit applications.

Here are the mitigation instructions (copied from the advisory):

Temporarily disabling the MSDOS and WOWEXEC subsystems will prevent the attack from functioning, as without a process with VdmAllowed, it is not possible to access NtVdmControl() (without SeTcbPrivilege, of course).

The policy template "Windows ComponentsApplication CompatibilityPrevent access to 16-bit applications" may be used within the group policy editor to prevent unprivileged users from executing 16-bit applications. I'm informed this is an officially supported machine configuration.

Administrators unfamiliar with group policy may find the videos below instructive. Further information is available from the Windows Server Group Policy Home

http://technet.microsoft.com/en-us/windowsserver/grouppolicy/default.aspx.

pol

[Hermite15]

Hi Polonus and thanks for the reminder: turned off just now  I saw this setting before but I didn't mind, I do now