It has come to light that there is a security flaw in the NTVDM (NT DOS virtual machine), which is the process that runs when you open a command prompt (DOS window) on any 32-bit version of Windows. This flaw has existed since the very first version of the service on Windows NT and could allow a specially written 16-bit application to escalate the user's rights to that of administrator -- proof-of-concept code already exists for such an attack.
Microsoft has acknowledged the flaw in the NTVDM, but does not intend to immediately fix it. Instead, they have released a One Click Fix for this issue which changes a registry setting to prevent the NTVDM from launching.
The problem with this approach is that there are still 16-bit enterprise applications out there (both on client, and on servers) that work perfectly well and need to continue doing so. The options for companies relying on such legacy applications are limited: they can either stop using their applications (not really an option for some), or they are forced to live with the possibility that users could gain administrative rights on their machines.
The question boils down to whether Microsoft has an obligation to correct this problem in what is by today's standards an ancient piece of code that's sole purpose is to allow people to run ancient software. I would argue that while it's fair for Microsoft to stop shipping the NTVDM as they have in the latest version of Windows Server 2008, until they stop providing it across all of their operating systems, they need to support it and if that means fixing a very old security hole properly, then so be it.
Click here to download:
http://support.microsoft.com/kb/979682
