
Microsoft confirms 17-year-old Windows bug - thafman
http://www.computerworld.com/s/article/9146820/Microsoft_confirms_17_year_old_Windows_bug
======
NateLawson
This was a nice finding by Tavis. A lot of the BIOS code and interfaces with
it are overdue to be thrown out or audited. NT had a lot of subsystems (VDM,
POSIX, OS/2?) that have moldered through MSFT's 2004 change in secure
development awareness.

This bug appears to only be useful for privilege escalation (ring3 -> ring0),
so worry about rootkits or if you run Windows terminal services.

