You don't really need flaws to break into Windows:

- there are lots of blank administrator passwords on Windows computers

- the name of the administrator account on Windows is well known (just guess the blank password)

- the ports for the Remote Desktop feature are not blocked by firewalls

Is it safe to play RoadRash?

To exploit this remotely, you'd need to be running a networked 16-bit app. Thing is, nobody is. Nobody has for 15 years. The only way you'd take advantage of this is by putting a specially crafted 16-bit app on someone's computer and executing it. And if you can get anything on someone's computer and execute it, it's game over anyway, really, isn't it?

AquaVixen, well nice try at pretending to know your stuff there.

MS DOS has not been in since XP, but it is not MS DOS we are talking about here ;)

This has been known about at least since the Windows 98 days. It has never been fixed because Microsoft has never discussed it.

There is no "Virtual DOS Machine".

Yet XP will still run 16-bit DOS programs!

Who am I to believe, AquaVixen? You, or my own lyin' eyes?

Did you even read the link? They seem to take a VDM for granted, and give API calls...

You actually believe this editor's bullshit? Windows hasn't used "Virtual DOS Machine" since Windows XP was released.

It's not there, it doesn't even exist any more, Vista and 7 and XP are entirely 32-bit and up now.

Really... i swear they'll write anything in here. *Sigh*

You need to re-read the article, which specifically states that Win 7 aka Vista SP2 is equally vulnerable.

Which drives the final nail into the coffin of Vista "written from scratch" as far as I'm concerned.

"Ancient Windows flaw found after 17 years
And you never knew it was there"

I knew something was wrong for all those years 'cos none of the wretched versions ever worked properly

Windows 7. You try to increase the priviledges you get told :S

Also if it doesnt a simple AV does it for you :S

OMG...

Oh and a so called security expert published a file just because he told Microsoft last year and they ignored it (first of all so he says he told them) doesnt give him the right to publish it...

Imagine if Android finally gets the full version and Microsoft do the same or even Apple...

Hole like this are all to do with compatability, you want an OS which can run pritty much everything you have to be ready for flaws its why you have AV. If you know what you are doing and have limited apps you need get Liunx, but first think, YOU WOULD BE SPENDING ALL YOUR TIME TEACHING YOUR PARENTS HOW TO USE THE THING FIRST and then THE REST OF THE TIME TO YOUR MATES...

As for Apple... LOL...

"16-bit support should be dropped altogether, even on a processor level. "

Uhm, they did. It's called x86-64. Which is why this bug doesn't affect 64 bit systems.

Yes, you are correct. Windows ME was based on Windows 98 and was little more than a Plus! pack.

I still wonder why they didn't make Win7 in x64 only.

Just that latest evidence that you cannot WIN using Micr0$ucks products, but you are certain to LOSE.

I guess maybe it is good thing that LoseDoze XP/Vista/7 64-bit doesn't support 16-bit mode, even though though the hardware supports it.

I always thought of this as more of a Feature than a Bug. Must be the Developer in me..

I believe windows 95 and 98 had native 16-bit support. Windows ME probably was released after nt 3.5, but I would imagine there are fewer vulnerabilities for these machines due to there being less of them about nowadays.

The article states that this is a flaw in *every* version of Windows since NT 3.5. Doesn't anyone remember that there once was a Windows product known as Windows 9x and Windows ME, and that those products continue to show us that they have significantly fewer vulnerability issues than the much touted NT-based versions of Windows?

This is not the oldest or biggest flaw actually.

The oldest and biggest flaw is even more serious, its the flaw that Windows was written in the first place.

And WHEN can we get them to pull their trousers up over their arse?

I can't even get some 32-bit software to run on Vista, yet they're still trying to support 16-bit stuff? Huh?

Even I'll give M$ a pass on this one. It's probably unavoidable
due to the history of DOS, and luckily (seems) wasn't discovered
when 16-bit programs were common. But there should be a *fix*
other than just turning off the whole sub-section, still many
programs (perhaps with dedicated hardware) that need to be
accommodated.

What's galling about M$ security isn't their not foreseeing
possible mis-use of low-level arcana, but their high-level
"features", such as Active-X, numerous network services, Internet
Explorer up to at least v6, Autoplay, and the Registry snakepit
that *should* be for the OS only (and limited in function so can
be *trusted*), but is in fact wide open. Those all have *obvious*
flaws and drawbacks and yet ARE ON BY DEFAULT, like "balloon
tips", with no easy way to change setting.

OMFG NOW I CANT PLAY SIM CITY 2000@$@#$#

Getting rid of 16bit mode all together is not such a bad idea. With fast processors and virtual machine software available these days, those needing to run a 16bit app can just as easily do it in an emulated environment. Performance gains being what they are, I doubt that anyone would notice the difference anyway.

Who knows, getting rid of 16bit mode from modern processors might actually make it easier to make them faster and more efficient.

All they need to do is make an applet in control panel that says "ENABLE/DISABLE 16-BIT PROGRAMS" and the problem is solved.

In regards to the person who said to remove 16-bit mode at the processor level. That's be a TERRIBLE idea as it'd cripple compatibility for those trying to use 16bit systems.

If you're going to be a Grade-A jerk and cut compatibility inside a OS, atleast have the decency to leave it in the hardware for those poor souls who need to use legacy systems.

16-bit support should be dropped altogether, even on a processor level.
If corporate users really really need it, then Microsoft should fund/support/bundle DOSBox. It works really well on modern computers.