Sorry i don't feel any sympathy for the "poor" folks at security firms. Afterall, isn't that what they get paid to do?

Interesting--one comment says betanews is a pawn of Microsoft, while the next one claims it is a pawn for MS Bashers. Perhaps they are more fair than some say they are.

Oh wow. Vista has a serious bug and Beta news is trying to downplay it? Lol. BetaNews is a pawn of Microsoft after all.

amusing this article to draw attention to the obnious fact that Betabews is nothing more than a pawn for MS bashers. Case in point- Steve Jobs and Apple are now under serious investigation for SEC violations that could cost them a lot of money and land Jobs in Jail but does Betanews mention anything about this? No! Instead they have an article about Gerald Ford passing away.

Edit- I am using this article to draw attention to the obvious fact that Betanews is nothing more that a pawn for MS bashers- cas in point- Steve Jobs and Apple are now under serious investigations for forging back-dated options. This could cost them a lot of money and land Steve Jobs in jail. Instead, Betanews ran an article about Gerald Ford passing away. I suppose they will tell us he invented the internet.

Sorry for the typos.

Without the 'code' I have to post this:
Why on earth would the MessageBox function access a log file? Or any file? Or take/parse the lpText (2nd) parameter and go ahead and access that? As a software developer I'm astounded by this thread and would like to see some proof.

Oh my god! Windows has a bug?

here is very funny test about your future sexual life:

http://sextest.emigrantas.com

just try it and you will get a big dose of laught :)

Spam :P

Wish we could rate comments--and if all 5 ratings were negative, the mods would have to double check it to ensure it follows the rules. Spam/advertisements on these forums, IMHO, should not be tolerated. Getting off topic is one thing, but this is just plain spam.

ok, no exploits yet. so how does the title of this article signify headachs and such? no exploit, no headachs at m$.. ok enough with the embelished titles its getting old thnks

This flaw is locally exploitable only

"In fact, its apparent discoverer wrote that he believes the problem could be due to some debugging procedure that has never been cleared out. If that’s accurate, it could be testament to the sheer amount of “legacy” code in Windows whose actual purpose, years after its creation, may have been long forgotten."

That's possible--ever looked in the system32 folder of your windows xp pro install? There's edlin.exe, moricons.dll, edit.com, exe2bin.exe, recover.exe, progman.exe, and even more legacy apps/16 bit executables. Hence in theory, perhaps an old link to an old file that finally was rid of in Windows over the years still had an ancient peice of code that linked to it, even though Windows 2000 and later did not actually have the file.

This is a headache for Microsoft--the legacy support with new OSes comes with a cost--remember the WMF problem a year ago? Technically the same type of thing--except the vulnerability there was in the old Windows 3.1 code for Windows Metafiles, but the exploit was unusable until newer code in a separate api designed in Windows 2000 and later!

So the moral to the story is--those that whine on and on that Windows XP does not support your favorite MS-DOS apps? The one's it does support are likely full of security holes when coupled with the new code, so--QUIT WHINING ABOUT WINDOWS 3.1 AND MS-DOS SUPPORT! :D

Next thing ya know, internet explorer will have some new vulnerability because it somehow directly accesses a vulnerability in DOS 4.x's edlin.exe =}

Who uses MS-DOS apps anymore? Aren't those obsolete?

"Who uses MS-DOS apps anymore?"

UPS, major accounting firms, many law firms--just because consumers don't use MS-DOS apps does not mean businesses don't. Granted, it remains a mystery as to why the heck Windows XP Pro has edlin.exe in it, I mean geez, just use notepad or if you're die-hard DOS, use the MS-DOS editor instead :)

I think they use Terminals to unix or AS400 systems, and law firms that use WP for dos get what they deserve (and also works fine on Vista, BTW)

The world moves on.

I would guess that EDLIN is still there to support batch files that depend on it. Unlike Notepad or EDIT, you can script EDLIN through redirection, which allows you to do things in batch files that would be difficult to do without it.

That's pathetic that after all this time companies STILL haven't updated their software to Windows versions. They've had over 10 years for crying out loud!

All that legacy code compatibility is what has crippled Office 2007's new OXML format, too. Even Microsoft can't write conversion filters for their own version of Office for the Mac before another 6-12 months with a full staff of coders working on it nonstop. Merely porting the Win32 API isn't enough.

Format compatibility is so then. This is now, and It's simpler than ever for those wanting to jump, 2007 is a great time to move to 64-bit Linux and OpenOffice's ISO-certified universal OASIS OpenDocument Format (ODF).

Why not just copy con though? :D

if they don't need to, why would they?

Doesn't this article and the previous comments answer your question?

Legacy code *may* contain all sorts of bugs that have never been found before. The only reason it is included in current software is for backwards compatibility for people who are unable or unwilling to upgrade to newer versions of software. So everyone is put at risk of security exploits because a very small minority refuse to upgrade.

With the x64 versions of Windows, the 16-bit subsystem is no longer included at all. And I bet these versions are a *lot* more secure because of it.

Blimey! I didn't think anyone else was old enough to remember that one!