Windows Bugs

Windows 9x/NT/2000 are large operating systems running on PC. Because they are large, they bear some bugs. So let me tell you some known bugs in Windows.

The bugs exist in Windows applications (including accessories and system tools), in Windows Explorer and Internet Explorer, and even in Windows kernel. Bugs in Windows kernel is not easy to discover because I am neither a hacker, nor anyone that can get source codes of Windows. What I can tell you are only known bugs that can be easily discovered and replayed.

The first one to show you is the Notepad bug.

Open Notepad first. Then set its text font to "Fixedsys". Turn on "Word Wrap". Repeatedly type "1234567890 " (notice that there is a space at the end of the string) until Notepad wraps the words when passing over the end of the line. Then delete the space between the last two words. Save the text as a file, without moving the Window. Add the deleted space back to its original position. Save the file again. Then try moving the cursor. You will find something strange. Notice that during this, you should not move the window or resize the window, or switch to other windows. This bug is because notepad doesn't refresh its display after saving the file.

This bug existed since Windows 3.1 (or even earlier). Note that the bug is not fixed up to Windows 8.1. In Windows 10 it seems that this bug is fixed (verified in 1511 [version number 10.0.10586]).

The second to show is on the Windows 98/Me startup disk.

If there is no accessible hard disk partition found on your computer, there will be information telling you there is something wrong with your computer or hard disk. But there is an obvious bug: After the second note of the information, there is a dot staying solely in a line. If you open the file SETRAMD.BAT, you will find a line "echo .", which should be "echo.". The text is listed below.

Windows Millennium Edition has detected that drive C does not contain a valid
FAT or FAT32 partition. There are several possible causes.

1.  The drive may need to be partitioned. To create a partition on the drive,
run FDISK from the MS-DOS command prompt.

2.  You may be using third-party disk-partitioning software. If you are using
this type of software, remove the Emergency Boot Disk and restart your
computer. Then, follow the on-screen instructions to start your computer from
a floppy disk.
.
3.  Some viruses also cause your drive C to not register. You can use a virus
scanning program to check your computer for viruses.

A bug of Windows Me: After the computer wakes up from Sleep Mode, Windows Me seems to have forgot the typematic rate and typematic delay settings for the keyboard.

Windows 9x and Windows 2000 IME (Input Method Editor) vulnerability: This issue has been solved in Windows 2000 Service Pack 2, but it revealed a system vulnerability of Microsoft's Windows and Windows NT. If I were requested to design a secure operating system, I would reserve a special user named "not logged on" for the OS. Before logging on, that user is current. The user should not modify any files other than that in the logon temporary directory. The user can only read files that are included in the operating system. But Microsoft didn't make it like that. Windows 2000 and Windows Me paid most respect to the user before logon (joking). The user actually can do almost everything. He can delete files, copy files, create files, run programs, and so on. What he cannot do is to see and communicate through the interface of any programs that are running, except the logon dialog box. How to replay this vulnerability? Please follow the instructions:

  1. Open an IME (Input Method Editor). To do this, you should firstly place the cursor in the "User Name" control, and press Ctrl + Shift (the Simplified Chinese Version of Windows 2000 has this function, which is not provided with the English Version of Windows 2000). Right-click on the IME bar, and select "Help". The help file should be an HTML help file (*.CHM, Compiled HTML Document).
  2. Click the button "Options", and select Internet Options. The "Internet Properties" dialog box opens.
  3. Click the button "Accessibility Options", and then "User defined style sheets -> Format documents using my style sheet". Click "Browse". Type "*.*" in the browser dialog box and press ENTER to confirm. Thus, you can browse any drive, run any program using mouse right-click (do not double click or press ENTER, or the operation will be considered "locate"), copy files, move files and delete files. There is only one thing different: Any program run wouldn't be visible.
  4. Even you can "log on" without notifying the "log on" dialog box. To do this, create a shortcut to "C:\WINNT\System32\EXPLORER.EXE", and set its property to "Run as a different user". Run it and fill in with correct user logon information. You can now use the computer as if you've logged on while the "log on" dialog box is still open. Of course, there would be something different, as you might feel.

This vulnerability is because of the design of Windows 9x and 2000. There is another fact: When any program crashes before logon (those programs starts before user logon), Windows will ask the user to confirm whether to end the program or to debug the program. If the user chooses "debug", the debugger actually starts.

I recently found a bug in Microsoft Windows Media Player 7.1. If there are songs whose names contain double quotation marks ASCII 34 (") in the play list, the program doesn't automatically change it into a formal format (like in HTML, the correct expression should be "). The program reserves the mark. If the exported play list is imported in the future, an error will occur. By the way, I want to tell you that the song name I entered was: March from "The Merry Widow". Windows Media Player 8 (brought with Windows XP) would automatically convert ASCII 34 (") to ASCII 39 (') when creating the play list.

I recently found another bug of Windows. Resize a window to make only the title bar is visible. Press Alt + F to call out its "File" menu. You will see that there is something strange on display. Press Alt again to release the menu. You will find that the position of the File menu item remains. The window didn't redraw itself. See the following pictures.

^ Top of page

As Windows paces on, old bugs are being fixed and new bugs are being introduced. One bug in Windows Vista is that a console window ought to be able to open an IME (input method editor), but after some time of running due to some reason, it is no longer able to open IME in that console window. The only way to solve this problem is to close it and open a new window to do what it does.

And another bug that appears in many versions of Windows from Windows 2000 through Windows Vista is that "alway on top" windows sometimes go under standard "not always on top" windows. This bug is discovered when I programmed a small utility called "freememind", which displays the current amount of free memory of the system. To make it easy to see, I did't put it in the system tray as a notification icon. Instead I put it on the desktop as an "always on top" window. However sometimes it does go under other windows as I use the system, switching among windows. And there are two situations: in one situation, when it goes under another window, I activate it and it again stays on top. In the second situation, when it goes another window, I activate it and it goes up, but when I activate another standard window, it again goes under that window, which means it is no longer "always on top". I checked all its source code but didn't find anything wrong. This behavior has been seen with Task Manager with "always on top", too. So I guess this should be a bug of Windows.

Return to Overview