Microsoft fixes security flaw in Windows that existed for 19 years

Microsoft has released an emergency update on Tuesday to patch a security flaw in the Windows operating system (that remained unnoticed for 19 years).

Amazingly, this vulnerability was present in every version of Windows including Windows 95 to Windows 8, allowing hackers to take control of any computer remotely whenever a user visits a malicious website.

IBM’s research team found this bug earlier this year (in the month of May) and reported the Microsoft officials. They kept this secret as they were working on developing a patch to help out users in fixing the bug. IBM officials termed this bug as “significant vulnerability” in the Windows operating system.


A statement from one of the officials from IBM (Robert Freeman) says:

“This is a “rare”, ‘unicorn-like’ bug found in code that IE relies on but doesn’t necessarily belong to. The erroneous code existed for at least 19 years and was remotely usable over the past 18 years.”

Why this vulnerability is a significant one?

This vulnerability was significant on two accounts, first, it remained hidden for over 19 years and it involves arbitrary data manipulation—that is fairly uncommon these days.

Not the last one:

IBM warns that there could be other, similar bugs that haven’t been discovered yet, with multiple exploitation techniques for attackers to install keyloggers, screen grabbers and remote access tools. Users are just lucky this one was caught—eventually.

Related Posts