Microsoft Releases Patch to Fix 19-Year-Old Windows Bug
Microsoft has released a patch to fix a critical vulnerability for Windows that has existed for 19 years.
The flaw, which was discovered by IBM security researchers and privately disclosed to Microsoft in May, has been present in every Windows version since the release of Windows 95, nearly two decades ago.
According to a Microsoft security bulletin the vulnerability “could allow remote code execution if an attacker sends specially crafted packets to a Windows server.” In other words, if attackers are able to trick users into visiting a bad URL they could infect and gain control of any unpatched Windows machine.
Windows 8.1, Windows 7 and Windows Vista users should update their computers as quickly as possible. However, users who still run Microsoft XP will still be left vulnerable as the company ended support for its 13-year-old operating system earlier this year.
Coined WinShock by some folks, the vulnerabilty scored a 9.3 out of 10 on the Common Vulnerability Scoring System (CVSS).
“This vulnerability has been sitting in plain sight for a long time despite many other bugs being discovered and patched in the same Windows library,” writes IBM security researcher Robert Freeman on the IBM security blog.
Freeman went on to say that IBM hadn’t come across any evidence that the bug had actually been exploited by Internet attackers but said it could have been sold in the six-figure range if it’d been discovered by the wrong people.