Microsoft on Wednesday is officially patching a bug that existed in its Windows operating system for 19 years, according to a new report from IBM\u2019s Security Intelligence arm. The security flaw had been present in every single version of Windows since Windows 95 was released, IBM said, noting that the bug was complex and rare.<\/p>\n
\u201cThe bug can be used by an attacker for drive-by attacks to reliably run code remotely and take over the user\u2019s machine \u2014 even sidestepping the Enhanced Protected Mode (EPM) sandbox in IE 11 as well as the highly regarded Enhanced Mitigation Experience Toolkit (EMET) anti-exploitation tool Microsoft offers for free,\u201d the security team explained in a recent blog post.\u00a0\u201dTypically, attackers use remote code execution to install malware, which may have any number of malicious actions, such as keylogging, screen-grabbing and remote access,\u201d the researchers said.<\/p>\n
IBM said that this just shows that small bugs can exist for years and years, in this case for more than a decade, before they\u2019re actually detected by anyone, and that the flaw in Windows potentially left an open hole for remote exploitation for the last 18 years, though the \u201cbuggy code\u201d that enabled it has existed for 19 years. IBM said it first discovered the bug in May 2014 and that, had it been found by someone else, it could have \u201c\u00a0fetched six figures on the gray market,\u201d among hackers who might have used it to cause serious harm to computer systems. The researchers explain the ins-and-outs of how it works very technically, so hit the source for a deeper understanding.<\/p>\n
\n<\/em><\/p>\n