sciencetech-blog

comments

It could be one of the oldest bugs in the computer world.

Microsoft today issued a patch for a major security hole in its Windows software that it admitted has been  there for 19 years.

Experts at IBM spotted the bug - and found it was even present in the code for Windows 95.

Bill Gates in 1995 during rehearsals for the August 24 launch of Windows '95. Researchers have found a serious security flaw in the software remained in Windows systems until this week, when the firm finally patched it.

IBM's cybersecurity research team discovered the bug in May, describing it as a 'significant vulnerability' in the operating system.

'The buggy code is at least 19 years old and has been remotely exploitable for the past 18 years,' IBM X-Force research team said in its blog on Tuesday. 

The bug, which is present in every version of Microsoft Windows from Windows 95 onward, allows an attacker to remotely take over and control a computer.  

'We reported this issue with a working proof-of-concept exploit back in May 2014, and today, Microsoft is patching it,' they said.

'It can be exploited remotely since Microsoft Internet Explorer (IE) 3.0. 

'This complex vulnerability is a rare, 'unicorn-like' bug found in code that IE relies on but doesn't necessarily belong to it. 

Microsoft finally fixed the flaw this week with a security patch it urged all users to download

'The bug can be used by an attacker for drive-by attacks to reliably run code remotely and take over the user's machine 

'Looking at the original release code of Windows 95, the problem is present.' 

Typically, attackers use remote code execution to install malware, which may have any number of malicious actions, such as keylogging, screen-grabbing and remote access, the researchers say.