Microsoft Fixes 19-Year-Old Windows Bug

Microsoft has fixed a critical bug that has been present in every version of its operating system since Windows 95.

The bug was discovered by IBM researchers in May and was patched in this week’s Patch Tuesday run, but with Windows XP no longer receiving security updates, the critical bug could still exist in what remains the world’s second most used version of Windows.

Despite the severity of the flaw, Microsofts’s fix does not cover Windows XP because the company is sticking to its policy of leaving XP unsupported. The bug was patched in Windows Vista, Windows 7, 8 and 8.1.

The flaw could allow attackers to run code remotely on affected systems. “The bug can be used by an attacker for drive-by attacks to reliably run code remotely and take over the user’s machine” said IBM researcher Robert Freeman.
A drive-by attach is when malicious software is automatically downloaded to a victims PC without the need to tempt that person into clicking anything. The simple act of visiting a website is often enough.

However, freeman concedes that IBM “hasn’t found any evidence” that hackers had taken advantage of the flaw but did say “it’s only a matter of time” before experts detect attacks that use the flaw to take over windows XP computers, which remain vulnerable.
The researchers believe the bug would probably have been worth a small fortune had some uncovered it earlier and sold it to hackers.

Are you still running Windows XP in your Business?

We can lease your business a new PC from as little as £4.00 per week and look after it for the full 3 years and refresh your equipment every 18 months so you have the latest equipment. Give us a call on 0121 285 0098 to discuss how it all works.