Microsoft Corporation has released an update to patch a security flaw in Windows that remained unnoticed for 19 years.This vulnerability was present in all versions of Windows since Windows 95 that allows attacker to take control of any computer remotely after sending them to a malicious website.
IBM’s security researchers discovered this flaw earlier this year and reported this bug privately in May.IBM security researchers named this bug as “Significant Bug”.IBM says the exploit can be triggered on Internet Explorer 3.0 onwards,and every currently supported version of Windows is affected.
“This vulnerability has been sitting in plain sight for a long time despite many other bugs being discovered and patched in the same Windows library,” says IBM researcher Robert Freeman.
“This is a “rare”, ‘unicorn-like’ bug found in code that IE relies on but doesn’t necessarily belong to. The erroneous code existed for at least 19 years and was remotely usable over the past 18 years.” Robert said.
Microsoft provided patches for Windows 8.1,Window 7 and Windows Vista and various server releases.Microsoft stopped supporting Windows XP earlier this year so Windows XP users will not be protected if attacker tries to exploit the bug.The bug has a rating of 9.3 out of 10 on Common Vulnerability Scoring System (CVSS).