It could be one of the oldest bugs in the computer world.
Microsoft today issued a patch for a major security hole in its Windows software that it admitted has been there for 19 years.
Experts at IBM spotted the bug - and found it was even present in the code for Windows 95.
HOW IT WORKS
The
bug, which is present in every version of Microsoft Windows from
Windows 95 onward, allows an attacker to remotely take over and control a
computer.
Typically,
attackers use remote code execution to install malware, which may have
any number of malicious actions, such as keylogging, screen-grabbing and
remote access.
IBM's
cybersecurity research team discovered the bug in May, describing it as
a 'significant vulnerability' in the operating system.
'The
buggy code is at least 19 years old and has been remotely exploitable
for the past 18 years,' IBM X-Force research team said in its blog on
Tuesday.
The
bug, which is present in every version of Microsoft Windows from
Windows 95 onward, allows an attacker to remotely take over and control a
computer.
'We
reported this issue with a working proof-of-concept exploit back in May
2014, and today, Microsoft is patching it,' they said.
'It can be exploited remotely since Microsoft Internet Explorer (IE) 3.0.
'This complex vulnerability is a rare, 'unicorn-like' bug found in code that IE relies on but doesn't necessarily belong to it.
Microsoft finally fixed the flaw this week with a security patch it urged all users to download
'The bug can be used by an attacker for drive-by attacks to reliably run code remotely and take over the user's machine
'Looking at the original release code of Windows 95, the problem is present.'
Typically,
attackers use remote code execution to install malware, which may have
any number of malicious actions, such as keylogging, screen-grabbing and
remote access, the researchers say.
Source : Dailymail
0 comments :
Post a Comment