Microsoft patches 19-year-old windows bug

Dohc-WP

Ron Burgundy
Microsoft has patched a critical vulnerability present in all versions of Windows since Windows 95.

The bug, which was discovered by IBM researchers back in May, allows attackers to remotely run code and take over a user’s machine after sending them to a malicious website. The exploit is linked to Internet Explorer 3.0 and onward, so all versions of Windows are at risk.

"In some respects, this vulnerability has been sitting in plain sight for a long time despite many other bugs being discovered and patched in the same Windows library," said IBM researcher Robert Freeman. "...it indicates that there may be other bugs still to be discovered."

The vulnerability rates a 9.3 out of 10 on the Common Vulnerability Scoring System (CVSS). Though IBM has found no evidence of the bug being exploited in the wild as of yet, all Windows users are advised to install the update immediately.

In September, Microsoft announced Windows 10, which will be available in late 2015.

Source: IGN
 
People are still using Windows 95?

Why focus on such an old OS? Is it a personal achievement for Microsoft?
 
People are still using Windows 95?

Why focus on such an old OS? Is it a personal achievement for Microsoft?

It's not isolated to Windows 95, it's all versions of Windows since Windows 95, including Windows 95.

The exploit is linked to Internet Explorer 3.0 and onward, so all versions of Windows are at risk.

But I would guess there are very few people still using Windows 95 (but many using XP). All versions of Windows below Vista are not officially supported by Microsoft any more.
 
It's not isolated to Windows 95, it's all versions of Windows since Windows 95, including Windows 95.



But I would guess there are very few people still using Windows 95 (but many using XP). All versions of Windows below Vista are not officially supported by Microsoft any more.

So bugs are being carried over from one OS to another. These OSs are built on the same foundation(s) as they predecessors, with the inclusion of newer and better features...?
 
So bugs are being carried over from one OS to another. These OSs are built on the same foundation(s) as they predecessors, with the inclusion of newer and better features...?

From the description provided, it looks like it's linked to Internet Explorer and not necessarily the OS itself. However considering that IE has been bundled with every version of Windows since 95, it is inherently tied to the OS. It's probably legacy code from the older versions of IE that is used to support older websites. Something like that.

Edit: Full technical details of the bug for those who are interested:

http://securityintelligence.com/ibm...nerability-in-microsoft-windows/#.VGRwGvmUdKb
 
Last edited:
Back
Top