Microsoft has released a patch for Windows 8.1 and Windows 7 to address a bug that has been around for quite some time, over 19 years to be exact.
The bug has apparently been around since the introduction of Windows 95, which launched over 19 years ago. The bug was discovered by Robert Freeman, a researcher at IBM, who notified Microsoft of the bug back in May of this year.
Discovery and Impact of the Bug
We reported this issue with a working proof-of-concept exploit back in May 2014, and today, Microsoft is patching it. It can be exploited remotely since Microsoft Internet Explorer (IE) 3.0. This complex vulnerability is a rare, “unicorn-like” bug found in code that IE relies on but doesn’t necessarily belong to. The bug affects a critical component of the Windows operating system, making it a significant security risk.
The bug apparently affects all current versions of Windows that Microsoft supports, as well as older versions of Windows all the way back to Windows 95. This means that millions of computers worldwide were potentially vulnerable to this exploit for nearly two decades. The fact that it took so long to discover and patch highlights the complexity and depth of the Windows operating system’s codebase.
Technical Details and Microsoft’s Response
The vulnerability lies in the Windows Object Linking and Embedding (OLE) technology, which allows applications to share data and functionality. Specifically, the bug is related to how OLE handles memory, which can be manipulated by an attacker to execute arbitrary code. This could potentially allow an attacker to take control of an affected system, steal sensitive information, or install malicious software.
Microsoft’s response to this discovery has been swift and comprehensive. The company has released patches for all affected versions of Windows, including Windows 7, Windows 8.1, and even older versions like Windows XP, which is no longer officially supported. This demonstrates Microsoft’s commitment to security and its willingness to protect its users, even those on outdated systems.
You can find out more information about the bug over at Microsoft at the link below. As of now, there is no evidence that the bug has been exploited in the wild. However, the potential for exploitation was significant, and the patch is a crucial step in ensuring the security of Windows users.
Source, The Verge
The discovery and patching of this 19-year-old bug is a reminder of the importance of ongoing security research and vigilance. It also underscores the complexity of modern software and the challenges involved in maintaining its security over time. Users are encouraged to apply the latest updates and patches to their systems to protect against potential vulnerabilities.
Latest Geeky Gadgets Deals
Disclosure: Some of our articles include affiliate links. If you buy something through one of these links, Geeky Gadgets may earn an affiliate commission. Learn about our Disclosure Policy.
