Microsoft announced the other day that there has been a critical security flaw in all versions of their operating system. It has existed in all versions of the Windows OS since Windows 95. So, I guess for the last 19 years the guys over at Microsoft have been looking at their computers and envisioning themselves running across the green hills of XP’s desktop instead of burying their minds in endless patches to try and ‘solve’ these continuous issues. Oh, wait a minute…
Seriously though, Microsoft has actually patched the 19 year old critical flaw in Windows, so there is no need to overly panic. Security researchers from IBM discovered the flaw earlier this year and notified the Redmond giants privately back in May. Apparently the rare bug can allow an attacker to remotely execute code on an affected system, simply by convincing Windows users to visit a URL in Internet Explorer.
IBM have said the exploit could have been be triggered on Internet Explorer 3.0 going forwards and that every currently supported version of Windows is affected. IBM researcher Robert Freeman said, “This vulnerability has been sitting in plain sight for a long time despite many other bugs being discovered and patched in the same Windows library.”
Although Microsoft is issuing patches for Windows 8.1, Windows 7, Windows Vista, and their server releases, the software giant stopped supporting Windows XP earlier in 2014. There is no evidence, as yet this bug is being exploited in the wild, but it has been given a rating of 9.3 out of 10 on the Common Vulnerability Scoring System (CVSS).
If I were you I would run Windows Update if you haven’t already.
[Image via komando]