Microsoft fixes a 19 year old Windows bug

By Silky Malhotra | Published on 13 Nov 2014

Microsoft releases patch for a 19 year old rare, ‘unicorn-like’ bug.

Microsoft fixes a 19 year old Windows bug

Dell Vostro

Power New Possibilities | Dell PCs starting at Rs.35,990*

Click here to know more


Microsoft has finally fixed a bug that plagued its Windows operating system undetected for the last 19 years. The flaw allowed a remote user to take over and control a computer and has been present in every version of the OS from Windows 95 onwards.

The IBM cyber-security team, discovered the malware in May and said it was a “significant vulnerability” in the operating system. The bug dubbed WinShock has been graded as 9.3 out of 10 on the Common Vulnerability Scoring System (CVSS), a measure of severity in computer security.

The flaw allowed any hacker to run code remotely whenever a user visited a malicious website. Microsoft has finally produced patches to fix the bug. The latest patch applies only to Windows Vista and higher devices as support for Windows XP ended in April.

IBM researcher Robert Freeman described it as a “rare, ‘unicorn-like’ bug found in code that IE [Microsoft Internet Explorer] relies on, but doesn’t necessarily belong to.”

"The bug can be used by an attacker for drive-by attacks to reliably run code remotely and take over the user's machine," Freeman wrote in a blog post.

IBM warns that the bug evaded detection for many years and states that more such undetected bugs could be out there. Security experts compared this latest flaw to other significant problems that had come to light this year such as the Heartbleed bug. However, they added that while its impact could be just as significant, it might be more difficult for attackers to exploit.

Gavin Millard, from Tenable Network Security, stated that although there has been no known attacks users should be careful.

"Whilst no proof-of-concept code has surfaced yet, due to Microsoft thankfully being tight-lipped on the exact details of the vulnerability, it won't be long until one does, which could be disastrous for any admin that hasn't updated.

"Is WinShock as bad as Heartbleed? At the moment, due to the lack of details and proof-of-concept code, it's hard to say, but a remote code execution vulnerability affecting all versions of Windows server on a common component like Schannel is up there with the worst of them."

Source: IBM Security Intelligence 

Silky Malhotra

Digit caters to the largest community of tech buyers, users and enthusiasts in India. The all new Digit in continues the legacy of as one of the largest portals in India committed to technology users and buyers. Digit is also one of the most trusted names when it comes to technology reviews and buying advice and is home to the Digit Test Lab, India's most proficient center for testing and reviewing technology products.

We are about leadership-the 9.9 kind! Building a leading media company out of India.And,grooming new leaders for this promising industry. Protection Status