Microsoft patches two-decade crack in Windows software

Microsoft's Windows operating system powers about 90 percent of computers worldwide
Microsoft's Windows operating system powers about 90 percent of computers worldwide

Microsoft issued an emergency patch for a dangerous flaw that has existed in Windows operating software for nearly two decades.

The , disclosed by IBM security researchers, has been in every Windows operating system since 1995 and could allow a hacker to take control of computers after luring Internet Explorer browser users to booby-trapped Internet pages.

A hacker who successfully exploited the weakness could have the same control of a machine as the user, but taking advantage of the flaw was deemed "tricky" and there was no evidence hackers had managed to pull off such a move.

"We released Security Bulletin MS 14-064 to help protect customers against this issue and customers with automatic updates enabled do not need to take an action as they are automatically protected," Microsoft said in an email response to an AFP inquiry.

Robert Freeman of IBM X-Force said in a blog post: "This complex vulnerability is a rare, 'unicorn-like' bug found in code that IE relies on but doesn't necessarily belong to.

"The bug can be used by an attacker for drive-by attacks to reliably run code remotely and take over the user's machine."

The software fix, labeled "critical" by Microsoft, was one of 32 patches released by the US technology titan on Wednesday as part of its routine update cycle.

Windows powers about 90 percent of computers worldwide.


Explore further

Microsoft patching perilous hole in IE Web browser

© 2014 AFP

Citation: Microsoft patches two-decade crack in Windows software (2014, November 13) retrieved 19 September 2019 from https://phys.org/news/2014-11-microsoft-patches-two-decade-windows-software.html
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no part may be reproduced without the written permission. The content is provided for information purposes only.
0 shares

Feedback to editors

User comments

Nov 13, 2014
Critical??? It was there since w95? When we switched from Dos and w3.1 and had that much trouble configuring the network to play Doom?
Yeah, that's fun... Critical!

Nov 13, 2014
has been in every Windows operating system since 1995 and could allow a hacker to take control of computers after luring Internet Explorer browser users to booby-trapped Internet pages.

Seems like most users would be safe, then. Who the hell uses internet explorer?

Nov 14, 2014
Internet Explorer... again. What idiots still use this prog?

Nov 14, 2014
Uh, have you noticed that Windows' 'update' and 'help' often will, regardless of your browser settings ??

Nov 14, 2014
M$ is famous for ignoring RFCs and implementing buggy code that the user pays for in so many ways.

I quit buying licenses after I realized that I'd spent thousands of dollars paying for broken upgrades.

Fuck all that: I use Linux.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more