Microsoft just fixed a two-decades-old Windows security bug

Better late than never

Windows 10

Microsoft has issued a patch for a security bug that, unbeknownst to anyone, has plagued every version of Windows since Windows 95.

The bug, had anyone actually discovered it before now, apparently could have allowed attackers to set up websites that let them run code remotely on your machine, even taking it over, if you visited them.

An IBM research team discovered the exploit earlier this year, and Microsoft just now patched it.

Luckily the researchers - IBM's corny-named "X-Force" - "hasn't found any evidence of exploitation of this particular bug in the wild," IBM's Robert Freeman wrote on IBM's Security Intelligence blog.

Hindsight

Freeman described the bug as "rare" and "unicorn-like" both because it sidesteps all of Internet Explorer's and Windows' built-in protections, and because it went so long undetected.

Hindsight is 20/20, and in hindsight Microsoft probably should have noticed this serious security issue back when it was introduced almost 20 years ago.

But no harm, no foul, we guess, and it at least makes for a good headline.

Via PC World

Article continues below