Microsoft Fixes 19-Year-Old Bug that Existed Since Windows 95

Microsoft issued a patch on Tuesday to fix a bug in its Windows operating system that has been present for the past 19 years, according to Reuters.

The bug has remained undiscovered since Windows 95, and has presented an opportunity for hackers to remotely access and control a computer running Microsoft's Windows operating system.

The IBM X-Force cybersecurity research team discovered the bug back in May 2014, calling it a "significant data manipulation vulnerability" that allows a Windows computer to be remotely accessed and exploited.

"This complex vulnerability is a rare, "unicorn-like" bug found in code that IE relies on but doesn't necessarily belong to. The bug can be used by an attacker for drive-by attacks to reliably run code remotely and take over the user's machine," wrote IBM researcher Robert Freeman.

"This means that significant vulnerabilities can go undetected for some time. In this case, the buggy code is at least 19 years old and has been remotely exploitable for the past 18 years," Freeman added.

Microsoft has released several security updates to fix the bug; the summaries of which they detailed in their latest security bulletin.

The critical updates resolve the problems that "could allow remote code execution if a user views a specially crafted webpage using Internet Explorer," according to the company.

Cybersecurity specialist Gavin Millard notes, "Whilst no proof of concept code has surfaced yet, due to Microsoft thankfully being tight-lipped on the exact details of the vulnerability, it won't be long until one does which could be disastrous for any admin that hasn't updated."

"It is of critical importance that all versions of Windows are updated due to the ability of attackers to execute code on the server remotely, allowing them to gain privileged access to the network and lead to further exploitation such as infect hosts with malware or rootkits and the exfiltration of sensitive data," he added.