Article Lead Image

Microsoft discovered a 19-year-old exploit—here’s how you fix it

If it went unnoticed this long, then God knows how many others are out there.


Rob Price


Apple’s been in the news over the past few days for two glaring bugs in its software, relating to disappearing iMessage texts and a vulnerability that lets malware disguise itself as legitimate apps. But these pale in comparison compared to an issue recently discovered by Microsoft—a “critical bug” in its software that has existed unmatched for the past 19 years.

Discovered by IBM security researcher Robert Freeman, the vulnerability can be used by hackers to “reliably run code remotely and take over the user’s machine.” And it’s been present without fail in every Microsoft Operating System (OS) since Windows 95.

It has, Freeman writes, “been sitting in plain sight.”

IBM first identified the bug in May 2014 and quietly provided Microsoft with a proof-of-concept; the announcement today comes as Microsoft rolls out a monthly security update to fix it.

The bug affects Microsoft Server platforms, the BBC reports, meaning businesses that handle highly sensitive encrypted data could be at risk. The seriousness of the issue means knowledge of the bug likely would have “fetched six figures” if sold on the “gray market”—though there’s not yet any evidence of the exploit being used “in the wild.” 

Now that the exploit has been made public, however, it’s likely that some people will try their luck—even with the update rolling out today. So if you want to avoid being screwed over by a two-decade-old mistake, then make sure you update. Today. As in now. 

H/T BBC | Photo via Northsky71/Flickr (CC BY SA 2.0) | Remix by Fernando Alfonso III


Share this article

*First Published:

The Daily Dot