Microsoft has finally shattered the hazards of a bug that remained undetected for 19 years in its widely used operating systems.
The security flaw, termed as WinShock, was discovered in May by IBM researchers and since then they were working with Microsoft to fix the bug. During this period the security hole was hidden from public but now the Redmond giant has revealed the bug with patch to fix the problem.
Microsoft finally fixes 19-year-old bug
WinShock could be used to remotely run code on a computer if someone views a malicious webpage on Internet Explorer. Once the code deployed on the victim computer the machine will be in control of attacker remotely. The bug was reported to present in every version of Windows OS since its 95 edition.
IBM researcher Robert Freeman told,
“In some respects, this vulnerability has been sitting in plain sight for a long time despite many other bugs being discovered and patched in the same Windows library,” he continued, “it indicates that there may be other bugs still to be discovered.”
Freeman is working as researchers at IBM X-Force Research Team that found the existence of WinShock.
The bug scored 9.3 out of 10 on CVSS (Common Vulnerability Scoring System), which indicates its severity. However, IBM hasn’t discovered any exploitation of WinShock in the wild that means no PC got infected as the aftermaths of this bug.
Microsoft explained the threat posed by the bug in a FAQ, saying,
An attacker could have developed a special website to penetrate the code through Internet Explorer and then somehow convince a user to open the URL. The specially designed content could be in any form, such as advertisement or could be sent in email or messenger that takes users on the attacker website.
Microsoft said it has fixed bug in update, launched on Tuesday, the user who have enabled automatic update will have install the update on their own while others have to manually do this.
Copyright © 2019 Ghanalive.TV. All Rights Reserved.