Microsoft fixes 19-year-old Windows bug

[fredlaso]

It will be interesting to see if MS also offer a fix for Win 95, Win ME , Win 2000, and Win XP users as well . In any other industry you would not be able to get away with selling a defective product. Imagine you were a car manufacturer and you also relied on your customers to do their own crash tests and report any bugs in the design!

Microsoft fixes 19-year-old Windows bug

Quote Reuters

(Reuters) - Microsoft Corp issued patches on Tuesday to fix a bug in its Windows operating system that remained undiscovered for 19 years.

The bug, which is present in every version of Microsoft Windows from Windows 95 onward, allows an attacker to remotely take over and control a computer.

IBM Corp's cybersecurity research team discovered the bug in May, describing it as a "significant vulnerability" in the operating system.

"The buggy code is at least 19 years old and has been remotely exploitable for the past 18 years," IBM X-Force research team said in its blog on Tuesday.

(Reporting by Soham Chatterjee in Bangalore; Editing by Saumyadeb Chakrabarty)

[212eta]

Hurray! :towel:

[Karamjit]

......And now we must ask Satya Nadella why Windows is not a 'Cancer' because their Steve Ballmer used to say that Linux is nothing more than a Cancer

[Enigmatism]

The bug was probably an intentional backdoor that was built to allow this to happen.

[HX1]

Nice to know after all these years... LOL Funny thing is that I am guessing not even vulnerability scanners ( grey hat ) and testers have not ever detected it.. Unless we already have closed it or something in some other way...

[davmil]

The bug was probably an intentional backdoor that was built to allow this to happen.

You're probably 1/2 right. An intentional backdoor for debugging rather than something evil more likely.

[SnakeMasteR]

[Sonar]

what? 18 year old code? I thought these latest windows was re-coded to this generation coding? good luck windows 10 if this is the case oo

[CODYQX4]

what? 18 year old code? I thought these latest windows was re-coded to this generation coding? good luck windows 10 if this is the case oo

Windows in their insane need to bend over backwards to support ancient apps and businesses that aren't going to upgrade anyway, is a festering pile of old code and hacks.

Tell me why anyone who would NEED to run a 16-Bit app, would magically decide to add the latest OS to what must be a really old setup. But I do remember them fixing a 20 year old bug in that code in Windows 7 x86 and all older OS, and this article reminds me of that.

I bet the DLLs still have ancient DOS icons. I mean, Windows 7 does, and they can't even be bothered to change them for the new OS (hence the smattering of Vista Icons with the Windows 10 TP icons which clash real bad to me.

[jackieo]

Ok heres one for you all....

remember back in 2002? when XP SP1 came out?

Here is the show I was watching at the time - remember Tech TV?

This is "The Screen Savers" show (their advanced computer show for enthusiasts)

that covers the gaping hole in XP ( fixed by SP1) that was wide enough to drive a truck thru!

roll the video up to 34:15 for the XP SP1 segment of the show

(that segment runs about 10 mins ;) )

the entire show...enjoy a blast from the past!

[CODYQX4]

Yeah RTM XP was so insecure, browsing damn near any site could get stuff detected as bad by Spybot and Ad-Aware. Didn't even need to be obviously shady sites.

Sadly that is coming back with ads all over again.

[banned]

Microsoft wants us to believe newer versions of Windows are extra secure, but we still had to patch every Windows version since XP for this same critical flaw... Compatibility for legacy applications already went out the window since Vista, so that's not really the issue here. The issue is Windows sharing much of the same core as the original NT and earlier. To make things worse, the code that /has/ actually been re-written just adds more security holes that are not present in earlier versions of Windows..

It will be interesting to see if MS also offer a fix for Win 95, Win ME , Win 2000, and Win XP users as well .

Doubtful. But Windows XP does have its bases covered somewhat, IF administrators fool Windows Update into thinking we have the embedded version. At least there's that..

[CODYQX4]

Microsoft wants us to believe newer versions of Windows are extra secure, but we still had to patch every Windows version since XP for this same critical flaw... Compatibility for legacy applications already went out the window since Vista, so that's not really the issue here. The issue is Windows sharing much of the same core as the original NT and earlier. To make things worse, the code that /has/ actually been re-written just adds more security holes that are not present in earlier versions of Windows..

It will be interesting to see if MS also offer a fix for Win 95, Win ME , Win 2000, and Win XP users as well .

Doubtful. But Windows XP does have its bases covered somewhat, IF administrators fool Windows Update into thinking we have the embedded version. At least there's that..

Not at all with Vista. They've put in so many ass backwards "features". An example is that apps used to assume full admin and write straight to Program Files. So, now you have "VirtualStore" which can cause buggy apps to silently dump a file and read it fine, to some folder, maskign the problem. Better that app blow up in the devs face in debugging than hiding it like that.

I've had to resort to awful methods to truly forward-compatible detect OS version, because MS "helps" by lying and saying that 8.1 and 10 are actually 8.0, through official, massively widespread used API calls, that many tutorials are going to use.

[Ponting]

//www.nsaneforums.com/topic/234293-newly-discovered-old-windows-vulnerability-exploited-via-major-bulgarian-website/