Home / / Microsoft patches 20-year-old Windows security flaw

Microsoft patches 20-year-old Windows security flaw

OLE-based vuln thought to be present in all versions of OS since 1995

Microsoft patches 20-year-old Windows security flaw

Microsoft yesterday patched a two-decades-old security flaw in Windows that allows malicious actors to remotely take control of entire systems, online media reported.

The vulnerability has existed since 1995, in all versions of Redmond's OS. It was reported this week by IBM security researcher, Robert Freeman, and patched by Microsoft yesterday, according to TechRadar.

The hole lies in OleAut32.dll, a code library used for linking files together, such as when a user includes an Excel spreadsheet in a Word document. When Microsoft included VBScript in Internet Explorer, attackers could gain access to systems through malicious websites.

In a security blog, Freeman described the bug as "unicorn-like", because of its rarity and the fact that it had remained undiscovered for so long.

"In this case, the buggy code is at least 19 years old and has been remotely exploitable for the past 18 years," he said.

Despite its longevity, Freeman indicated that the vulnerability had yet to be exploited in the wild, but prior to Microsoft's fix, he said it would be a "matter of time" before it was.

Follow us to get the most comprehensive IT Security news delivered fresh from our social media accounts on Facebook, Twitter, Youtube, and listen to our Weekly Podcast. Click here to sign up for our weekly newsletter on curated technology news in the Middle East and Worldwide.