Home / / Microsoft patches 20-year-old Windows security flaw

Microsoft patches 20-year-old Windows security flaw

OLE-based vuln thought to be present in all versions of OS since 1995

Security threats, Microsoft Corporation

Microsoft yesterday patched a two-decades-old security flaw in Windows that allows malicious actors to remotely take control of entire systems, online media reported.

The vulnerability has existed since 1995, in all versions of Redmond's OS. It was reported this week by IBM security researcher, Robert Freeman, and patched by Microsoft yesterday, according to TechRadar.

The hole lies in OleAut32.dll, a code library used for linking files together, such as when a user includes an Excel spreadsheet in a Word document. When Microsoft included VBScript in Internet Explorer, attackers could gain access to systems through malicious websites.

In a security blog, Freeman described the bug as "unicorn-like", because of its rarity and the fact that it had remained undiscovered for so long.

"In this case, the buggy code is at least 19 years old and has been remotely exploitable for the past 18 years," he said.

Despite its longevity, Freeman indicated that the vulnerability had yet to be exploited in the wild, but prior to Microsoft's fix, he said it would be a "matter of time" before it was.