Microsoft patches two-decade crack in Windows software

Microsoft's Windows operating system powers about 90 percent of computers worldwide
Microsoft's Windows operating system powers about 90 percent of computers worldwide

Microsoft issued an emergency patch for a dangerous flaw that has existed in Windows operating software for nearly two decades.

The , disclosed by IBM security researchers, has been in every Windows operating system since 1995 and could allow a hacker to take control of computers after luring Internet Explorer browser users to booby-trapped Internet pages.

A hacker who successfully exploited the weakness could have the same control of a machine as the user, but taking advantage of the flaw was deemed "tricky" and there was no evidence hackers had managed to pull off such a move.

"We released Security Bulletin MS 14-064 to help protect customers against this issue and customers with automatic updates enabled do not need to take an action as they are automatically protected," Microsoft said in an email response to an AFP inquiry.

Robert Freeman of IBM X-Force said in a blog post: "This complex vulnerability is a rare, 'unicorn-like' bug found in code that IE relies on but doesn't necessarily belong to.

"The bug can be used by an attacker for drive-by attacks to reliably run code remotely and take over the user's machine."

The software fix, labeled "critical" by Microsoft, was one of 32 patches released by the US technology titan on Wednesday as part of its routine update cycle.

Windows powers about 90 percent of computers worldwide.

© 2014 AFP

Citation: Microsoft patches two-decade crack in Windows software (2014, November 13) retrieved 28 March 2024 from https://phys.org/news/2014-11-microsoft-patches-two-decade-windows-software.html
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no part may be reproduced without the written permission. The content is provided for information purposes only.

Explore further

Microsoft patching perilous hole in IE Web browser

0 shares

Feedback to editors