Microsoft Corporation Finally Fixes 19-Year-Old Bug

2
Microsoft Corporation Finally Fixes 19-Year-Old Bug
efes / Pixabay

Microsoft Corporation (NASDAQ:MSFT) recently release an emergency patch to fix a 19-year-old software bug. Last May, researchers from International Business Machines Corp. (NYSE:IBM) first discovered the bug that affects both Windows and Office products.

Play Quizzes 4

Microsoft’s latest bug issue

The bug has been in every single version of Windows, starting with Windows 95. The bug presented a problem which would allow attackers to easily exploit the bug to control a computer via remote means. The software maker has since addressed the issue and issued 14 patches. The company plans to release two more patches.

This Too Value Fund Explains Why Turkey Is Ripe For Investment Right Now

TurkeyThe Talas Turkey Value Fund returned 9.5% net for the first quarter on a concentrated portfolio in which 93% of its capital is invested in 14 holdings. The MSCI Turkey Index returned 13.1% for the first quarter, while the MSCI All-Country ex-USA was down 5.4%. Background of the Talas Turkey Value Fund Since its inception Read More

Robert Freeman (researcher for IBM) elaborated in a blog post, “The bug can be used by an attacker for drive-by attacks to reliably run code remotely and take over the user’s machine.”

A drive-by attack means users are forced to download malicious software. IBM claims the bug has been sitting in plain sight. It also exists in the Windows Server Platforms, which puts the security of encrypted websites at risk. This is related to Microsoft’s Secure Channel (often referred to as Schannel), which is used to implement secure data transfer.

How the latest bug compares to Heartbleed

Schannel joins the long list of security standards discovered to have a major flaw. Other standards in this list include Apple SecureTransport, GNUTLS, OpenSSL, and NSS. This latest bug has been compared to Heartbleed, a bug that affected people last year. It was reported that though the recent bug could be just a significant as last year’s, it may be harder for attackers to exploit. The Heartbleed bug exploited vulnerabilities utilized transferred secure data (Secure Sockets Layer).

At press time, there is zero evidence the new bug was exploited before it was discovered. However, now that the bug is known to the public and the patches came out, it is likely there will be attacks on out of date machines. This bug would have been worth over six figures.

via: BBC

Updated on

No posts to display

2 COMMENTS

  1. sorry i have to call bs. what bug are you talking about? You want to talk bugs? Let’s talk about what Apple’s high school dropouts-turned-engineers did to BSD/Mach after they modified it and named it “MacOS X” and “iOS”.

Comments are closed.