IBM researcher finds flaw dating back to Windows 95
Posted by: Timothy Weaver on 11/12/2014 11:31 AM
[
Comments
]
Microsoft has patched a critical Windows vulnerability, along with the help of IBM, that has existed since the days of Windows 95.
Described by IBM researcher Robert Freeman, it is a “rare, ‘unicorn-like’ bug found in code that IE relies on but doesn’t necessarily belong to.”
The bug relies on a vulnerability in VBScript, which was introduced in Internet Explorer 3.0. But the good news is that the vulnerability has not been exploited as it would be technically tricky. A patch is being made to address the flaw but will only be available for Windows Vista and above.
What this shows is that vulnerabilities can evade detection for many years. IBM warns that there could be other, similar bugs that haven’t been discovered yet, with multiple exploitation techniques for attackers to install keyloggers, screen grabbers and remote access tools.
Described by IBM researcher Robert Freeman, it is a “rare, ‘unicorn-like’ bug found in code that IE relies on but doesn’t necessarily belong to.”
The bug relies on a vulnerability in VBScript, which was introduced in Internet Explorer 3.0. But the good news is that the vulnerability has not been exploited as it would be technically tricky. A patch is being made to address the flaw but will only be available for Windows Vista and above.
What this shows is that vulnerabilities can evade detection for many years. IBM warns that there could be other, similar bugs that haven’t been discovered yet, with multiple exploitation techniques for attackers to install keyloggers, screen grabbers and remote access tools.
Comments
