Armory Staff Posted November 12, 2014 Share Posted November 12, 2014 /files/u69/windows_95_setup.jpgA critical bug went unaddressed since Windows 95 The second Tuesday of every month is known as Patch Tuesday for Windows users, and if you didn't install yesterday's batch of security updates, there's a good reason why you might want to put it on your short-term list of things to do. One of the patches in yesterday's Tuesday roundup addresses a critical bug in Windows that went unnoticed for 19 years and is present in every version of the OS from Windows 95 on up. A security researcher for IBM discovered the bug, which an attacker use can use for drive-by attacks to remotely run code and take over a victim's PC. The vulnerability also allows a remote attacker to sidestep the Enhanced Protected Mode (EPM) sandbox in Internet Explorer 11, as well as the Enhanced Mitigation Experience Toolkit (EMET) anti-exploitation tool Microsoft offers for free, the researcher says. The bug affects Windows Server platforms as well. It's been compared to Heartbleed in potential severity, and though it doesn't appear it's been exploited in the wild, nor does a proof-of-concept exist, now that it's been made public, there could be attacks on unpatched systems. Follow Paul on Google+, Twitter, and Facebook View the full article Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.