On Tuesday, Microsoft fixed an exploit that had existed in every version of the operating system for 19 years, since Windows 95 by issuing large number of updates to currently supported versions of Windows.
The flaw was first discovered by IBM in May and it shared that information privately with Microsoft.
IBM stated:
"This complex vulnerability is a rare, "unicorn-like" bug found in code that IE relies on but doesn't necessarily belong to. The bug can be used by an attacker for drive-by attacks to reliably run code remotely and take over the user's machine — even sidestepping the Enhanced Protected Mode (EPM) sandbox in IE 11 as well as the highly regarded Enhanced Mitigation Experience Toolkit (EMET) anti-exploitation tool Microsoft offers for free."
IBM said this flaw has allowed every version of Windows to be remotely exploited since the release of Internet Explorer 3.0 in 1996. So far, there's no evidence that hackers have found and have been using this security hole for attacks. However, the BBC quotes Gavin Millard, from Tenable Network Security, as saying:
"Whilst no proof-of-concept code has surfaced yet, due to Microsoft thankfully being tight-lipped on the exact details of the vulnerability, it won't be long until one does, which could be disastrous for any admin that hasn't updated."
The biggest concern is for all those users who are still using Windows XP, which is not supported by Microsoft any more. The latest statistics for October by Net Applications showed that 17.18% users are still running Windows XP worldwide.
If you haven't done it; Update your Windows now. How concerned are you about this Windows "bug" ?
0 comments :
Post a Comment