Mortimer Smythe Designs Oakland Web Design & Web Development Blog

19-year-old Vulnerability Discovered in Windows OS

Last week IBM confirmed that for the past 19 years, a bug has existed in every version of Windows. Graded as a 9.3 out of 10 on the Common Vulnerability Scoring System, a system measuring the severity in computer security flaws, attackers could exploit this bug to remotely control PCs. In its monthly security updates, Microsoft addressed the bug and urged users to download updates. So, how does a security bug go undiscovered for so long? Let’s investigate.

We know the Internet is dynamic. Software and technical specifications change often and as developers, it is our job to understand, manage and adapt systems to reflect these changes. The most important part of building a system is testing its functionality, and the most important tests are the ones that occur while the system is fully operational and live.

So, this vulnerability has been in the Windows system since the go-live date in 1995, is old enough to drive a car, vote in midterm elections and even avoid security detection. That is, until now. Now, keep in mind, this is a flaw in the 1995 code, it’s not something that’s been created recently: it is an original flaw. IBM researchers discovered this vulnerability because after a system goes live the work continues: programmers continue to test it, using the most up-to-date knowledge to insure that the users of a system are protected. It’s a part of a job well done. For the past 19 years, as technology has developed, programmers have continued testing and updating systems all the while.

Currently, no evidence exists to show that the flaw was ever exploited, but with the security update and patch released, it will be exponentially easier for hackers to identify and exploit this flaw. Users who delay updating could face disastrous results (those pop-up reminders don't seem so annoying now, do they?).

MS Security BugTechnological improvements enhance network and system security. As systems are updated, it’s important to have someone working with you to keep you up-to-date, too. As long as a system is live, it should be monitored. Contact us today to find out how we can help you keep your web properties and systems safe and working.