Microsoft released software patches Tuesday to fix a security vulnerability that has been active for 19 years in its widely used Windows operating system. A researcher with IBM discovered the bug in May, and described it as a “significant vulnerability.”
The bug allows hackers to remotely take control of a PC, and has been present in every version of Microsoft’s operating system since Windows 95. The bug was rated at 9.3 out of a possible 10 on the Common Vulnerability Scoring System, or CVSS, a measure of severity in computer security.
A blog post on IBM’s Security Intelligence website said that the bug had “been sitting in plain sight for a long time despite many other bugs being discovered and patched in the same Windows library.”
It added that the discovery of the vulnerability suggested that other bugs, yet to be discovered, “could lead to substantial exploitation scenarios.”
Microsoft has tackled the security issues that the bug raises by releasing 14 software patches in its monthly security update for Windows, according to a report from the BBC.
The security updates, however, will only be effective for users of Windows Vista or newer operating systems, according to PCWorld. Microsoft discontinued support for Windows XP, the next-most recent version of its Windows operating system, in April.