Microsoft finally fixes 19yo ‘rare, unicorn-like’ bug
The bug was present in every version of the OS from Windows 95 onwards, and allows a remote user to take over and control a computer.
Any attacker could run code remotely whenever a user visited a malicious website. IBM researcher Robert Freeman described it as a “rare, ‘unicorn-like’ bug found in code that IE [Microsoft Internet Explorer] relies on, but doesn’t necessarily belong to.”
Microsoft has now produced patches which it began issuing on Tuesday to fix the bug. The IBM cyber-security team, which produces the hardware for Microsoft software, discovered the malware in May and said it was a “significant vulnerability” in the operating system.
"The bug can be used by an attacker for drive-by attacks to reliably run code remotely and take over the user's machine," Freeman wrote in a blog post.
However, IBM also warned there could still be other undetected bugs out there.
— Glen Gooding (@gg00ding) November 12, 2014