It is February and it is time to update some patches. A 17-year-old bug in Windows will be patched by Microsoft in its latest security update. A 17-year-old bug in Windows will be patched by Microsoft in its latest security update.
This ancient bug was discovered by Google security researcher Tavis Ormandy in January 2010 and involves a utility that allows newer versions of Windows to run very old programs. Mr Ormandy has found a way to exploit this utility in Windows XP, Windows Server 2003 and 2008 as well as Windows Vista and Windows 7. The patch for this vulnerability will appear in the February security update. Five of the vulnerabilities being patched at the same time allow attackers to effectively hijack a Windows PC and run their own programs on it.
The February update for Windows will close the loophole that dates from the time of the DOS operating system. First appearing in Windows NT 3.1, the vulnerability has been carried over into almost every version of Windows that has appeared since. The monthly security update will also tackle a further 25 holes in Windows, five of which are rated as “critical”.
In January 2010, Microsoft released an “out of band” patch for a serious vulnerability in Internet Explorer that was being exploited online. The vulnerability was also thought to be the one used to attack Google in China. Following the attack on Google, many other cyber criminals started seeking ways to exploit the loophole.
The patch for this vulnerability is included in the February security update. Five of the vulnerabilities being patched at the same time allow attackers to effectively hijack a Windows PC and run their own programs on it. So start checking the Windows Update site to check for the patches and patch them right away. You never know there is already a hacker running his programs in your PC or laptop.