WinShock: Microsoft (NASDAQ:MSFT)’s Achilles Heel Cured after 19 Years of Hiding

7

A bug, which no one knew even existed in Microsoft (NASDAQ:MSFT) software, has finally been dealt with today, after existing for over 19 years. The bug was hidden “in plain sight”, according to IBM (NYSE:IBM).

Discovery of the critical bug, which has literally stayed with Microsoft (NASDAQ:MSFT) ever since Windows 95 came out almost 20 years ago, was made by IBM (NYSE:IBM) in May of current year. According to the diagnostic conducted by IBM (NYSE:IBM), the bug exists within all versions of Windows as well as Office products released by Microsoft (NASDAQ:MSFT) throughout these past 19 years, including Windows 95.

The bug, termed WinShock by many (maybe because it has come as a shock to developers and users combined), is a dangerous loophole within the security system of all Microsoft (NASDAQ:MSFT) products released to date. It allows potential attackers to use it as a pathway to remotely control personal computers and steal confidential data which users may have on their machines.

A total of 14 patches have been released by Microsoft (NASDAQ:MSFT) with its monthly update of security to resolve the bug in all machines running Microsoft (NASDAQ:MSFT) software. Two patches are still in development, and will be released soon, eradicating the bug once and for all from within all the infected systems. Microsoft (NASDAQ:MSFT) has also issued an advisory notice, urging all its users to download the latest updates for their computer to protect them against threats originating from such a security loophole.

Talking about the bug in one of his blog posts, Robert Freeman, who is an IBM (NYSE:IBM) researcher, said that the bug allows attackers to conduct “drive-by” attacks on PCs, which means they can “reliably run code remotely and take over the user’s machine”.

In computer terminology, drive-by attacks work by forcing users to download software of malicious nature onto their machines. The severity of the security concern posed by bug has been measured as well. Testing on the Common Vulnerability Scoring System, aka CVSS, WinShock scored a whopping 9.3 points out of 10. This means this bug has posed a great security threat on all Windows devices for almost two decades without ever being noticed by anyone.

The news is especially shocking for website owners running their systems on Windows Server platform. For such website owners, WinShock amounts to the death penalty, as it opens doors for attackers to harvest encrypted data on their websites.

This year has been terrible for secure standards overall. Microsoft (NASDAQ:MSFT)’s Schannel is the latest addition to the list of secure standards which have had a major flaw discovered within their system this year. Other entries include GNUTLS, NSS, Apple SecureTransport, and OpenSSL.

However, WinShock has never surfaced as a grave security threat, and no one seems to have been attacked through this loophole in the past 19 years. But now, as news of its existence becomes public, IBM (NYSE:IBM) predicts an increase in the number of instances of cyber breach will naturally follow, especially on out-of-date machines.

The selling price of the bug in the black market to criminal hackers is estimated at over six figures.

Get Free Updates and Stock Alerts!



*We only send one email per week
Share.

Get Winning Stock Alerts!

Our track record speaks for itself! Our last 7 alerts have delivered combined gains in excess of 300% and there are no signs of slowing down. Join UltimateStockAlerts.com now before you miss out on our next big runner!

We will never sell or share your information.