Microsoft has patched a 19 year old critical flaw in Windows that has existed in every version since the introduction of Windows 95. It has taken Redmond since May to come up with a fix for the flaw, which was spotted by IBM security researchers.
The rare bug allows attackers to remotely execute code on an affected system just by convincing Windows users to visit a URL in Internet Explorer. IBM says the exploit can be triggered on Internet Explorer 3.0 onwards, and every currently supported version of Windows is affected.
What is stranger is that the vulnerability has been sitting in plain sight for a long time despite many other bugs being discovered and patched in the same Windows library. Redmond is providing patches for Windows 8.1, Windows 7, Windows Vista, and its various server releases, the company stopped supporting Windows XP so if you are dumb enough to still run that OS you could be in real trouble.
There’s no evidence this bug is being exploited in the wild yet, but it has been rated 9.3 out of 10 on the Common Vulnerability Scoring System (CVSS).