Page last updated at 11:36 GMT, Friday, 5 February 2010

Microsoft to patch 17-year-old computer bug

Windows 95 on sale, AP
The bug dates from the days of Windows NT 3.1

A 17-year-old bug in Windows will be patched by Microsoft in its latest security update.

The February update for Windows will close the loophole that dates from the time of the DOS operating system.

First appearing in Windows NT 3.1, the vulnerability has been carried over into almost every version of Windows that has appeared since.

The monthly security update will also tackle a further 25 holes in Windows, five of which are rated as "critical".

Home hijack

The ancient bug was discovered by Google security researcher Tavis Ormandy in January 2010 and involves a utility that allows newer versions of Windows to run very old programs.

Mr Ormandy has found a way to exploit this utility in Windows XP, Windows Server 2003 and 2008 as well as Windows Vista and Windows 7.

The patch for this vulnerability will appear in the February security update. Five of the vulnerabilities being patched at the same time allow attackers to effectively hijack a Windows PC and run their own programs on it.

STAYING SAFE ONLINE
Use security software that can tackle viruses and spyware
Use a firewall
Apply operating system updates as soon as they become available
Be suspicious of unsolicited e-mails bearing attachments
Keep your browser up to date

As well as fixing holes in many versions of Windows, the update also tackles bugs in Office XP, Office 2003 and Office 2004 for Apple Macintosh machines.

The bumper update is not the largest that Microsoft has ever released. The security update for October 2009 tackled a total of 34 vulnerabilities. Eight of those updates were rated as critical - the highest level.

In January 2010, Microsoft released an "out of band" patch for a serious vulnerability in Internet Explorer that was being exploited online. The vulnerability was also thought to be the one used to attack Google in China.

Following the attack on Google, many other cyber criminals started seeking ways to exploit the loophole.

Also this week, a security researcher has reported the discovery of a vulnerability in Internet Explorer that allows attackers to view the files held on a victim's machine.

Microsoft has issued a security bulletin about the problem and aims to tackle it at a future date. At the moment there is no evidence that this latest find is being actively exploited online.



Print Sponsor


SEE ALSO
In Pictures: Windows into history
20 Oct 09 |  Technology
Google phases out support for IE6
30 Jan 10 |  Technology
France in fresh Explorer warning
18 Jan 10 |  Technology
Germany issues Explorer warning
16 Jan 10 |  Technology
Microsoft patches Explorer hole
21 Jan 10 |  Technology
Microsoft launches free security
29 Sep 09 |  Technology
Microsoft readies bumper update
12 Oct 09 |  Technology

RELATED INTERNET LINKS
The BBC is not responsible for the content of external internet sites

FROM OTHER NEWS SITES
V3.co.uk Evernote for Windows 3.5.1 - 22 hrs ago
Telegraph Ask Rick: Connecting laptops to televisions, finding missing photos, getting copies of old manuals - 25 hrs ago
Information World Review Smell the coffee its good enough to drink - 32 hrs ago
TechWeb Microsoft Patch To Leave IE Hole Open - 37 hrs ago
Computing.co.uk Microsoft planning major security update - 46 hrs ago



FEATURES, VIEWS, ANALYSIS
Has China's housing bubble burst?
How the world's oldest clove tree defied an empire
Why Royal Ballet principal Sergei Polunin quit

BBC navigation

BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.

Americas Africa Europe Middle East South Asia Asia Pacific