A security researcher has found an 18 year old bug in Microsoft Windows.
Robert Freeman, security researcher for the IBM X-Force has found an exploitable vulnerability capable of affecting all versions of the Windows operating system. The “unicorn” bug is 18 years old and can be traced way back to Windows 95.
Freeman said that significant vulnerabilities can go undetected for a while but this bug was nearly two decades old and could have been exploited for the past 18 years. The unicorn bug was present in the system as far back as the first version of Windows 95. The researchers from IBM said they haven’t found evidence that the bug has been exploited but there’s an entire market for unknown software bugs where governments and hackers bid for ways to make them capable of hacking into computers. IBM said this particular unicorn bug could have raised a six figure number on the barely legal market.
This isn’t even the first time such mistakes were made and uncovered in several years after they were made. A Google engineer showed in 2010 a 17 year old Windows bug that affected all the 32-bit versions of the Windows operating system that could be used to control the PCs. A problem called “Shellshock” was discovered in September in a free package of software included in about 70 percent of all devices with an internet connection. Chet Ramey, the maintainer of the code said it could have been put there as long as 22 year ago.
The reasons it takes so long to discover these bugs are linked to the process of developing the software and reviewing it. The process of writing code is not as straight forward as building a bridge, where there is clearly defined each process and whether the project meets the specifications. Writing code is a much messier medium, it is difficult to know exactly how the pieces will come together and connect in the final product.
Numerous companies, including Microsoft, pay people who point out bugs in their products. But despite the efforts made by companies, it is impossible to tell just how many errors and bugs are out in the world, waiting to be uncovered, process that may take decades to complete.