Microsoft’s Windows 10 had a flaw that would allow hackers to easily break the forthcoming operating system. The long-standing bug was capable of bypassing all of Windows’ security measures, and it existed in every version of the OS from Windows XP to 10.
The vulnerability sat in Windows’ graphical user interface for more than 15 years, even though it sat in code that had gone unused for some time, according to security researcher Udi Yavo. The former chief of electronic warfare at Israeli defense contractor Rafael revealed the flaw this week after Microsoft patched it on Tuesday.
The bug could let attackers grant total access of Windows machines, Yavo said. It required “modifying only a single bit of the Windows operating system,” he wrote.
A bit of Microsoft software that manages Windows scrollbars, located in the Win32k system file, was to blame. Since it was so powerful, Yavo did not publish information about the hack until after it was fixed. The founder of cybersecurity firm Ensilo, Yavo said the code was carried through different versions of Windows “for about 15-years doing absolutely nothing.”
"After some work, we… have shown that even a minor bug can be used to gain complete control over any Windows operating system," Yavo said.