A new Microsoft bug patch fixes a critical flaw which has persisted in every Windows version since 95.

A new Microsoft bug patch was recently released for Windows users, after IBM researchers discovered the flaw last May. The 14-patch release (with two more to come) was made public only after a solution to the flaw was finalized.

IBM says the bug is in every Windows version since Windows 95, and advises users to download and install the patch as soon as possible.

Hackers can exploit the flaw to run codes remotely and commandeer users' computers. IBM researcher Robert Freeman details in a blog post:

"We reported this issue with a working proof-of-concept exploit back in May 2014, and today, Microsoft is patching it. It can be exploited remotely since Microsoft Internet Explorer (IE) 3.0. This complex vulnerability is a rare, "unicorn-like" bug found in code that IE relies on but doesn't necessarily belong to. The bug can be used by an attacker for drive-by attacks to reliably run code remotely and take over the user's machine..."

The same flaw also affects Microsoft's Windows Server platforms, which endangers the protected data of secure websites. The bug is similar to Hearbleed, which exploits the vulnerability of Secure-Socket Layer technology.

It's yet to be reported if the bug is being exploited in the open, though it's more likely now that the flaw and the patch has been made public. Older systems and servers are at risk.

The new Microsoft bug patch leaves out Windows XP in the cold, though, as the company withdraws support for the OS. The flaw (dubbed WinShock) is reportedly "sitting in plain sight," and has evaded countless fixes and patches released for the Windows library.

"Is WinShock as bad as Heartbleed? At the moment, due to the lack of details and proof-of-concept code, it's hard to say, but a remote code execution vulnerability affecting all versions of Windows server on a common component like Schannel is up there with the worst of them." (bbc.com)