Artificial IntelligenceCryptocurrencyMetaverseCybersecurityTech Forward

Microsoft Just Closed a Security Gap That Affected Windows for Decades

June 17, 2016, 1:39 PM UTC
Microsoft Corp. Launches Windows 10 In Japan
A visitor tries out Microsoft Corp.'s Windows 10 operating system on a tablet device during a launch event in Tokyo, Japan, on Wednesday, July 29, 2015. The release of Microsoft's new Windows 10 operating system -- an event that in years past sparked a surge of computer buying -- will do little to ease the four-year sales slump that's been dogging the PC industry. Photographer: Kiyoshi Ota/Bloomberg via Getty Images
Photograph by Kiyoshi Ota — Bloomberg via Getty Images

Microsoft (MSFT) sewed up an important security vulnerability this week, which has apparently affected Windows for the past two decades, making it possible to hijack the data flowing over the victim’s network and run malicious code on targeted computers.

The so-called BadTunnel vulnerability was discovered by Yang Yu, the director of Tencent’s (TCEHY) Xuanwu security lab. It allows attacks through a variety of Microsoft products such as Internet Explorer, the new Edge browser and Microsoft Office, as well third-party applications.

Yu, who earned a $50,000 “bug bounty” for reporting the discovery to Microsoft, told security news website Dark Reading that BadTunnel had “probably the widest impact in the history of Windows.”

Get Data Sheet, Fortune’s technology newsletter.

“It can be exploited silently with a near perfect success rate,” he said.

That said, there’s no evidence that the vulnerability has been exploited. Microsoft’s patch this Tuesday listed it as “important” rather than “critical.”

Rather than being an isolated flaw, as such, BadTunnel is a vulnerability that’s made possible by a combination of problems in how Windows handles networking and how Internet Explorer and Edge handle web pages.

In theory, it would someone to attack devices on an intranet from outside the network, despite the use of a protective firewall. Its exploitation would involve duping the victim into visiting a bad web page using Microsoft’s browsers, opening a dodgy Office document, or inserting a malicious USB drive.

For more on cybersecurity, watch our video.

Microsoft’s patch covers all the versions of Windows back from 10 to Vista, as well as versions of Windows Server 2008 and 2012. Windows XP is no longer supported, but it is vulnerable.

Yu will give more information on how individuals and organizations can protect themselves at the Black Hat USA 2016 security conference, which kicks off at the end of July.