Microsoft issued patches on Tuesday to fix a bug in its Windows operating system that remained undiscovered for 19 years.

Microsoft has patched a critical bug in its software that had existed for 19 years.

IBM researchers discovered the flaw, which affects Windows and Office products, in May this year – but worked with Microsoft to fix the problem before going public.

The bug had been present in every version of Windows since 95, IBM said.

Attackers could exploit the bug to remotely control a PC, and so users are being urged to download updates.

Microsoft has addressed the problem in its monthly security update – releasing 14 patches, with two more expected to be rolled out soon.

In a blog post explaining the vulnerability in depth, IBM researcher Robert Freeman wrote: “The bug can be used by an attacker for drive-by attacks to reliably run code remotely and take over the user’s machine.”

In computer security, a drive-by attack typically means making users download malicious software.

The bug had been “sitting in plain sight”, IBM said.

The vulnerability – dubbed WinShock by some – has been graded as 9.3 out of a possible 10 on the Common Vulnerability Scoring System (CVSS), a measure of severity in computer security.

Source