Microsoft fixes ’19-year-old’ bug

IBM researchers discovered the flaw, which affects Windows and Office products, in May this year – but worked with Microsoft to fix the problem before going public.

The bug had been present in every version of Windows since 95, IBM said. Attackers could exploit the bug to remotely control a PC, and so users are being urged to download updates.” (BBC, 12 November,

Wow, fixing a critical bug in the software that had existed for 19 years. 19 years!

I can’t even estimate the amount of testing hours Microsoft did over the years, 19 years it took them to find this bug. According to IBM the bug had been “sitting in plain sight”. (how rude to hide in plain sight)

So this happened to Microsoft, could it happen to all of us? Missing a bug, missing a critical bug for 19 years? Even if you test the software, you asked those testers to test “all” didn’t you? Making a decision to release the software with that bug?


Yes it happens all the time, because we seem to forget/ignore the fact that testing is sampling. There is no way you can test 100% of your software product. You don’t have the time and money to do it. Sure you are testing “risk based” perhaps even in an agile environment.  It is no guarantee you find all your critical bugs.

Microsoft just reminded me of the lesson that you never know all the information about the quality of the product at the time you need it. I’ll apply this lesson next time I hear some saying “I’m done with the testing”.