Business
Microsoft reports ‘critical’ flaw in Windows 7 and older
A critical flaw has been discovered in Windows 7 and older versions, Microsoft warned on Tuesday, urging customers to install a patch as soon as possible to avoid an incident similar to the WannaCry ransomware attack, which infected computers around the world.
The vulnerability in Remote Desktop Services is pre-authentication and requires no user interaction, which means that any malware using this flaw could propagate from computer to computer like the WannaCry ransomware attack in 2017.
“It is important that affected systems are patched as quickly as possible to prevent such a scenario from happening,” said Simon Pope, director of incident response at Microsoft. “In response, we are taking the unusual step of providing a security update for all customers to protect Windows platforms, including some out-of-support versions of Windows.”
The flaw, which Microsoft described as “critical,” enables an attacker to execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
If you have Windows 7, Windows Server 2008 R2, or Windows Server 2008, go to the Microsoft website (click here) or use Windows Update. If you have Windows XP or Windows Server 2003, click here to download the patch from the Microsoft website.
There is currently no indication that the flaw is already being exploited, but Microsoft said it is “highly likely” that malicious actors will soon write an exploit to incorporate it into malware. Systems running Windows 8 and Windows 10 are not affected.
Computers which use Network Level Authentication (NLA) are partially protected, Microsoft said, but an attacker with valid credentials could still exploit the vulnerability. “It is for these reasons that we strongly advise that all affected systems – irrespective of whether NLA is enabled or not – should be updated as soon as possible,” Pope said.
About 34 percent of Windows desktop computers are running Windows 7, which was released in 2009, according to StatCounter. Only 1.6% of desktop computers are still using Windows XP, but some other systems – including many ATM machines – still rely on it. The WannaCry attack also revealed that parts of the UK’s National Health Service are still using Windows XP.
-
World1 week agoFire at electrical substation causes widespread blackout in West London
-
Legal1 week ago18 people shot, 3 killed, at Las Cruces, New Mexico park
-
Health6 days ago3-year-old child dies from H5N1 bird flu in Cambodia
-
World5 days agoMagnitude 6.7 earthquake strikes off southern New Zealand; tsunami advisory issued
-
Health5 days agoUK confirms world’s first case of H5N1 bird flu in a sheep
-
World6 days agoVan crash in northern Mexico kills 11; triggers wildfire
-
Legal2 days agoIdaho Amber Alert: Camilia Perez abducted in Nampa
-
World1 week agoIndonesia raises highest volcano alert as Mount Lewotobi Laki erupts