Business
Microsoft reports ‘critical’ flaw in Windows 7 and older
A critical flaw has been discovered in Windows 7 and older versions, Microsoft warned on Tuesday, urging customers to install a patch as soon as possible to avoid an incident similar to the WannaCry ransomware attack, which infected computers around the world.
The vulnerability in Remote Desktop Services is pre-authentication and requires no user interaction, which means that any malware using this flaw could propagate from computer to computer like the WannaCry ransomware attack in 2017.
“It is important that affected systems are patched as quickly as possible to prevent such a scenario from happening,” said Simon Pope, director of incident response at Microsoft. “In response, we are taking the unusual step of providing a security update for all customers to protect Windows platforms, including some out-of-support versions of Windows.”
The flaw, which Microsoft described as “critical,” enables an attacker to execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
If you have Windows 7, Windows Server 2008 R2, or Windows Server 2008, go to the Microsoft website (click here) or use Windows Update. If you have Windows XP or Windows Server 2003, click here to download the patch from the Microsoft website.
There is currently no indication that the flaw is already being exploited, but Microsoft said it is “highly likely” that malicious actors will soon write an exploit to incorporate it into malware. Systems running Windows 8 and Windows 10 are not affected.
Computers which use Network Level Authentication (NLA) are partially protected, Microsoft said, but an attacker with valid credentials could still exploit the vulnerability. “It is for these reasons that we strongly advise that all affected systems – irrespective of whether NLA is enabled or not – should be updated as soon as possible,” Pope said.
About 34 percent of Windows desktop computers are running Windows 7, which was released in 2009, according to StatCounter. Only 1.6% of desktop computers are still using Windows XP, but some other systems – including many ATM machines – still rely on it. The WannaCry attack also revealed that parts of the UK’s National Health Service are still using Windows XP.
5 injured in stabbing attack in Germany; Syrian suspect at large
Joe Biden diagnosed with aggressive form of prostate cancer
3 dead, 6 injured in shooting at bar in Macon, Georgia
Bomber of California fertility clinic identified, described himself as pro-mortalist
-
Legal2 days agoBomber of California fertility clinic identified, described himself as pro-mortalist
-
US News2 days ago1 killed in car bombing at Palm Springs, California fertility clinic
-
World6 days ago6.1 earthquake strikes near Greek islands, shaking felt in Israel and Egypt
-
World1 week ago1 dead, 2 injured after hot air balloon fire in Mexico
-
Politics1 week agoNewark Mayor Ras Baraka arrested during protest at ICE facility
-
Politics1 week agoMexico cites legal action in push for Google to revise Gulf naming
-
US News20 hours agoJoe Biden diagnosed with aggressive form of prostate cancer
-
Legal1 week ago4 found dead from apparent gunshot wounds in Montana home