Business
Microsoft reports ‘critical’ flaw in Windows 7 and older
A critical flaw has been discovered in Windows 7 and older versions, Microsoft warned on Tuesday, urging customers to install a patch as soon as possible to avoid an incident similar to the WannaCry ransomware attack, which infected computers around the world.
The vulnerability in Remote Desktop Services is pre-authentication and requires no user interaction, which means that any malware using this flaw could propagate from computer to computer like the WannaCry ransomware attack in 2017.
“It is important that affected systems are patched as quickly as possible to prevent such a scenario from happening,” said Simon Pope, director of incident response at Microsoft. “In response, we are taking the unusual step of providing a security update for all customers to protect Windows platforms, including some out-of-support versions of Windows.”
The flaw, which Microsoft described as “critical,” enables an attacker to execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
If you have Windows 7, Windows Server 2008 R2, or Windows Server 2008, go to the Microsoft website (click here) or use Windows Update. If you have Windows XP or Windows Server 2003, click here to download the patch from the Microsoft website.
There is currently no indication that the flaw is already being exploited, but Microsoft said it is “highly likely” that malicious actors will soon write an exploit to incorporate it into malware. Systems running Windows 8 and Windows 10 are not affected.
Computers which use Network Level Authentication (NLA) are partially protected, Microsoft said, but an attacker with valid credentials could still exploit the vulnerability. “It is for these reasons that we strongly advise that all affected systems – irrespective of whether NLA is enabled or not – should be updated as soon as possible,” Pope said.
About 34 percent of Windows desktop computers are running Windows 7, which was released in 2009, according to StatCounter. Only 1.6% of desktop computers are still using Windows XP, but some other systems – including many ATM machines – still rely on it. The WannaCry attack also revealed that parts of the UK’s National Health Service are still using Windows XP.
Fire at migrant detention facility on U.S.-Mexico border kills at least 39
Texas Amber Alert: Summer Moore missing from Houston
Staff member of U.S. Senator Rand Paul stabbed in D.C.
China reports human case of H3N8 bird flu
Woman opens fire at Tennessee elementary school, killing 6
Mexico earthquake caused waves at California’s Death Valley
WATCH: Helicopter crashes in front of beachgoers in Miami
WATCH: President Biden delivers statement on Ukraine crisis
WATCH: First presidential debate between Donald Trump and Joe Biden
Bridge collapses in eastern Taiwan, at least 6 missing
-
World18 hours agoChina reports human case of H3N8 bird flu
-
World1 week agoStrong earthquake hits Ecuador, at least 15 dead
-
Legal1 day ago
Woman opens fire at Tennessee elementary school, killing 6
-
World9 hours ago
Fire at migrant detention facility on U.S.-Mexico border kills at least 39
-
World7 days agoStrong earthquake hits Afghanistan and Pakistan, at least 12 dead
-
World7 days agoTanzania declares outbreak of Ebola-like Marburg virus
-
US News2 days ago2 tigers escape after tornado hits Georgia zoo
-
World5 days agoAlert in central Mexico after theft of radioactive material