Microsoft offers security update to fix critical issue in older Windows systems

Microsoft offers security update to fix critical issue in older Windows systems

That flaw, spotted by researchers at NCC Group, is a logic vulnerability that can be exploited to gain "remote access to a host's storage via Edge, Internet Explorer, Firefox and Chrome on Microsoft Windows by a malicious Citrix server". According to the company, the Remote Desktop Protocol itself is not susceptible, but that the vulnerability is pre-authentication and requires no user interaction.

Microsoft said the vulnerability is "wormable", which means attackers could use it to spread malware across devices in a similar manner to the way WannaCry spread in 2017.

Microsoft says it has not yet observed any exploitation of the vulnerability. THe affected operating system builds include: Windows 7, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, and Windows XP.

Microsoft has posted patches for the two latter versions of Windows but strongly suggests users upgrade to newer variants of the operating system.

Users running Windows 8 and Windows 10 aren't at risk of this particular exploit, although it's always wise to keep up to date with the latest security patches regardless. It explains "Microsoft invests heavily in strengthening the security of its products, often through major architectural improvements that are not possible to backport to earlier versions of Windows".

More news: Black Mirror Season 5 Trailer And Release Date Revealed
More news: Apple Releases New TV App
More news: Justin Thomas withdraws from PGA Championship with wrist injury

'There is partial mitigation on affected systems that have Network Level Authentication (NLA) enabled. But this flaw is so serious that Microsoft has also issued a patch for Windows XP and its server brethren, which officially died five years ago.

Of all those vulnerabilities, 18 are rated as 'critical' in severity; these are flaws that can be exploited by malicious programmes to steal sensitive data from vulnerable systems by attacking them remotely.

Microsoft released fixes for 79 unique vulnerabilities yesterday, including 22 critical bugs - one of which could be used to spread malware around the globe.

Elsewhere, IT admins should also fix a zero-day flaw (CVE-2019-0863), which is being exploited in the wild and has also been publicly disclosed, meaning other hackers could use it in their own attacks.

Protections against a new subclass of speculative execution side-channel vulnerabilities, known as Microarchitectural Data Sampling, for 64-Bit (x64) versions of Windows (CVE-2018-11091,CVE-2018-12126, CVE-2018-12127, CVE-2018-12130). "This vulnerability will make that process even easier".

Related Articles

  • Huawei says willing to sign 'no-spy' agreements

    Huawei says willing to sign 'no-spy' agreements

    FILE PHOTO: A Huawei logo is pictured during the media day for the Shanghai auto show in Shanghai, China April 16, 2019. At a hearing Tuesday, U.S. senators raised the alarm about allies using Chinese equipment in 5G networks.
    Israel's Eurovision webcast hacked with animated blast images

    Israel's Eurovision webcast hacked with animated blast images

    U.S. music icon Madonna has come under pressure to cancel her performance at this year's contest. On Tuesday, hundreds of protesters marched in Tel Aviv before the first semi-finals.
    Britain concerned at reports Iran jailed woman for spying for UK

    Britain concerned at reports Iran jailed woman for spying for UK

    The British Council said it does not have offices or representatives in Iran and it does not do any work in Iran. A judiciary spokesperson said the woman, who has not been identified, confessed to the crime of spying.
  • Sri Lanka Riots: Authorities impose nationwide curfew amid rising sectarian violence

    Sri Lanka Riots: Authorities impose nationwide curfew amid rising sectarian violence

    The latest unrest came as Catholic churches resumed public Sunday masses for the first time since the bombings. Sri Lanka has been on the edge following a series of suicide blasts on Easter that killed over 250 people.
    Jeremy Kyle Show axed forever

    Jeremy Kyle Show axed forever

    ITV's support for its reality show talent has also come under scrutiny following the deaths of two former Love Island contestants. Jeremy returned to radio past year with a weekly show on talkRADIO, but he presented his last show on March 30th 2019.
    Man City facing 1-season ban from Champions League

    Man City facing 1-season ban from Champions League

    Earlier this season, Manchester City released a statement denying any misconduct, saying, " The accusation of financial irregularities are entirely false ".
  • How much coffee is too much?

    How much coffee is too much?

    Authors write that coffee has been connected to a reduced risk of prostate cancer, Alzheimer's disease and Parkinson's disease . The researchers identified increased risks of cardiovascular disease in line with coffee consumption and genetic variations.
    The Reason Prince Harry Named His Son Archie Will Melt Hearts

    The Reason Prince Harry Named His Son Archie Will Melt Hearts

    Today is Mother's Day in the United States, Canada, Australia, New Zealand, South Africa, Kenya, Japan, and several countries across Europe.
    HTC Exodus 1s Places Blockchain On A Tight Budget

    HTC Exodus 1s Places Blockchain On A Tight Budget

    HTC will also offer a software development kit (SDK) which will be available for its Zion Valut, the HTC crypto wallet. The manufacturer has not shared a specific launch date but says the device will be priced at around $250-300.
  • Love The Position We're In: Trump On China Amid Trade Dispute

    Love The Position We're In: Trump On China Amid Trade Dispute

    The president also ordered tariffs to be raised on all remaining U.S. imports from China, which are valued at around $300 billion. Since then, the two sides have exchanged several rounds of trade duties, as they have yet to produce a deal.
    Iran's aggression threatens the world, not just the Gulf

    Iran's aggression threatens the world, not just the Gulf

    Houthi media reported a drone operation against Saudi installations, but did not specifically identify the pipeline as the target. Neither Saudi Arabia nor the UAE have publicly blamed Iran for the attack so far.
    Donald Trump Jr. agrees to testify before the Senate Intelligence Committee again

    Donald Trump Jr. agrees to testify before the Senate Intelligence Committee again

    Senators on the committee want to go over answers Trump Jr. gave the panel's staff in a 2017 interview and ask further questions. Add Donald Trump Jr .as an interest to stay up to date on the latest Donald Trump Jr . news, video, and analysis from ABC News.