Microsoft offers security update to fix critical issue in older Windows systems

Microsoft offers security update to fix critical issue in older Windows systems

That flaw, spotted by researchers at NCC Group, is a logic vulnerability that can be exploited to gain "remote access to a host's storage via Edge, Internet Explorer, Firefox and Chrome on Microsoft Windows by a malicious Citrix server". According to the company, the Remote Desktop Protocol itself is not susceptible, but that the vulnerability is pre-authentication and requires no user interaction.

Microsoft said the vulnerability is "wormable", which means attackers could use it to spread malware across devices in a similar manner to the way WannaCry spread in 2017.

Microsoft says it has not yet observed any exploitation of the vulnerability. THe affected operating system builds include: Windows 7, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, and Windows XP.

Microsoft has posted patches for the two latter versions of Windows but strongly suggests users upgrade to newer variants of the operating system.

Users running Windows 8 and Windows 10 aren't at risk of this particular exploit, although it's always wise to keep up to date with the latest security patches regardless. It explains "Microsoft invests heavily in strengthening the security of its products, often through major architectural improvements that are not possible to backport to earlier versions of Windows".

More news: Sri Lanka Riots: Authorities impose nationwide curfew amid rising sectarian violence
More news: Jeremy Kyle Show axed forever
More news: The Reason Prince Harry Named His Son Archie Will Melt Hearts

'There is partial mitigation on affected systems that have Network Level Authentication (NLA) enabled. But this flaw is so serious that Microsoft has also issued a patch for Windows XP and its server brethren, which officially died five years ago.

Of all those vulnerabilities, 18 are rated as 'critical' in severity; these are flaws that can be exploited by malicious programmes to steal sensitive data from vulnerable systems by attacking them remotely.

Microsoft released fixes for 79 unique vulnerabilities yesterday, including 22 critical bugs - one of which could be used to spread malware around the globe.

Elsewhere, IT admins should also fix a zero-day flaw (CVE-2019-0863), which is being exploited in the wild and has also been publicly disclosed, meaning other hackers could use it in their own attacks.

Protections against a new subclass of speculative execution side-channel vulnerabilities, known as Microarchitectural Data Sampling, for 64-Bit (x64) versions of Windows (CVE-2018-11091,CVE-2018-12126, CVE-2018-12127, CVE-2018-12130). "This vulnerability will make that process even easier".

Related Articles