Microsoft Issues Critical Windows Upgrade Warning
Windows users, stop what you’re doing because Microsoft has issued a critical warning across all versions of its platforms and told users they must act now.
Posting in its Security Response Center, Microsoft told users that it has discovered two “critical” Remote Code Execution (RCE) vulnerabilities which are “wormable”. This means they could be weaponized to launch malware that jumps automatically from PC to PC, spreading across the world without any action from the user. And there are potentially hundreds of millions of vulnerable computers.
In a statement, Simon Pope, Microsoft’s Director of Incident Response, confirmed the vulnerabilities affect "all supported versions of Windows 10, including server versions." Back in March, Microsoft pegged Windows 10 numbers at 800M. In addition to this, Pope confirmed other "affected versions of Windows are Windows 7 SP1, Windows Server 2008 R2 SP1, Windows Server 2012, Windows 8.1, [and] Windows Server 2012 R2".
Pope stressed speed is of the essence, stating: “It is important that affected systems are patched as quickly as possible,” while ZDNet warned users that it is now “A race to patch before attacks get underway”.
The level of concern is understandable, particularly for Windows 10. In March, Microsoft stated there are 800M computers running Windows 10 alone and in its advisory security advisories, it warns: "An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”
To patch the vulnerabilities go to CVE-2019-1181 and CVE-2019-1182, find your Windows version in the ‘Security Updates’ section and download the appropriate patch. Microsoft is pushing these updates out to Windows Update but, as Pope warns, it’s best to act immediately.
Meanwhile, if the nature of these vulnerabilities sound familiar, they should. Microsoft admits they are similar to BlueKeep, an issue so severe that it led to government warnings in June. In fact, ZDNet is already labelling them as BlueKeep II and BlueKeep III.
So patch your PCs and spread the word. Millions of users around the world refuse to update their versions of Windows but, in this case, the threat is immediate, viral and very real.
Windows 10 Hit Repeatedly By Serious New Vulnerability
More on: www.forbes.com