“4 New Critical Flaws” in Windows 10 Discovered by Microsoft
By Prempal Singh
4 new critical security flaws in Windows 10 were discovered by Microsoft itself. The company is worried about these security bugs because according to them these bugs could be weaponized to launch a computer virus targeting the PCs and servers across the world.
These 4 flaws are “wormable”, meaning these flaws open the path for malware that spreads automatically from one vulnerable machine to another and this whole process can be executed without any user interaction.
Two flaws can affect the older operating systems including Windows 7 SP1, Windows 8.1, Windows Server 2008 R2 SP1, and Windows Server 2012 but Windows XP and Windows Server 2003 and 2008 are not vulnerable to the threat.
These vulnerabilities basically deal with the Remote Desktop Service(RDS) feature in Windows, which are used by IT administrators and users to gain remote control of windows machine on a network. This feature requires the correct login credentials but Microsoft researchers discovered that an unauthenticated attacker can break into an RDS-enabled computer by sending specially crafted data requests.
Microsoft says in its security advisories: “An attacker who successfully exploited this vulnerability could easily execute arbitrary code on the target system. Then an attacker could easily install programs and have the access to change, view or delete data or they can create a new account with full user rights”.
The good news is that these flaws are patched by Microsoft. The company is rolling out the fixes to the customer who has automatic updates turned on. You can also download the patches from the Microsoft website.These 4 flaws are “wormable”, meaning these flaws open the path for malware that spreads automatically from one vulnerable machineThe good news is that these flaws are patched by Microsoft. The company is rolling out the fixes to the customer who has automatic updates turned on. You can also download the patches from the Microsoft website.
CVE-2019-1181 and CVE-2019-1182 can affect Windows 10, Windows Server 2019, Windows 7 SP1 and Windows 8.1 operating systems. “At this time, we have no evidence that these vulnerabilities were known to any third party” Said by Pope, Director of Incident Response, Microsoft Security Response Center.
CVE-2019-1222 and CVE-2019-1226, on the other hand, can only affect Windows 10 and Windows Server 2019.
“Windows systems that have disabled RDS will not get affected by these threats,” Pope tweeted.
If these flaws were left unpatched, these security vulnerabilities could allow attackers to spread malware like WannaCry and NotPetya which were spread across the globe in 2017.
In May, A separate wormable flaw for the RDS feature that affected Windows 7 and Windows XP was disclosed by Microsoft. But despite the company’s warnings, many older versions of Windows machines that have RDS activated remain vulnerable to the threat.“4 New Critical Flaws” in Windows 10 Discovered by MicrosoftIn May, A separate wormable flaw for the RDS feature that affected Windows 7 and Windows XP was disclosed by Microsoft. But despite the company’s warnings, many older versions of Windows machines that have RDS activated remain vulnerable to the threat.