Microsoft reports 'critical' flaw in Windows 7 and older

Ceria Alfonso
May 15, 2019

This vulnerability is pre-authentication and requires no user interaction.

The vulnerability causing all the fuss is a flaw in Remote Desktop Services, which as the name implies lets you remotely control a far-off PC from a second PC. "The security update addresses the vulnerability by correcting how Skype for Android answers incoming calls", Microsoft says, adding that exploitation is less likely. "It is important that affected systems are patched as quickly as possible to prevent such a scenario from happening".

Security updates for Microsoft Edge, Windows Scripting, Windows applications platform and Frameworks, Windows graphics, Windows Media, Windows wireless networks, Windows kernel.

Computers which use Network Level Authentication (NLA) are partially protected, Microsoft said, but an attacker with valid credentials could still exploit the vulnerability.

For highly likely, read absolutely certain: a malware propagation method like this is going to be appearing very soon since it's a low-priced, highly effective way of spamming out ransomware and trojans.

There are download links to the appropriate updates found at the foot of this page for those still using any of the following operating systems: Windows 7, Windows 2008 R2, Windows 2008, Windows 2003 or Windows XP.

More news: Sheriff: Carnival worker from Virginia shot, killed 3 women

"Customers running Windows 8 and Windows 10 are not affected by this vulnerability, and it is no coincidence that later versions of Windows are unaffected", the company said.

While you're patching that, there's a lot of other stuff to fix in the Patch Tuesday update. Of those, three can be exploited to achieve remote code execution, and they affect GDI+, Word and DHCP Server.

One of the priorities this month is CVE-2019-0863, which is an elevation of privilege vulnerability in Windows that's already being exploited by attackers.

Microsoft is trying to prevent the outbreak of a computer worm by urging owners of older Windows systems to patch their machines. As is traditional, Adobe dropped 86 flaw fixes, mainly in Reader and Acrobat, and Citrix, too, has one of its own.

The researchers from the universities in Australia, the United States, Belgium, Austria and CSIRO's Data 61 unit noted that newer Coffee Lake Refresh i9 processors are ironically enough more vulnerable to Fallout compared to older parts, due to Intel's countermeasures against the earlier Meltdown speculative execution information leak flaw. Concerned customers should update to the latest builds of Citrix Workspace app, and Citrix Receiver for Windows.

Otros informes por

Discuta este artículo