Microsoft is warning Windows 10 users to update their operating systems right away because of two critical vulnerabilities. They can spell disaster for business and personal data and could even spread malware rapidly across the internet.
- What Are These Vulnerabilities?
As Microsoft states in its announcement, this issue is considered an “elevated risk.” According to Microsoft, these are Remote Code Execution (RCE) vulnerabilities, CVE-2019-1181 and CVE-2019-1182. Like the previously-fixed “BlueKeep” vulnerability (CVE-2019-0708), these two vulnerabilities are also “wormable,” meaning that any future malware that exploits these could propagate from vulnerable computer to vulnerable computer without user interaction.
Security analysts have dubbed the flaws BlueKeep II. However, they require a separate fix from the original BlueKeep vulnerability. You should install Windows 10’s August 2019 updates now to protect your computers from this nasty worm.
- What Is Microsoft Saying?
According to Microsoft:
“A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP (Remote Desktop Services) and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction.
An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
To exploit this vulnerability, an attacker would need to send a specially crafted request to the target systems Remote Desktop Service via RDP.
The update addresses the vulnerability by correcting how Remote Desktop Services handles connection requests.”
- Does BlueKeep II Affect All Versions of Microsoft Operating Systems?
Yes. All versions of Microsoft’s platform, including Windows 10 contains a security flaw that can take advantage of Windows’ Remote Desktop Services. This service allows you to access your computer over the internet with special software.
- How Is This Flaw Exploited?
A hacker can easily exploit the vulnerability to gain remote access to your computer without your permission or any actions on your part. They can make changes, install software, and create new user accounts with full privileges. And this flaw is “wormable,” and allows any malware to reproduce and spread to other computers as well.
- What Should Users Do?
Microsoft has released a number of patches to address the security flaw. But, because this vulnerability is so severe, Microsoft is urging you to update your Windows machines immediately. This will stop any malware from growing into pandemic proportions.
The steps to update differ depending on which operating system you are using:
Windows 8 Users: Open the Start menu by pressing the Windows button on your keyboard, and click on Store. Click the Update Windows button, and you can get the latest update.
Windows 10 Users: Go to Settings and click on Update & Security. Click Check for updates to get the newest version of Windows 10.
Older Versions of Windows: Visit this Microsoft page. It contains links to the download files and instructions on how to access and install files on your computer.
Microsoft has also provided download links for all versions of the patch. They plan to include other patches going forward.
- Another Flaw Exists That’s Been Lurking For 20 Years
According to Googles’ Project Zero, there’s another exploit called cftool. This uses Microsoft Text Services Framework to get into unpatched Windows 10 system. The patches for this can be found here.
- Prevention Is Always The Best Policy
It’s important to stop hackers in their tracks before they have an opportunity to do damage. Apply updates and patches your operating systems as soon as they are released
“Proactive and preventive IT management is the best ways to protect your computers from hackers. Your IT service company will stay on top of the latest bug fixes and patches, and prevent hackers from getting into your IT system. Most use Remote Monitoring and Management to detect and block threats and to upgrade patches and operating systems for you in a timely manner.” states Chris Chao, CEO of one of the top information technology companies in Atlanta, GA, Centerpoint IT.
“Also make sure that your Remote Desktop is turned off. Microsoft has repeatedly issued patches for it this year. If you don’t need to use it, turn it off. There’s no need to expose yourself to this risk.” shares Joe Martin from Compunet, an IT solutions in Vancouver, BC organization.
Although Windows 10 provides stronger protection than past versions of Windows, the default security in this, and other operating systems, just isn’t enough in today’s hyper-connected world. Ask your IT service provider to implement a multi-faceted, layered security protection for your network and computers.
