Microsoft Patches New Wormable Bugs in Massive Security Update

Adjust Comment Print

In a statement, Microsoft's Incident Response Team Director Simon Pope said that all versions of Windows 10 are affected by this bug.

The company warned about two "critical" issues that could allow hackers to spread malware from one machine to another.

If you are working with Windows-based systems, you should download and install the August Security update.

Intel, meanwhile, has released a brace of updates for its own products, including another firmware patch for selected models in its Next Unit of Computing (NUC) small form factor range to close a security hole which allows for privilege escalation, denial of service, and information disclosure attacks.

The vulnerabilities are within the Remote Desktop Service (RDS) feature in Windows, in which IT administrators and users can activate to gain remote control of their Windows computer on a network or over the internet.

Kashmir: After 12 Days of Clampdown, Govt Announces Restrictions Will Be Eased
At this point, the bench said it can also refer this matter to the bench which on Tuesday had entertained a similar petition. Subrahmanyam said schools will open from next week and the restrictions will be removed in an orderly manner.

We resolved issues related to CVE-2019-1162, in August.

"There is partial mitigation on affected systems that have Network Level Authentication (NLA) enabled". Some of the vulnerabilities can be exploited without authentication to achieve remote code execution and full system compromise, making them highly unsafe for enterprise networks if left unfixed.

Although Microsoft has yet to ascertain the number of devices affected by the newly discovered vulnerabilities, CVE-2019-1181 and CVE-2019-1182, it recommends immediate patching of these bugs to contain a potential wider attack.

Attackers can use this loophole to either steal data from other apps, or they can use it to issue commands in the name of those apps. Once exploited, the vulnerabilities can move and penetrate even without user authentication. He contributes to the site with tech news, but you will also see some updates on scientific breakthroughs regarding the biophysical environment or wildlife welfare.

If you have automatic updates enabled then your PC should also be automatically protected by these fixes and you're also safe if you are running Windows XP, Windows Server 2003, and Windows Server 2008 as these are not affected. It's a flaw noted by the CERT Coordination Center, with a high 9.3 score per the Common Vulnerability Scoring System, even though an attacker would need "specialized hardware" and would have to be within range of a Bluetooth device.