Date:03/06/19
While Microsoft has released patches for Windows systems, even for older server and Windows XP machines, recent reports have revealed there are at least 1 million systems connected to the internet that can be attacked. “Microsoft is confident that an exploit exists for this vulnerability,” warns Simon Pope, director of incident response at Microsoft’s Security Response Center (MSRC). “It’s been only two weeks since the fix was released and there has been no sign of a worm yet. This does not mean that we’re out of the woods.”
Pope notes that it was nearly two months after the release of patches for the previous EternalBlue exploit when WannaCry attacks began, and despite having 60 days to patch systems, a lot of machines were still infected. The EternalBlue exploit was leaked publicly, allowing hackers to create malware freely. This new BlueKeep flaw hasn’t yet been publicly disclosed, but that doesn’t mean there won’t be malware. “It is possible that we won’t see this vulnerability incorporated into malware,” says Pope. “But that’s not the way to bet.”
This new major Windows security exploit involves a critical remote code execution vulnerability in Remote Desktop Services that exists in Windows XP, Windows 7, and server versions like Windows Server 2003, Windows Server 2008 R2, and Windows Server 2008. These operating systems still make up a big chunk of the overall Windows machines in use, especially in corporate environments. Microsoft is now strongly advising system admins to update machines as soon as possible.
Microsoft warns 1 million computers are still vulnerable to major Windows security exploit
Microsoft revealed a major Windows security vulnerability earlier this month, that could see a widespread “wormable” attack that spreads from one vulnerable computer to the next. We saw a similar flaw back in 2017 which led to the WannaCry malware causing mayhem for thousands of machines.While Microsoft has released patches for Windows systems, even for older server and Windows XP machines, recent reports have revealed there are at least 1 million systems connected to the internet that can be attacked. “Microsoft is confident that an exploit exists for this vulnerability,” warns Simon Pope, director of incident response at Microsoft’s Security Response Center (MSRC). “It’s been only two weeks since the fix was released and there has been no sign of a worm yet. This does not mean that we’re out of the woods.”
Pope notes that it was nearly two months after the release of patches for the previous EternalBlue exploit when WannaCry attacks began, and despite having 60 days to patch systems, a lot of machines were still infected. The EternalBlue exploit was leaked publicly, allowing hackers to create malware freely. This new BlueKeep flaw hasn’t yet been publicly disclosed, but that doesn’t mean there won’t be malware. “It is possible that we won’t see this vulnerability incorporated into malware,” says Pope. “But that’s not the way to bet.”
This new major Windows security exploit involves a critical remote code execution vulnerability in Remote Desktop Services that exists in Windows XP, Windows 7, and server versions like Windows Server 2003, Windows Server 2008 R2, and Windows Server 2008. These operating systems still make up a big chunk of the overall Windows machines in use, especially in corporate environments. Microsoft is now strongly advising system admins to update machines as soon as possible.
Views: 415
©ictnews.az. All rights reserved.Similar news
- Cellphone Use May Raise Cancer Risk
- Australian police pushes cyber safety education
- Vietnam aims to lead in e-government
- Senate Website Gets Hacked
- US builds net for cyber war games
- Japan enacts anti-computer virus law
- India passes law vs e-waste
- Anonymous Declares War On The City Of Orlando
- Microsoft highlights evolving dangers as online identity data proliferates
- Consumers want internet security to be provided by banks
- Government facilities targets of cyber attack
- South Korean web attacks might been war drill
- Sri Lanka to Establish National Passport Database to Increase Border Security
- Hi-tech crime agencies set to employ information security professionals
- Phone hacking and online campaign bring down the News of the World