Earlier this month, software giant Microsoft revealed a major Windows security vulnerability, because of which a ‘wormable’ attack could become widespread by going from one vulnerable computer to the other. This can be a lot like the flaw that led to the spread of WannaCry malware that made thousands of machines stop working. While the company has released patches for Windows systems including the older ones like Windows XP machines, some reports suggest that there are around 1 million systems that are connected to the internet and can be attacked.
According to Simon Pope, director of incident response at Microsoft’s Security Response Center, “Microsoft is confident that an exploit exists for this vulnerability. It’s been only two weeks since the fix was released and there has been no sign of a worm yet. This does not mean that we’re out of the woods.”
He also noted that even that WannaCry attacks started only two months after the release of patches for EternalBlue exploit. So, in spite of the fact that there were 60 days to patch these systems, a number of machines were infected. We should mention that EternalBlue exploit was leaked publicly, and this allowed hackers to create malware freely. The new BlueKeep flaw has not been disclosed publicly, however, that does not imply that there would be no malware.
According to Pope, “It is possible that we won’t see this vulnerability incorporated into malware. But that’s not the way to bet.”
The new major Windows security exploit comes with a critical remote code execution vulnerability in Remote Desktop Services that exists in Windows XP, Windows 7 other server versions. The server versions include the likes of Windows Server 2003, Windows Server 2008 R2, and Windows Server 2008. These make up a majority of overall Windows machines in use and this is particularly true for those in corporate environments.
The software giant is, therefore, strongly advising system admins to update machines as soon as they can.
Recently, Microsoft had also recently rolled out the Windows 10 May 2019 update to everyone. The Windows 10 May 2019 comes with a number of new features such as giving users enhanced control over the installation of updates, a dedicated sandbox that can be used for testing apps and more.
Microsoft has announced that the update will be rolled out in a phased manner. You can check for the Windows 10 May 2019 update on your PC by heading to Settings > Update & Security > Windows Update > Check for updates.
For the latest gadget and tech news, and gadget reviews, follow us on Twitter, Facebook and Instagram. For newest tech & gadget videos subscribe to our YouTube Channel. You can also stay up to date using the Gadget Bridge Android App.