Microsoft's Windows security flaw is significant. What you can do about it is as follows.

 

Microsoft's Windows security flaw is significant. What you can do about it is as follows.

CNN Business reports that Microsoft's latest security flaw could have long-term consequences for both consumers and businesses at a time when many people around the world are already on high alert for disruptive cyber attacks.

Sangfor researchers recently discovered PrintNightmare, a Windows vulnerability that could allow hackers to remotely gain access to the operating system and install programs, view and delete data, or even create new user accounts with full user rights. The company inadvertently leaked instructions on how hackers could exploit the flaw.

Is my Windows device affected?

Microsoft (MSFT) is advising all Windows users to install an update that affects the Windows Print Spooler service, which allows multiple users to access the same printer. Microsoft has already released updates for Windows 10, Windows 8, Windows 7, and some server versions. Microsoft ended support for Windows 7 last year, so the decision to release an update for that software emphasizes the gravity of the situation.

According to Michela Menting, a cybersecurity expert at ABI Research, while many Windows users do not have remote access capabilities on their home computers, business computers or people working remotely and connecting back to the office could be the most affected.

What is the significance of this?

Windows 10 runs on about about 1.3 billion devices worldwide, according to market research firm CCS Insight, so the magnitude of the vulnerability's reach is massive. "This is a big deal because Windows 10 is the most popular desktop OS out there with over 75% market share," Menting said.

Because Windows 10 is used by both desktop computers and some servers, hackers could potentially infiltrate a network "very quickly" and get in "practically anywhere to find the most lucrative databases and systems," according to Menting.

Users copied Sangfor's proof-of-concept exploit code after he posted it on the Microsoft-owned code hosting platform Github.

How to Install the Patch

Windows users can download the new software by going to the Settings page, then selecting the Update & Security option, followed by Windows Update, or by going to the Microsoft website.

However, one researcher on Twitter demonstrated how the emergency update isn't completely effective, allowing potential actors to exploit the vulnerability. Following the publication of this story, a Microsoft spokesperson stated The company says it is "not aware of any bypasses to the update," but it is still looking into the matter.

Menting compared a buggy patch to "years in cybercrime time," adding that ransomware attacks or data theft are "highly likely" as a result. "There is no doubt that not every company will have updated their operating system before an attacker gets in," she said.

The main point

Nonetheless, the incident serves as a reminder to both businesses and consumers to regularly update any type of software to ensure that impacted systems are not left vulnerable. Menting advised anyone who believes they may be vulnerable to a vulnerability or is unsure to disable impacted functions until a company releases an official fix.

Comments

Post a Comment

Popular posts from this blog

Update your Windows PC to address the serious Print Nightmare security vulnerability.

Image
  Update your Windows PC to address the serious Print Nightmare security vulnerability. You may have heard of "PrintNightmare," a vulnerability in the Windows Print Spool service that, under some circumstances, may allow hackers to take control of your computer. After expressing alarm about the problem last week, Microsoft has now formally released a patch that fixes the problem, urging all Windows users to apply it as soon as possible. We'll skip the technical details of the patch, but it's rather simple to set up. However, not everyone may be aware of how to obtain the patch today in order to keep your PC safe when using the Windows Print Spool service to deliver documents from your PC to your printer. With a brief instruction on how to cure the PrintNightmare issue on Windows 10 right now, we've got you covered. As it turns out, several researchers have already identified some more issues with Microsoft's rapid fix, so you'll probably want to inst...
Read more

Which computers are capable of being upgraded to Windows 11?

Image
  Which computers are capable of being upgraded to Windows 11? Is Windows 11 compatible with my computer? Microsoft hasn't made it easy to answer that question, as Windows 11's hardware requirements have been complicated, not least by the requirement for TPMs. Microsoft itself removed the PC Health Check app, which was one of the few ways to determine if your PC was ready for Windows 11. Some PC manufacturers are simply stating whether your PC can be upgraded to Windows 11 or if you must purchase a new one. Links to the major PC manufacturers who have published such lists are provided below. Windows 11-capable Acer PCs Windows 11-capable Asus PCs Dell PCs that are capable of running Windows 11 Windows 11-capable dynabook PCs HP PCs capable of running Windows 11 Windows 11-capable Microsoft PCs MSI PCs capable of running Windows 11 Windows 11-capable Razer PCs Windows 11-capable Samsung PCs As additional context, some have included FAQs or explanations of...
Read more

Microsoft will prioritize the refresh of Win32 apps for Windows 11, Windows 10, and Windows 8.

Image
  Microsoft will prioritize the refresh of Win32 apps for Windows 11, Windows 10, and Windows 8. Microsoft is not currently working on a stable release of WinUI 3 for UWP apps, preferring to focus on once-legacy Win32 apps for Windows 10 and Windows 11. WinUI is a new user interface for Windows 10 and Windows 11 that includes modern controls and styles for Windows apps. Microsoft officials refer to WinUI as the "native UI platform," and it is used in the Windows shell as well as React Native for Windows. WinUI, according to Microsoft, is designed for today's modern hardware and devices, and it supports the most recent Fluent styling. The majority of the modern controls and styles seen in Windows UWP apps are part of the company's WinUI project, which embodies Fluent Design and provides each app with the "modern touch" that users expect. WinUI 2 is WinUI's second generation work, and it is a library of controls and styles for UWP apps. Microsoft is ...
Read more