Press "Enter" to skip to content

Microsoft Discovers ‘Critical’ Windows 10 Vulnerabilities Affecting 800M

In a recent Security Response Center update from Microsoft, the company detailed the discovery of two “critical” Remote Code Execution (RCE) vulnerabilities.

The vulnerabilities are “wormable”, meaning that any future malware that exploits these could jump from computer to computer without any need for users sending it across.

RELATED: MICROSOFT JOINS APPLE, AMAZON AS $1 TRILLION COMPANY

‘Wormable’ vulnerabilities

The nature of the RCE vulnerabilities means that they can propagate without need for user action. As Forbes reports, this is particularly worrying as it means the vulnerability could affect hundreds of millions of Windows 10 computers.

According to Microsoft, an attacker who successfully exploits the vulnerability could execute arbitrary code on the target system. They could then install programs, delete data, and even create new accounts with full user rights.

In a statement, Simon Pope, Microsoft’s Director of Incident Response, confirmed that the vulnerabilities affect “all supported versions of Windows 10, including server versions.”

Pope also confirmed that the vulnerability could affect Windows 7 SP1, Windows Server 2008 R2 SP1, Windows Server 2012, Windows 8.1, and Windows Server 2012 R2 users.

Microsoft Windows 10 users are estimated at 800 million, the company says.

Patches already available

Pope stated that “it is important that affected systems are patched as quickly as possible.”

A patch is available at CVE-2019-1181 and CVE-2019-1182. Look for your Windows version in the ‘Security Updates’ section and download the corresponding patch.

These will very soon be installable via Windows Update, however, if it is not yet available at the time of reading, it’s better to be safe and install the patch as soon as possible.

BlueKeeps I & II

The new bugs are being widely compared to the BlueKeep vulnerability – also “wormable” – that was discovered and patched in May of this year.

ZDNet is referring to them as BlueKeep I & II.

Source: Interesting Engineering