[ad_1]
Microsoft revealed a major Windows security vulnerability earlier this month, which could result in a widespread "vermifuge" attack that spread from one vulnerable computer to another. In 2017, we saw a similar loophole that caused the WannaCry malware to cause considerable damage to thousands of machines.
While Microsoft has released patches for Windows systems, even for older servers and Windows XP computers, recent reports have revealed that at least 1 million systems connected to the Internet could be attacked. "Microsoft is confident that there is an exploit for this vulnerability," warns Simon Pope, director of incident response at Microsoft's Security Response Center (MSRC). "It has only been two weeks since the patch was released and there is still no sign of worm. That does not mean we're out of the woods. "
Pope notes that it was almost two months after the release of the previous EternalBlue exploit's patches when the WannaCry attacks started and despite a 60-day timeframe to repair the systems, many machines were still infected. The EternalBlue exploit has been publicly disclosed, allowing hackers to freely create malware. This new BlueKeep flaw has not been released publicly yet, but that does not mean there will be no malware. "It is possible that this vulnerability is not integrated with malware," says Pope. "But that's not the best way to bet."
This major new Windows security exploit involves a critical remote code execution vulnerability in remote desktop services in Windows XP, Windows 7, and server versions such as Windows Server 2003, Windows Server 2008 R2, and Windows Server. 2008. These operating systems a large part of all Windows machines used, especially in enterprise environments. Microsoft is now strongly advising system administrators to update computers as soon as possible.
[ad_2]
Source link