Windows 10 users should make sure their PCs are fully up to date.
Microsoft has just announced that its Patch Tuesday upgrade which fixes numerous vulnerabilities within its popular operating systems.
In fact, there’s a total of 88 patches in this update with some so serious they’re been deemed “Critical,” the company’s highest severity ranking.
Along with Microsoft’s own software, some of the changes also include updates that fix vulnerabilities in 3rd-party hardware and software, such as Adobe Flash Player.
The highest rated CVE in this month’s release is CVE-2019-0888, a vulnerability in the way ActiveX Data Objects (ADO) handles objects in memory.
This could be exploited by an attacker to convince a user to visit a malicious website, resulting in arbitrary code execution as the current user.
Commenting on this, Satnam Narang, Senior Research Engineer at Tenable, said “This month’s Patch Tuesday release contains updates for nearly 90 CVEs, including fixes for four zero-day elevation of privilege vulnerabilities: “bearlpe,” “InstallerBypass,” “CVE-2019-0841-BYPASS,” and “sandboxescape,” that were publicly disclosed by SandboxEscaper in late May.
“Also notable in this month’s release is that no vulnerabilities appear to have been exploited in the wild, according to Microsoft.”
You can find all of Patch Tuesday notes from Microsoft here.
The news of this latest comes just weeks after those running older Microsoft software were put on alert about a security threat which could be “as damaging as WannaCry”.
In May Microsoft revealed a major Windows security vulnerability that could lead to a widespread “wormable” attack which spreads from PC to PC.
A similar flaw was behind the WannaCry attack in 2017 which caused worldwide mayhem, significantly impacting the computer systems of the NHS in the UK.
In the aftermath of the recent issue being discovered, which does not affect Windows 10, Microsoft released patches for old operating systems such as Windows XP and Windows 7.
But it’s been claimed by security experts that there are at least one million Windows systems that could be impacted by the latest flaw.
In a post online Robert Graham, from consultancy firm Errata Security, said: “Microsoft announced a vulnerability in it’s ‘Remote Desktop’ product that can lead to robust, wormable exploits.
“I scanned the Internet to assess the danger. I find nearly 1-million devices on the public Internet that are vulnerable to the bug.
“That means when the worm hits, it’ll likely compromise those million devices.
“This will likely lead to an event as damaging as WannaCry and notPetya from 2017 — potentially worse, as hackers have since honed their skills exploiting these things for ransomware and other nastiness.”
The latest security threat underlines the need to be running the latest software updates and patches.
Older operating systems don’t receive the support that Windows 10 does, with Windows 7 reaching its end of life next year.
After January 14, 2020, Microsoft will no longer provide security updates or support for PCs running Windows 7.
Source: Read Full Article