Using Windows 7? Install this update to avoid WannaCry-like attack
Back in 2017, the infamous WannaCry ransomware plagued hundreds of thousands of computers across the globe. The attack was eventually contained, but now, security researchers at Microsoft have warned of a vulnerability that exposes computers to similar kind of attacks. It exists on Windows 7 and older systems and needs to be patched immediately. Here's what you need to know about it.
Critical remote execution vulnerability in dated Windows OS
The security loophole in question has been described as a critical Remote Execution Vulnerability that exists in Remote Desktop Services on several operating systems made by Microsoft. Now, this doesn't include company's latest offerings but affects Windows 7, which was recently beaten by Windows 10 in terms of popularity, Windows XP, Windows Server 2003, Windows Server 2008 R2, and Windows Server 2008.
Attackers could execute arbitrary code on target systems
Microsoft says the vulnerability could be exploited by attackers to execute arbitrary code on your system. Then, they could easily install programs, view, change, or delete data, or create new accounts with full user rights on your personal machine. Now, this could be a major threat, especially if you use your computer for storing confidential or personal financial information.
And, this attack could spread like WannaCry
More worryingly, Microsoft says this vulnerability is 'wormable', meaning it could lead to a WannaCry-like attack - spreading over unpatched PCs. "This vulnerability is pre-authentication and requires no user interaction," Simon Pope, director of incident response at Microsoft's Security Response Center, said, adding that any malware exploiting this bug could propagate between computers "in a similar way as the WannaCry spread".
No exploits observed yet
While no exploits of the vulnerability have been spotted, Microsoft is urging dated Windows users to either update their OS or install a security patch to stay protected. Windows 7, Windows Server 2008 R2, and Windows Server 2008 are in-support and can be patched by turning automatic updates on. Meanwhile, others would have to be fixed by downloading the patch manually from https://bit.ly/2VEcAup.
Risk of attack appears likely
"While we have observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware," Simon warned.
