The vulnerability is "wormable", according to Microsoft, which means that no user interaction is required for their system to be exploited, and affected systems are capable of propagating the virus to other at-risk computers and networks around the world.
Microsoft says it has not yet observed any exploitation of the vulnerability.
Microsoft has posted patches for the two latter versions of Windows but strongly suggests users upgrade to newer variants of the operating system.
Microsoft has warned of a serious security vulnerability in its older, theoretically-unsupported Windows operating systems, releasing patches which need to be applied manually for those systems no longer receiving automated updates.
The latter, CVE-2019-0725, is a particularly nasty memory corruption vulnerability, since all that is needed to exploit it is a well-crafted packet sent to a DHCP server and affects all now supported versions of Windows, client and server.
This time past year stats put Windows 7, which was first released back in 2009, ahead of the newer Windows 10 OS. "It is critically important for organizations and system administrators to apply patches as soon as possible to reduce their risk of compromise". With NLA enabled, systems are protected against "wormable" malware or advanced malware threats that could exploit the vulnerability, as NLA requires authentication before the vulnerability can be triggered.
Among the patches is a fix for a zero-day vulnerability in the Windows Error Reporting Service.
This is a flaw in Remote Desktop Services (RDS) which could allow an attacker to remotely execute arbitrary code on a target system after connecting using RDP. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Security researchers have shown it is possible to exploit MDS vulnerabilities with attacks such as rogue in-flight data load (RIDL) and Fallout to glean secrets and sensitive information such as password and digital keys on recent Intel processors.
Microsoft had already released a patch for the flaw, but many older and vulnerable OSes were never updated. That vulnerability affects both Mac and Windows systems.
- Brexit rebels tell Theresa May - Your EU divorce deal is dead
- Plastic bag found at bottom of Mariana Trench - during the deepest dive
- Netflix will be talking games development at E3 2019
- Impossible Foods CEO is a longtime vegan and biochemist
- Next James Bond Film Suspends Production Amidst Daniel Craig Injury
- Red Dead Redemption 2 PC Appears on Programmer’s LinkedIn
- 'Star Wars' movie in 2022 will come from 'Game of Thrones' creators
- Aston Villa into playoff final after shootout win over West Brom
- Donald Trump expected to sign order banning Huawei from United States networks
- Myanmar pilots lauded after landing without nose gear