Microsoft recently warned users of critical vulnerabilities found across all versions of its operating systems, including Windows 10, and urged them to update systems immediately.
Simon Pope, Director of Incident Response, Microsoft, wrote a blog post in Security Response Center that warned users of wormable security exploits. The warning said that the company discovered two critical Remote Code Execution (RCE) vulnerabilities, CVE-2019-1181 and CVE-2019-1182, which are also ‘wormable’.
This vulnerability is pre-authentication which means on exploitation, it can launch future malware and can penetrate across computers without any user authentication.
The blog post explained that on successful exploitation of the vulnerability, an unauthenticated attacker could execute arbitrary code on the target system, install programs; get access, change or delete data; or even create new accounts on the system with full user rights.
The tech giant confirmed the affected versions of Windows include “Windows 7 SP1, Windows Server 2008 R2 SP1, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, and all supported versions of Windows 10, including server versions.”
Microsoft advised its users to update Windows 10 operating systems to prevent the security exploitation.
“It is important that affected systems are patched as quickly as possible because of the elevated risks associated with wormable vulnerabilities like these, and downloads for these can be found in the Microsoft Security Update Guide,” Pope stressed in a statement.
There are potentially millions of vulnerable devices right now. The risk is high as Windows 10 is the most popular operating system and is used in more than 800 million devices across the world.
However, Windows 10 users who have automatic updates enabled in their systems are already protected. Other customers can manually patch their systems by simply typing “Windows Update” in the search bar to access the update tool.