It’s been a busy year at Microsoft in terms of security. In 2019 alone, several vulnerabilities were revealed by researchers, only to quickly be patched before hackers had a chance to exploit them. But in a high-risk software environment like today, at least Microsoft is taking some responsibility for the threats facing its platform. Although, some would say too little too late.
Even after all the patches, if you thought Windows 10 was out of the woods just yet you’d be sadly mistaken. A critical new vulnerability was discovered that can potentially give hackers remote access to any computer they infect. Worse still, the flaw is “wormable,” meaning it has the potential to spread itself further without any input from users.
Even if you’ve updated your Windows machine recently, Microsoft doesn’t want any users missing out on its latest security patch. We have more details on this frightening new threat, and what you can do to protect your PC from being hijacked by cybercriminals.
BlueKeep II: Electric Boogaloo
Security researchers at Microsoft have discovered a new vulnerability affecting all versions of its platform, including Windows 10. This security flaw takes advantage of Windows’ Remote Desktop Services, which normally allows a user to access their computer over the internet with special software.
In the case of this vulnerability, a hacker can easily exploit the flaw to gain remote access to a computer without the user’s permission. They would then be able to make changes, install software, and create new user accounts with full privileges.
On top of this, Microsoft has stated that the vulnerability is “wormable,” which would allow any exploitative malware to reproduce and spread to other computers on its own.
Due to sharing a number of aspects with the BlueKeep flaw discovered earlier this year, analysts have tentatively dubbed the issue BlueKeep II. Despite its similar name and origins, however, this new flaw requires a separate fix.
As part of its discovery announcement, Microsoft released a number of patches to address the security flaw. Because the vulnerability is so severe, the company is urging anyone with a Windows computer to update their device as soon as possible. Doing so would help stifle any malware pandemics before they had a chance to kick off in the first place.
Am I at risk? How can I update my system?
As Microsoft states in its announcement, this issue is considered an “elevated risk.” This means updating should be an urgent matter for anyone with an affected Windows machine. Depending on which operating system your PC is running, the steps to update may be different.
Thankfully, Microsoft has provided download links for all versions of the patch. The newest automatic updates available for your device, however, will also include the patch going forward.
Here’s a brief summary on how to update your system from the settings menu:
On Windows 8, open the Start menu by pressing the Windows button on your keyboard, and then click on Store. Click on the Update Windows button once you’ve entered the store. From here, you’ll be able to access the latest update.
On Windows 10, you can upgrade your system by going to Settings and clicking on Update & Security. On this screen, you can click Check for updates to see the newest version available for your computer.
If you’re on an older version of Windows, this blog post from Microsoft contains links to the download files, as well as the instructions on how to access and install files on your computer.
As we’ve said before, preventative care is one of the best ways to protect your computer from cybercriminals. If you stay on top of the latest bug fixes and patches, you’re stopping hackers in their tracks before they even have a chance to test out their “new toys.” For all of our sake, let’s not give them an opportunity in the first place.
Patch your system today, and you’ll be grateful when the next major threat rears its ugly head.