Time to update your Windows operating system just as Microsoft patches some major vulnerabilities.
The Security Update
In a recent security update, Microsoft addressed a dangerous remote code execution vulnerability.
Remote code execution is when an hacker is able to gain access to a user’s computer, or other computing device, regardless of geographical or network location, and execute any code or make system modifications they want. In most cases, hackers take that opportunity to reinforce their future hold on a machine by planting backdoors, or other methods of entry that do not require standard authentication methods such as passwords or root access.
This vulnerability was discovered by Kaprisky Lab, a multinational security and anti-virus company headquartered in Moscow, Russia, and reported to Microsoft, which confirmed the bug and worked to patch it.
According to Kaprisky Lab, the way that the exploit was observed (before it was reported to Microsoft) was as follows:
1. The target receives a malicious RTF (rich text format) Microsoft Document file. (This contains the necessary code to stage the machine for the exploit)
2. Once opened, the RTF document causes the second stage of the exploit to be downloaded in the form of an HTML page with malicious code
The way the vulnerability works is simple in nature; imagine you are a user, root user in this case, that is running a program at the privilege level of root user, which means the program can make system level modifications. During this time, the memory that the program uses is protected, or it is suppose to be.
In this case, the vulnerability, specifically effecting the VBScript engine, could allow the hacker to corrupt the memory in such a way that would allow them to run any code they wished using the privileges of the user or program that was running under a specific user’s privileges. In cases where the program was running under root or admin user privileges, this would allow hackers full control of the computer or computing device.
According to Microsoft, “an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”
This is significant because this exploit was not discovered by researchers who were trying to find ways to do this. This is an existing exploit that is already successfully being used by hackers. This means that everyone who has not yet updated Windows, are subject to this attack and hopefully only in rare cases, may have already fallen victim to it.
We have all been there; we are restarting or shutting Windows down, and seemingly at the worst time possible, an update begins. This is an inconvenience that we have all faced as some of these updates can seemingly take ages.
It is during these times we must remember the importance 0f security updates and do our best to make sure our machines are up to date. If you have not updated your copy of Windows, you should take a moment to update it tonight.