Jump to content

Windows 7 and XP are vulnerable to a major security exploit – so patch now


The AchieVer

Recommended Posts

The AchieVer

Windows 7 and XP are vulnerable to a major security exploit – so patch now

As well as other Microsoft operating systems

kExEad3yNfdKVXRBuEsmfc-1200-80.jpg
Image credit: Microsoft

 

Microsoft has put out a warning to those still using its Windows XP, Windows 7 or other early operating systems (OS), urging them to update their PCs with the latest security patch in order to prevent against a serious threat.

 

The computing giant has discovered a vulnerability in these earlier versions of its OS that's similar in nature to the devastating WannaCry ransomware that swept the globe in May, 2017 and continues to affect thousands of users.

 

The vulnerability is ‘wormable’, according to Microsoft, which means that no user interaction is required for their system to be exploited, and affected systems are capable of propagating the virus to other at-risk computers and networks around the world. 

 

How to patch

Microsoft has claimed that it has, as yet, “observed no exploitation of this vulnerability, [but] it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware”.

 

As such, the software heavyweight is urging that “affected systems are patched as quickly as possible to prevent such a scenario from happening”.

 

There are download links to the appropriate updates found at the foot of this page for those still using any of the following operating systems: Windows 7, Windows 2008 R2, Windows 2008, Windows 2003 orWindows XP.

 

Users running Windows 8 and Windows 10 aren’t at risk of this particular exploit, although it’s always wise to keep up to date with the latest security patches regardless.

 

 

 

Source

Link to comment
Share on other sites


  • Replies 4
  • Views 714
  • Created
  • Last Reply
The AchieVer

Microsoft Releases Monthly Updates KB4499164, KB4499151 for Windows 7 and 8.1

The May 2019 Patch Tuesday cycle brought new monthly rollups for Windows 7 and 8.1 devices, along with security-only updates that do not include any non-security fixes.

 

The May 2019 Patch Tuesday cycle brought new monthly rollups for Windows 7 and 8.1 devices, along with security-only updates that do not include any non-security fixes.

The Windows 7 monthly rollup is KB4499164, while the security-only update is KB4499175.

As per the official changelog, the Windows 7 update comes with a series of improvements, including patches for the Microarchitectural Data Sampling (MDS) flaw that was recently discovered. You can read more about this flaw in this article.

Additionally, the patch also resolves issues hitting Microsoft Excel when using certain fonts, as well as a bug preventing Visual Studio Simulator from starting.

Windows 7 monthly rollup comes with just a single issue that was there in the April release as well. Microsoft says that installing this update could break down McAfee security products, and the company claims it’s still investigating the bug with the security vendor.Windows 8.1 monthly rollupThe Windows 8.1 monthly rollup is  KB4499151, and it comes alongside security-only update KB4499165.

The same security patch for the MDS security vulnerability is included here, along with fixes for Error 1309 when installing MSI and MSP files on a virtual drive. Microsoft says it has also added uk.gov into the HTTP Strict Transport Security Top Level Domains (HSTS TLD) for its two current browsers, namely Internet Explorer and Microsoft Edge.

This time, there are three different issues in this monthly rollup, but they have previously been acknowledged as part of the April rollout.

There are no reports of failed installs so far, and everything seems to be working correctly on Windows 7 and 8.1. Windows 7 users should also keep in mind that this operating system is in its last year of support, as Microsoft will stop rolling out updates in January 2020.
 
 
 
Link to comment
Share on other sites


Good news: The “wormable” security hole in XP, 7, and related Servers, isn’t being exploited yet

If you’re running

  • Windows XP (including Embedded)
  • Windows Server 2003, Server 2003 Datacenter Edition
  • Windows 7
  • Windows Server 2008, Server 2008 R2

You still have time to install the May patches.

 

 

Source: Good news: The “wormable” security hole in XP, 7, and related Servers, isn’t being exploited yet (AskWoody - Woody Leonhard)

Link to comment
Share on other sites


There’s now a freely available proof of concept exploit for the “wormable” WinXP/Win7 bug

But it isn’t yet capable of inflicting damage

 

 

Source: There’s now a freely available proof of concept exploit for the “wormable” WinXP/Win7 bug (AskWoody - Woody Leonhard)

Link to comment
Share on other sites


Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...