Critical Microsoft Vulnerabilities

Our friends at Microsoft have another severe vulnerability that could bring the internet to its knees.

It is essential that you STOP and PATCH your systems immediately!

It does not require the user to do anything to begin an exploit from using this vulnerability to move through the system.

CyberCriminals Love it!

 

All Intel Processors Made Since 2011 Are Vulnerable

Malware that exploits this vulnerability will worm its way through a vulnerable computer to other vulnerable machines. For some of these cybercriminals, developing a reliable exploit for this latest Windows vulnerability will require relatively little work.

I expect that we will see an exploit winding its way through networks in the next few days.

53% Use Unsupported Versions of Window OS

Over 53% of technology systems that manage factory production were running unsupported versions of windows that are affected by this vulnerability. Why? It is due to the difficulty of taking computers offline in mission-critical environments that operate continuously. Unfortunately, this is so bad that Microsoft took the unusual step of backporting the just-released patch for Windows 2003 and XP, which haven’t been supported in four and five years, respectively.

Update to the latest Windows OS

Customers running Windows 8 and Windows 10 are not affected by this vulnerability, and it is no coincidence that these later versions of Windows are unaffected.

That means if you are still using a vulnerable version of Windows, you should patch immediately, but the smarter long-term move is to upgrade to Windows 8 or 10 as soon as possible.

Lots of Vulnerabilities

Microsoft’s May 2019 Patch Tuesday patches over 75 vulnerabilities. Nineteen earned a CRITICAL classification. That means these nineteen vulnerabilities can be executed without any interaction by the user and are often self-propagating malware whose execution comes without warning or prompting such as browsing on a web page or merely opening an infected email.

You can find the Information on Patches at these links below:

Patch Release Notes

Prevents computer programs from stealing data from one another using a processor logic flaw.

Server customers will notice a reduction in performance, so Microsoft suggests that to get full protection, server administrators disable the Hyper-threading functionality that the attack exploits.

Windows Server DHCP Server vulnerability

Windows Server’s Remote Desktop Services Vulnerability

Allows malicious code to run even when not authenticated on the system.

Windows Server’s Windows Graphics Device Interface (GDI) Vulnerability

This vulnerability allows cyber attacker to run code from a file or malicious web site.

 

Browser Code Execution Vulnerabilities:

Patch CVE 2019-0911
Patch CVE 2019-0912
Patch CVE 2019-0914
Patch CVE 2019-0924
Patch CVE 2019-0925

These use flaws in the browser scripting engine, allowing increase privileges as the current user.

Patches for memory object access vulnerability

Microsoft Office Remote Code Vulnerability

This vulnerability allows hackers to run code as the targeted user tricking them into opening malicious files.

Patches for Adobe Flash remote code execution vulnerability

Patches for Adobe Media Encoder vulnerability

Patches for 84 different Adobe and Reader vulnerabilities

Malcare WordPress Security