The BlueKeep vulnerability, discovered by the UK’s NCSC, is being exploited at scale in an attempt to install a cryptocurrency miner on unpatched Windows PCs.
Microsoft’s security team warns that the remote code execution vulnerabilities could be abused by malware to spread from computer to computer without requiring any user interaction. Patch your systems now!
Read more in my article on the Hot for Security blog.
I have this horrible feeling that the only way we’re going to wake the world up to the need to patch their ageing versions of Windows against the BlueKeep vulnerability is to wait until a malicious worm begins to spread around the world.
Prove me wrong. Patch now.
Microsoft issues warning to unpatched Windows users about worm risk, and how do you delete all traces of yourself off the internet after you murder your podcast co-host?
All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault.
This month’s Patch Tuesday bundle of updates from Microsoft included a fix for a critical vulnerability that has been actively exploited by at least one hacking gang in targeted attacks.
Read more in my article on the Tripwire State of Security blog.
Microsoft belatedly patches some vulnerabilities in Adobe Flash Player, but some zero-days in other software remain untouched for now.
You may think that it’s harmless enough to click on the “Send Error Report” button and send details of the crash to Microsoft, but recent revelations about NSA surveillance underline that there are risks.
And they are no laughing matter.
If you’re one of the many people still running Windows XP on your computer, be on your guard.