Microsoft Patches Critical Windows 10 Bug: Update Now
Here's one less thing you shouldn't have to worry about this week: hackers remotely taking over your computer.
Microsoft yesterday (Aug. 13) released a new round of security updates that address multiple bugs. The biggest offenders, two weaknesses within Microsoft's Remote Desktop Service, allow for systems to be exploited remotely without any authentication or user interaction. These bugs not only affected all users of Windows 10, but also Windows 7, 8.1, Windows Server 2008 (R2 SP1), and Windows Server 2012.
These Remote Desktop Protocol flaws are "wormable," meaning that an attacker might be able to craft malware that could spread from one machine to another on its own, without any human intervention at all. There's no evidence that anyone has exploited either of these flaws yet, but now that they are public, someone probably will within a few days.
While the range of machines affected is quite long, Windows XP, Windows Server 2003 and Windows Server 2008 are not exploitable by the vulnerabilities, according to Microsoft. If the updates aren't applied automatically, you should install them manually as soon as possible by going into Settings and/or Control Panel and looking for Updates or Windows Update.
It's best to update your systems immediately than risk becoming a victim. While the two Remote Desktop bugs are of high priority, they join a list of 91 other software fixes this month.
There's one caveat: If you're running Norton/Symantec antivirus software on Windows 7 or Windows Server 2008, you won't be able to get the August security patches quite yet. That's because Symantec doesn't support the SHA-2 encryption algorithm on Windows 7 or Server 2008, and Microsoft has now moved exclusively to SHA-2 to digitally "sign" its software updates.
Symantec, to its discredit, has had six months to prepare for this day, which Microsoft announced back in February. Symantec said in a blog posting today that "an upcoming version of Symantec Endpoint Protection" would support SHA-2, although it didn't say when we could expect that, or whether Norton antivirus software (Symantec's consumer line) will get the update too.
Image credit: Ivan Afanasev/Shutterstock