Windows users urged to install latest security updates after discovery of 17 year old vulnerability


Windows users are being urged to install a vital security update recently released by Microsoft.

The update protects devices from a security vulnerability that had lay undiscovered for a staggering 17 years.

The vulnerability dubbed CVE-2017-11882, affects Microsoft Office and WordPad and can be used by hackers to spread a malware that can take control of a person’s computer.

The potent Cobalt malware is spread via emails which contain a Rich Text Document (RTF). Once opened, users are presented with a blank document with a message that reads Enable Editing.

However, this message only disguises the fact that the malware is being installed in the background and the infected PC is about to be hijacked.

The vulnerability affects all versions of Windows, namely Windows Vista, Windows 7, Windows 7, Windows 8.1 and Windows 10.

Microsoft revealed that it patched the vulnerability in its November security updates but it is feared that users running older versions of Windows or those who have not enabled automatic updates may have not yet installed the latest update.

Microsoft posted details of how the vulnerability works in its Security Tech Center:

“A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory.

“An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

“If the current user is logged on with administrative user rights, an attacker could take control of the affected system.

“An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”

“Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.”

The advice to users is to always make sure you have automatic updates enabled on your device to ensure that you are protected from security threats as soon as updates become available.

If you want to install the update manually you can download it here.

The news comes after Microsoft revealed that Windows 10 is now installed on 600 million monthly active devices.

Via: ZDNet



Comments are closed.