However, Microsoft still urges everyone not to postpone the security patches, as the flaw is still quite potent. It allows unauthenticated attackers to execute arbitrary code, remotely, without much user interaction. To exploit it, a malicious actor would need to craft, and send, a specifically designed packet to the Windows server that uses the vulnerable HTTP Protocol Stack.
The lucky break is that Windows Server and Windows 10 v. Explaining the flaw and how it works, Microsoft says this registry key needs to be configured on vulnerable operating systems for the flaw to work:. Microsoft noted that most companies are probably secure, as they rarely rush to install the latest Windows versions on their endpoints.
Home users, on the other hand, should be careful and make sure to apply the patch as soon as possible. Language supported English United States. Additional terms Worm Master privacy policy Terms of transaction. Seizure warnings Photosensitive seizure warning. Report this product Report this game to Microsoft Thanks for reporting your concern.
Our team will review it and, if necessary, take action. Sign in to report this game to Microsoft. Report this game to Microsoft. Report this game to Microsoft Potential violation Offensive content Child exploitation Malware or virus Privacy concerns Misleading app Poor performance. How you found the violation and any other useful info. Submit Cancel. System Requirements Minimum Your device must meet all minimum requirements to open this product OS Windows 10 version Recommended Your device should meet these requirements for the best experience OS Windows 10 version Open in new tab.
This isn't the first time Microsoft has had its own computers attacked when it failed to install software fixes. In , Microsoft was one of the victims of the I Love You virus, which exploited a known flaw in its Outlook e-mail program. But it's no surprise that many -- including Microsoft -- were vulnerable, said Bruce Schneier, chief technology officer with Counterpane Internet Security.
Network administrators are dealing with several software patches each week from Microsoft and other vendors, he said. He added that Microsoft needs to own up to problems with how it offers security fixes. It's very much like blaming the victim.
Although others contend software patches can be an effective way to provide security, Microsoft needs to make them easier, said Marc Maiffret, chief hacking officer of eEye Digital Security.
0コメント