Windows 10 emergency update: US government just issued warning

1. Home
2. News
3. Security

Windows 10 emergency update: US regime just issued alarm

(Image credit: ymgerman / Shutterstock )

Microsoft late concluding week issued an emergency patch for Windows 10, prompting the U.South. Department of Homeland Security to issue its own alert urging owners of afflicted systems to run the update.

"Microsoft has released security updates to address remote code execution vulnerabilities affecting Windows Codecs Library and Visual Studio Code," wrote the DHS' Cybersecurity and Infrastructure Security Bureau (CISA) on Friday (Oct. 16). "An attacker could exploit these vulnerabilities to take control of an affected organisation."

• iPhone 12 review: Our verdict is in
• PS5 may not support this beloved PS4 game — merely in that location'southward a workaround
• Acer Swift 3X takes on MacBook Air with a whopping 17-60 minutes battery life

The flaws touch on computers on which users have installed either a High Efficiency Video Coding (HEVC) plug-in to play specially compressed videos (including 4K Blu-ray discs or videos shot on recent iPhones) or the Microsoft Visual Studio software-evolution program.

The default builds of Windows ten are non affected; the user must take installed at least ane of the affected Microsoft options.

If the HEVC plug-in was installed from the Windows Store, information technology should update itself. Otherwise, users should update the software manually. Likewise, Microsoft Visual Studio should too be updated manually.

How this hack works

Remote code execution (RCE) is when a hacker tin reach out beyond the internet and attack your machine. It's more serious than local lawmaking execution, where the assailant needs to have concrete admission to your computer.

In this example, there are two RCE vulnerabilities. According to Microsoft's ain security advisories, the showtime flaw affects the manner Windows ten handles video compression in HEVC and can be exploited by "a specially crafted image file" — i.e., a malicious image.

The other flaw exists in Visual Studio and tin be exploited "when a user is tricked into opening a malicious 'package.json' file."

Because exploiting either vulnerability requires some interaction from the user, even if it's merely to download a malicious file, the patches are rated as "Important" rather than "Critical."

Neither flaw had all the same been exploited in the wild equally of late last week, Microsoft said, and non enough details were disclosed to make exploitation easy to achieve. But crooks and hackers are likely taking apart the released patches to find out how to set on the vulnerabilities.

Paul Wagenseil is a senior editor at Tom'due south Guide focused on security and privacy. He has likewise been a dishwasher, fry cook, long-haul commuter, code monkey and video editor. He'southward been rooting around in the information-security space for more xv years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom'due south Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random Boob tube news spots and even moderated a console discussion at the CEDIA home-engineering conference. You can follow his rants on Twitter at @snd_wagenseil.

Source: https://www.tomsguide.com/news/microsoft-dhs-emergency-patch-warning

Posted by: malonesulde1977.blogspot.com

Share this post