Warning to Windows users after security hole is found which leaves computers vulnerable to hackers despite TWO updates
A WARNING has been issued to Microsoft users after a new vulnerability was discovered that leaves them exposed to hackers.
Microsoft Windows 10 and Windows 11 users are urged to be on high alert after reports of a botched security update that failed to handle the threat.
The flaw had already been caught earlier this year but the fix Microsoft installed worsened the problem, according to Forbes, leaving a security hole in all major Windows versions.
The flawed fix is reportedly “more powerful than the original one” allowing hackers to take over computers.
Forbes said that the vulnerability has already been exploited by hackers.
"During our investigation, we looked at recent malware samples and were able to identify several that were already attempting to leverage the exploit," Cisco Talos' Head of Outreach Nick Biasini told BleepingComputer.
"Since the volume is low, this is likely people working with the proof of concept code or testing for future campaigns. This is just more evidence on how quickly adversaries work to weaponize a publicly available exploit."
Security researcher Abdelhamid Naceri publicly disclosed the vulnerability.
Most read in Tech
How to get Covid pass into Apple Wallet for new Omicron restrictions
Strangest sights on Google Earth – including a 'swastika' and a mystery pyramid
All you need to know about the asteroid skimming Earth's orbit today
Brits warned over dangerous fake NHS email that drains your bank account
He said that it bypasses the previous flaw, named CVE-2021-41379, which Microsoft thought it had patched in November.
Forbes reports that it "enables a hacker to elevate privileges allowing them to take over a computer and spread their attacks across the victim’s network."
According to Bleeping Computer, when exploited, the vulnerability gives the attacker system privileges on all up-to-date devices running the latest Windows releases.
These are the highest user rights available on Windows.
It makes it possible for the attacker to perform any operating system command.
Experts have warned that a Microsoft update may be the only fix to this new flaw.
"The best workaround available at the time of writing this is to wait for Microsoft to release a security patch, due to the complexity of this vulnerability," explained Naceri.
"Any attempt to patch the binary directly will break windows installer. So you better wait and see how Microsoft will screw the patch again."
MICROSOFT WORKING ON FIX
Microsoft has said it is aware of the vulnerability and is working to protect users.
“We are aware of the disclosure and will do what is necessary to keep our customers safe and protected," the company said in a statement to Bleeping Computer.
"An attacker using the methods described must already have access and the ability to run code on a target victim's machine."
Security platform 0patch is said to be working on a stop-gap fix to give Microsoft more time to solve the problem.
In other news, Android users are being warned to update their phone’s privacy settings after a new update could leave their devices vulnerable.
Samsung has killed off one of its most beloved smartphone ranges, according to reports.
And, a tech expert has revealed some exciting hidden Google features in a popular TikTok video.
We pay for your stories!
Do you have a story for The US Sun team?
Email us at firstname.lastname@example.org or call 212 416 4552.
like us on Facebook at www.facebook.com/TheSunUS and follow us from our main Twitter account at @TheSunUS
Source: Read Full Article