This morning, Microsoft has kept its promise and delivered a vulnerability patch for its Windows operating system, for a flaw which allowed attackers to gain full control of a targeted system. Releasing the details in a security bulletin, the company said the flaw in Windows kernel "could allow elevation of privilege if an attack logs onto an affected system and runs a specially crafted application that could exploit the vulnerabilities."
Once an attacker gains control of the system, he can install other malicious applications which would allow even easier access, eliminating the need for the original flaw. "To exploit the vulnerabilities, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerabilities and take control of an affected system.
The update addresses the vulnerabilities by correcting how the Windows kernel-mode driver handles objects in memory,” it says in the bulletin. The 'important' patch, named 'MS16-135', is currently available for Windows 7, 8.1, Windows 10 and all Windows Server versions from 2008 to 2016. One of the biggest contributors to the vast number of cyberattacks against both individuals and companies is an outdated operating system, or application.
Besides having a quality cybersecurity solution in place, and having healthy online habits, it is important for everyone to keep their software up to date, to protect from different flaws, vulnerabilities, viruses and other malware.
Image Credit: StockStudio / Shutterstock