Windows 8.1 Users Must Install Emergency Patch
Windows 8.1 users should make sure to install an emergency patch just released by Microsoft. The company rates the risk as critical based more on the potential consequences than the risk of exploitation.
The bug is patched with a security update that has the reference KB4578013. It affects all versions of Windows 8.1 along with Windows Server 2012. The bug doesn't affect Windows 10. In theory it could affect Windows 7 and earlier, but Microsoft no longer patches those systems as they are no longer supported. (Source: microsoft.com)
The fix comes in an "out of band security update", commonly known as an emergency patch. That's where a flaw is serious enough that Microsoft doesn't wait for the usual batch of security releases on the second Tuesday of the month. That implies attacker may already be exploiting the bug.
Remote Access Could Be Risk
The problem is with the Windows Remote Access service. That's a potentially very useful tool for users who want to access their main computer while away from home, or to fix a problem on the computer of a less tech-savvy friend or relative who doesn't live locally. It does however mean that any bug could be a significant security risk.
In this case, the bug could only be exploited by running an application on the victim's computer. That would likely involve scamming them into opening a file attachment or taking advantage of a browser security flaw and getting the user on to a booby-trapped web page.
While doing either of these wouldn't be easy, the reward is certainly there for attackers. Once the bug is exploited, the attacker could gain elevated privileges. That means that any future malware attacks could run with administrator rights, gaining greater access to the computer and in turn being able to do more damage on the machine.
Applying Fix Is Simple
The good news is that manually patching the bug (rather than waiting for any automated update) is straightforward. Users can download and install the fix from Microsoft via the Windows Update Catalog.
Once installed, the fix will work straight away without the need to restart the computer. (Source: bleepingcomputer.com)
What's Your Opinion?
Are you still using Windows 8.1? Should Microsoft contact users directly about emergency updates rather than rely on news sites and social media? Should users have the option to remove any remote access tools they don't use to remove a possible attack method?
I can help! Send me a message on the bottom left of the screen (using the Zopim Chat button), or click my picture to read more about how I can fix your computer over the Internet. Optionally you can read all about my credentials, here.
Most popular articles
- Being Blackmailed for Money on Facebook? Here's What to Do
- Which Processor is Better: Intel or AMD? - Explained
- How to Prevent Ransomware in 2018 - 10 Steps
- 5 Best Anti Ransomware Software Free
- How to Fix: Computer / Network Infected with Ransomware (10 Steps)
- How to Fix: Your Computer is Infected, Call This Number (Scam)
- Scammed by PC / Web Network Experts? Here's What to Do
- Explained: Do I need a VPN? Are VPNs Safe for Online Banking?
- Explained: VPN vs Proxy; What's the Difference?
- Forgot Password? How to: Reset Any Password: Windows Vista, 7, 8, 10
- How to: Use a Firewall to Block Full Screen Ads on Android
- Explained: Absolute Best way to Limit Data on Android
- Explained: Difference Between Dark Web, Deep Net, Darknet and More
- Explained: If I Reset Windows 10 will it Remove Malware?
Free Guide
