Windows 8.1 Users Must Install Emergency Patch
Windows 8.1 users should make sure to install an emergency patch just released by Microsoft. The company rates the risk as critical based more on the potential consequences than the risk of exploitation.
The bug is patched with a security update that has the reference KB4578013. It affects all versions of Windows 8.1 along with Windows Server 2012. The bug doesn't affect Windows 10. In theory it could affect Windows 7 and earlier, but Microsoft no longer patches those systems as they are no longer supported. (Source: microsoft.com)
The fix comes in an "out of band security update", commonly known as an emergency patch. That's where a flaw is serious enough that Microsoft doesn't wait for the usual batch of security releases on the second Tuesday of the month. That implies attacker may already be exploiting the bug.
Remote Access Could Be Risk
The problem is with the Windows Remote Access service. That's a potentially very useful tool for users who want to access their main computer while away from home, or to fix a problem on the computer of a less tech-savvy friend or relative who doesn't live locally. It does however mean that any bug could be a significant security risk.
In this case, the bug could only be exploited by running an application on the victim's computer. That would likely involve scamming them into opening a file attachment or taking advantage of a browser security flaw and getting the user on to a booby-trapped web page.
While doing either of these wouldn't be easy, the reward is certainly there for attackers. Once the bug is exploited, the attacker could gain elevated privileges. That means that any future malware attacks could run with administrator rights, gaining greater access to the computer and in turn being able to do more damage on the machine.
Applying Fix Is Simple
The good news is that manually patching the bug (rather than waiting for any automated update) is straightforward. Users can download and install the fix from Microsoft via the Windows Update Catalog.
Once installed, the fix will work straight away without the need to restart the computer. (Source: bleepingcomputer.com)
What's Your Opinion?
Are you still using Windows 8.1? Should Microsoft contact users directly about emergency updates rather than rely on news sites and social media? Should users have the option to remove any remote access tools they don't use to remove a possible attack method?
My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in cyber crimes (sextortion / blackmail / tech support scams) with over 20 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).
Most popular articles
- Being Blackmailed for Money on Facebook? Here's What to Do
- Sextortion - What to Do (and What Not to Do)
- Which Processor is Better: Intel or AMD? - Explained
- How to Prevent Ransomware in 2018 - 10 Steps
- 5 Best Anti Ransomware Software Free
- How to Fix: Computer / Network Infected with Ransomware (10 Steps)
- How to Fix: Your Computer is Infected, Call This Number (Scam)
- Scammed by PC / Web Network Experts? Here's What to Do
- Explained: Do I need a VPN? Are VPNs Safe for Online Banking?
- Explained: VPN vs Proxy; What's the Difference?
- Forgot Password? How to: Reset Any Password: Windows Vista, 7, 8, 10
- How to: Use a Firewall to Block Full Screen Ads on Android
- Explained: Absolute Best way to Limit Data on Android
- Explained: Difference Between Dark Web, Deep Net, Darknet and More
- Explained: If I Reset Windows 10 will it Remove Malware?
