https://www.forbes.com/sites/daveywinder/2020/07/17/windows-updates-just-got-serious-you-have-24-hours-to-comply-homeland-security-tells-government-agencies-wormable-vulnerability-sigred/#33fbbaca6379
I noticed a lot of various computer updates recently, not just the monthly Microsoft one. Eg., Adobe, Dell, etc. I wondered if something like this had been found.
Davey Winder
Jul 17, 2020,06:54am EDT
The July 14 'Patch Tuesday' security updates rolled out by Microsoft included one particularly gnarly critical vulnerability. CVE-2020-1350 to be formal, or SIGRed as it has already become known, scored a "perfect" 10 under the Common Vulnerability Scoring System (CVSS) for good reasons: it's wormable, easy to exploit and likely to be exploited.
So likely to be exploited that the U.S. Department of Homeland Security, Cybersecurity and Infrastructure Security Agency (CISA) has issued an equally rare emergency directive giving government agencies just 24 hours to update Windows Server or apply other mitigations.
•••••
The wormable Windows vulnerability could enable attackers to gain full administrator rights on a network and achieve arbitrary code execution. Being wormable puts this vulnerability right up there in terms of criticality with WannaCry and NotPetya in that it has the potential to propagate without user interaction, and propagate very rapidly indeed.
•••••
No comments:
Post a Comment