As scary as Heartbleed was this past spring, it looks like virtually every Microsoft Windows user is in for a little deja vu. Microsoft just released a critical patch for a huge server vulnerability—one that affects quite a few current versions of Windows out there.It only took me about a half hour to do it all in background while I was browsing around. Might as well deny our Russian and Chinese "friends" the easy opportunities.
As of now, Microsoft isn't aware of anyone actually taking advantage of this vulnerability, which allows "a remote code execution vulnerability... due to the improper processing of specially crafted packets." In other words, if an attacker modified packets in a particular way and attacked your machine, they may be able to execute whatever code they like remotely without an authorized an account. The attack appears to only affect those running a server on affected platforms.
You can head here for a list of every affected Windows machine. If you fall somewhere in that (pretty extensive) list, go get downloading.
Wednesday, November 12, 2014
PSA: Time for the Patch
Windows Has a Huge Vulnerabilty, Get the Patch Now