Intel and Microsoft have both released security updates for major vulnerabilities in their respective products, urging users to install the fixes sooner rather than later.
Microsoft's traditional Patch Tuesday release cycle saw a bumper crop of security updates released this week, a whopping 29 of which were rated as critical in severity according to the company's own ranking system. The most concerning of these are variants of a Remote Desktop Services (RDS) vulnerability originally fixed via emergency out-of-band patches in May this year following the discovery that the vulnerability was remotely exploitable and could be used to spread a worm-like malware.
Now, the same vulnerability - since dubbed 'BlueKeep' - is back in variants which affect Windows 7 Service Pack 1, Windows 8.1, Windows 10 mainstream and server releases, Windows Server 2008 R2 Service Pack 1, Windows Server 2012, and Windows Server 2012 R2.
The vulnerabilities are serious: Using nothing more than a network connection to the target system, they can be exploited without any user interaction to execute arbitrary code, even to the point of being able to use the machine to execute further attacks or to create full user accounts for future exploitation.
Intel, meanwhile, has released a brace of updates for its own products, including another firmware patch for selected models in its Next Unit of Computing (NUC) small form factor range to close a security hole which allows for privilege escalation, denial of service, and information disclosure attacks. The company has also fixed a vulnerability with similar impact in its Processor Identification Utility for Windows, a privilege escalation vulnerability in its Driver & Support Assistant, another privilege escalation vulnerability in its Authenticate software, yet another in its Remote Displays Software Development Kit, and a more severe escalation of privilege, denial of service, and information disclosure bug in its Computing Improvement Programme software. The company has also warned of an information disclosure vulnerability in its RAID Web Console 2 software, but no patch will be released: Instead, Intel is recommending that users uninstall the software altogether.
Those eager to patch their Windows system against Microsoft's vulnerabilities can install the fixes through Windows Update now; Intel's software patches, meanwhile, require manual installation using the above links.
November 22 2019 | 13:00