By BECKY RUTHERFORDRunning Windows 10 on your home PC? Make sure that you apply this month’s “Patch Tuesday” update release ASAP.
Why are users of Win 10 being urged to upgrade now? The updates include patches for four severe, “wormable” security exploits (CVE-2019-1181, CVE-2019-1182, CVE-2019-1222, and CVE-2019-122) that can let attackers spread malware with zero user interaction. These flaws are similar to the critical BlueKeep and WannaCry vulnerabilities that forced Microsoft to release rare, out of support patches for older versions of Windows.
These vulnerabilities are pre-authentication, and if exploited, an attacker could execute arbitrary code on the system, including installing programs, viewing, changing or deleting data, and more. They affect Remote Desktop Services and the Remote Desktop Protocol. These services are disabled by default, so most home users shouldn’t be vulnerable. If this is something that you use, it is even more important to make sure your PC is up to date.
Applying the updates will fix the issues and help to keep your Windows 10 machine secure. If you have your updates set to “automatic” they will likely download automatically, you may need to check your PC; it may need to reboot to apply them. Go to the search bar and type in “Windows Updates” and it will take you to this setting; you can check if you are up to date or not. You also might want to double-check that Remote Desktop is off, there’s no reason to run this service unless you need it, and it exposes you to extra risk. Search for “remote access” and select the “Allow remote access to your computer” option that appears. In the system properties pop-up after that, verify that “Allow remote assistance to this computer” is unchecked, and then click OK.
Microsoft updates are generally released every second Tuesday of the month, “Patch Tuesday”. Make sure that your system is set to install them automatically and keep your computer protected.
Editor’s note: Becky Rutherford works in information technology at Los Alamos National Laboratory.