Microsoft Enlist 120 ways Windows 10 users can get hacked!!
Microsoft TeamViewer recently released an emergency update for the application as a security researcher reveled high-risk vulnerability inside the application that let’s hacker to access “victim’s computer remotely and that too with ease”.
However, this time the scale of danger has went up as earlier today, Microsoft released its August 2020 batch of software security updates for all supported versions of its Windows operating systems and other products, all this to patch 120 newly discovered Windows 10 Vulnerabilities that could risk user data.
Yes, Microsoft today enlisted 120 innocent ways a windows user can get hacked easily, however, for that you don’t need to panic as you can get rid of them by updating the version of Windows. Out of 120 discovered vulnerabilities, 17 are the critical ones and the rest of them are in high severity.
New flaws put you in risk in different ways
First thing first, we aren’t going to discuss all 120 vulnerabilities here, however we can summarize it for you the entirety of those vulnerabilities. In a nutshell, the Microsoft Windows 10 Operating system installed on your windows can become a risk for you in following ways if you don’t update it now..
- You can get hacked if you play video – As there is a flaw in Microsoft Media Foundation and Windows Codecs.
- You can get hacked if you play music – Once again thanks to the flaw in Microsoft Media Foundation.
- While browsing website – Well yeah, because.. Internet explorer.
- While editing HTML page – Thanks to MSHTM Engine flaw.
- When you’re reading a PDF – As there is a flaw in Microsoft’s edge PDF Reader.
- While you’re reading Email – Yes, you guessed it right, its MS Outlook.
If you want entire list check Microsoft Website – Security Advisories by Microsoft.
Update your Microsoft Windows 10 immediately!
Microsoft has urged its users to update their Windows 10, if the auto-update has not kicked in yet because, according to Microsoft, two security flaws or vulnerabilities have been reportedly exploited by the hackers and out of which one was publicly known at the time of release.
One of the “Zero-day” Vulnerability is under active attack, the vulnerability is a “Remote code” execution bug that resides in the file called “jscript9.dll” which is by default used by all the versions of Internet Explorer, ever since the release of Internet Explorer 09.
The vulnerability was actively spotted by Kasperkey and was tracked as ” CVE-2020-1380” and was reportedly informed to Microsoft. It was deemed as a critical flaw because, it resides in Internet Explorer which by default comes with Windows 10 even today as an Important component.
What did the Kasperkey researchers said?
The security researchers from Kasperkey said, the vulnerability resides in JScript has the ability to corrupt the dynamic memory of Internet explorer in such a way that it allows the hacker to remotely execute a code in context of current user. Meaning, if a user is logged in with the administrative privileges then the attacker can exploit this vulnerability to gain the entire control of the system, as an admin and lock the user out simultaneously.
Also, Microsoft mentioned in its advisory, that the attacker is also capable of embedding an ActiveX control marked “safe for initialization” in an application or Microsoft Office document that hosts the Internet Explorer rendering engine.
Kasperkey on its blog gave a proof-of-concept code that is able to exploit the vulnerability residing in “Jscript9.dll” file.
As it was the part of “Operation Powerfall”.
The second vulnerability which as tracked as ” CVE-2020-1464 ” and is exploited actively right now that resides in Windows incorrectly validates file signatures. Its a spoofing bug/vulnerability which allows the attackers to load improperly signed files by bypassing security features intended to prevent incorrectly signed files from being loaded.
Also, the list includes a critical patch resulting in privilege escalation affecting NetLogon for Windows Server editions, where the RPC service serves as a domain controller. The vulnerability is tracked as “CVE-2020-1472” which allows the attackers with malicious intent to use Netlogon Remote Protocol (MS-NRPC) to connect to a Domain Controller (DC) and obtain administrative privilege to run malicious applications on a victim’s device and the other devices on the network as well.
Microsoft Advice – What to do to secure yourself?
As mentioned earlier in this article you only have to update your Windows 10 version especially, Microsoft has urged, Home users and Server Administrators to immediately update to avoid the hackers taking over the system.
If you don’t know how you can update the version of Windows 10 operating system, follow the steps below:-
- First click on start and go to settings.
- Once you’re in the settings select the option called “Update & Security”.
- Click on “Check for updates”.
- If updates are available then click on “Download” or the update will start automatically.