Jump directly to the content
DANGER ZONE

Urgent warning for millions issued by Microsoft over ‘critical’ danger – act now

WINDOWS users have been urged to update their machines after Microsoft upgraded the threat level of one bug to "critical".

Experts say it could be worse than the hugely damaging cyberattack that hit the NHS a few years ago.

Update your machine if you haven't for a while
1
Update your machine if you haven't for a whileCredit: Alamy

The loophole allows hackers to remotely unleash malicious code onto your devices.

Worryingly, it doesn't need you to do anything to take hold either.

Nerds at IBM warn that the vulnerability has a "broader scope" than EternalBlue, which was used in the WannaCry ransomware of May 2017.

WannaCry locked thousands of devices in hospitals across the UK and forced doctors to turn away some non-critical emergencies amid the chaos.

Read more about Microsoft

The latest flaw could "potentially affect a wider range of Windows systems", the firm said.

It impacts all PCs using Windows 7 and newer.

Thankfully a patch was made available by Microsoft in September.

Back then it was only rated an "important" fix.

The tech giant believed at the time that the issue only allowed cyber crooks to get hold of some sensitive information.

But on December 13 they escalated it to "critical".

You should have updates switched on automatically to keep your devices safe.

If you don't, you should run an update immediately.

The flaw - officially known as CVE-2022-37958 - is thought to be wormable too.

This means it can replicate itself across a network, spreading to other machines.

"We strongly recommend that users and administrators apply the patch immediately to protect against all potential attack vectors," IBM Security X-Force Red said.

"The fix is included in September 2022 security updates and impacts all systems Windows 7 and newer."

READ MORE SUN STORIES

Valentina Palmiotti, the IBM security researcher who found it, told : "While EternalBlue was an 0-Day, luckily this is an N-Day with a 3 month patching lead time.

"As we've seen with other major vulnerabilities over the years, such as MS17-010 which was exploited with EternalBlue, some organizations have been slow deploying patches for several months or lack an accurate inventory of systems exposed to the internet and miss patching systems altogether."

Best Phone and Gadget tips and hacks

Looking for tips and hacks for your phone? Want to find those secret features within social media apps? We have you covered...

Get all the latest WhatsApp, Instagram, Facebook and other tech gadget stories here.



We pay for your stories! Do you have a story for The Sun Online Tech & Science team? Email us at [email protected]


Topics