There is now no indication that the flaw is already being exploited, but Microsoft said it is "highly likely" that malicious actors will soon write an exploit to incorporate it into malware. However, affected systems are still vulnerable to Remote Code Execution (RCE) exploitation if any attacker somehow has valid credentials. "In other words, the vulnerability is 'wormable, ' meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017". "It is critically important for organizations and system administrators to apply patches as soon as possible to reduce their risk of compromise".
Security updates for Microsoft Edge, Windows Scripting, Windows applications platform and Frameworks, Windows graphics, Windows Media, Windows wireless networks, Windows kernel.
For highly likely, read absolutely certain: a malware propagation method like this is going to be appearing very soon since it's a low-priced, highly effective way of spamming out ransomware and trojans.
Windows phone handsets running Windows 10 Mobile received an operating system update today.
Windows 7, Windows 2008 and 2008 R2, are vulnerable, along with the even older and out of support Windows Server 2003 and XP variants.
In all Redmond put out fixes for 79 holes, 22 of them critical. The flaw was publicly disclosed and Microsoft says it's aware of exploits already happening in the wild.
Windows 7 and its server-based siblings naturally get patches for this, since those operating systems are officially supported until January 2020.
The researchers from the universities in Australia, the United States, Belgium, Austria and CSIRO's Data 61 unit noted that newer Coffee Lake Refresh i9 processors are ironically enough more vulnerable to Fallout compared to older parts, due to Intel's countermeasures against the earlier Meltdown speculative execution information leak flaw. These include CVE-2019-0725, a vulnerability in Windows Server's DHCP server.
Patches for a mammoth 84 flaws were released for Adobe Acrobat and Reader on Windows and MacOS, so head to APSB19-18 for details. Concerned customers should update to the latest builds of Citrix Workspace app, and Citrix Receiver for Windows. However, it has made fixes available for these systems as patch KB4500705.