For IT security experts, it was a memorable Tuesday: the story of the WhatsApp vulnerability, which could be exploited with a single call to install powerful spy software on any smartphone, went around the world. The discoverers of the Specter and Meltdown vulnerabilities in Intel chips demonstrated a related, but new attack. Adobe stuffed a patch equal to 83 vulnerabilities in Acrobat Reader, about 50 of which critical - which led experts to the remark that the software is really just a collection of vulnerabilities that can happen to represent PDF files.
And then Microsoft also released an extraordinary update, along with a haunting warning.
By Patch Tuesday, I meant Microsoft's one. Nobody cares about Adobe. Acrobat is basically a collection of vulnerabilities that somehow render PDFs.- MalwareTech (@MalwareTechBlog) May 14, 2019
No less than a new WannaCry disaster fears the company - almost exactly the second anniversary of the global ransomware epidemic. The warning: A newly discovered vulnerability affecting several older versions of Windows could be exploited to create a new computer worm. Which in turn could spread ransomware or other malicious software independently throughout the Internet - without the intervention of the affected users.
Exploit should be available in a few days
"While we have not yet seen the vulnerability exploited, it's highly likely that malicious actors will still do that," Microsoft's blog post said. And further: "Now that I have your attention, it is important that you update your systems as soon as possible to prevent this scenario." For this, Microsoft chose the unusual step of providing a corresponding update for versions of Windows that have not actually been supported and updated for years: Windows XP and Windows 2003.
There is also a security patch for Windows 7, Windows Server 2008, and Windows Server 2008 R2. Only customers using Windows 8 or Windows 10 are not affected.
How critical the vulnerability is, the first reactions show:
- The Federal Office for Information Security (BSI) has already warned the operators of critical infrastructures.
- In addition, the BSI warns that the vulnerability is "considered critical". "A scenario is conceivable, which is similar to the spread of WannaCry, in which an appropriately tailored malware can spread automatically over the Internet." Although it has not yet been possible to detect active exploitation of the vulnerability, "with the disclosure of the vulnerability, it can now be assumed that attackers are rapidly developing corresponding malicious software."
- Even the IT security company Kaspersky Lab assumes that there will already be an exploit within the next few days - a code that can exploit the vulnerability. Usually, criminals investigate software patches, in this case from Microsoft, and can then draw the necessary conclusions for a successful attack.
- It is estimated that between three and 16 million devices are currently vulnerable as long as they are not patched.
For comparison: WannaCry attacked within a few days about 200,000 computers and caused damage in the amount of at least several hundred million euros. The ransomware had paralyzed, inter alia, systems of Deutsche Bahn, British hospitals and the car manufacturer Renault.
Nevertheless, not all Microsoft customers have learned from the disaster. To date, according to a recent data analysis, about one million computers are not patched, they could still be attacked by WannaCry. And soon, possibly, new attack programs being developed right now.
They do not necessarily have to be designed for extortion. Laura Kankaala of Finnish IT security firm F-Secure told SPIEGEL: "This vulnerability can definitely be used for criminal activity, but not just for ransomware, so attackers have a whole host of ways to install malicious software and sensitive data from the affected computers and servers ".
Her colleague Artturi Lehtiö said: "WannaCry has led to heightened awareness of dangers, but whether it has led to concrete and lasting improvements remains to be seen, and perhaps we will see that in response to this new vulnerability."