The vulnerabilities were found during routine maintenance of Windows 10’s Remote Desktop Services
Microsoft is urging all Windows 10 users to update their operating system immediately after it discovered two critical security flaws in the software.
Described as “wormable” – meaning any future malware installed on the system could spread to other vulnerable computers without user interaction – the vulnerabilities were found during routine maintenance of Windows 10’s Remote Desktop Services.
As a result, Microsoft said there is no evidence to suggest these flaws had been spotted, or exploited, by third parties. However, now they have been disclosed, it is imperative that you update your system as soon as possible in case malicious parties now take advantage of it.
READ NEXT: Windows 10 review
The affected versions of Windows are Windows 7 SP1, Windows Server 2008 R2 SP1, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, and all supported versions of Windows 10, including server versions. Windows XP, Windows Server 2003, and Windows Server 2008 are not affected, nor is the Remote Desktop Protocol (RDP) itself. Windows 10 alone is estimated to be used by 800 million users, as of March 2019.
“It is important affected systems are patched as quickly as possible because of the elevated risks associated with wormable vulnerabilities like these, and downloads for these can be found in the Microsoft Security Update Guide,” said Microsoft’s director of Incident Response in the security notice.
Windows 10 users who have automatic updates enabled are automatically protected by these fixes. People with manual updates enabled, go to Start | Settings | Update Security | Windows Update, and then select Check for updates. If updates are available, install them. If the security update doesn’t appear, you can get it manually through the Update Assistant.