Alert for Microsoft Windows users. Required Update

Microsoft Windows users are strongly advised to urgently apply this month’s update after a new attack was found in the wild targeting Windows 10 and Windows 11. An alarming new report warns that this new zero-day attack “is a prime example of how unsupported Windows software that should have met its requirements is an overlooked attack surface that can still be exploited by threat actors to infect unsuspecting users with ransomware, backdoors, or as a conduit for other kinds of malware.”

The “Internet Explorer” defunct browser has been identified as the vector of the attack. While most Windows users will assume the now-defunct browser has reached EndOfLife and been removed from their machines, it’s actually still there under the covers

According to a researcher at Statista, Windows occupied the largest market share of desktop operating systems in Nigeria as of January 2024. This reached 55.72 percent of the total share, followed by OS X and Linux. Private individuals and users spanning across large, medium, and small enterprises are advised to mandate an update as soon as possible. Recently, Microsoft’s July update advisory acknowledged likely exploits in the wild, and the US cyber agency (CISA) added it to the Known Exploited Vulnerabilities (KEV) catalogue.

To mitigate against the recent zero-day attack targeting Windows 10 and Windows 11 users, the following steps should be taken:

  1. Apply the Latest Update: Users should urgently apply the latest update from Microsoft, which includes a fix for the zero-day vulnerability. This update is crucial to protect against the exploit.
  2. Monitor User and System Access: Regularly monitor user and system access to detect any anomalous activities that could indicate an attack.
  3. Use Role-Based Access Control: If applicable, implement role-based access control to limit user privileges and access to only necessary systems and data.
  4. Use Endpoint Security Solutions: To enhance security, deploy endpoint security solutions, such as firewalls and network segmentation.
  5. Backup Data: Ensure the recovery of critical data in the event of a breach by regularly backing it up.
  6. Stay Current with Security Patches: Ensure all software, including third-party applications, is up-to-date with the latest security patches.
  7. Be Cautious with URL Files: Avoid opening URL files from untrusted sources, and be cautious when navigating through OS security warnings.
  8. Implement Network Segmentation: Segment your network to limit the spread of malware in case of an attack.
  9. Train Employees: Educate employees on identifying and avoiding social engineering attacks like phishing.
  10. Use Advanced Antivirus Tools: Utilise advanced antivirus tools with features like machine learning and behavioural detection to detect and prevent unknown threats.

Grow a security-first mindset and increase awareness. The human link still remains the weakest link in any standard security framework. By following the aforementioned steps, users can significantly reduce the risk of falling victim to this zero-day attack and other similar threats.

Leave a Reply

Your email address will not be published. Required fields are marked *