Windows 7 Exploit in the Wild

Windows 7 Exploit in the Wild

Microsoft has officially released a patch update to Windows 7, Windows 8, Windows 10, Windows Server 2008, 2012, 2016, 2019 to address an exploit that allowed an attack to take full control of your machine.

The vulnerability used a well-known attack HMValidateHandle to bypass security and allow the attacker to download a script from https//pastebin.com that would then run and allow the user full control of any 64-bit Windows machine.

This security patch comes with Windows 7 becoming end of life soon, showing why it is important to always keep your machine up to date, patched, and on an operating system supported by the manufacturer. After January of 2020 Windows 7 will no longer be supported meaning critical updates like this will no longer be fixed by Microsoft.

You can read more about the vulnerability here: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0859