Microsoft has just discovered two important security flaws that affect both its Windows 10 operating system and the Outlook email client, and we have given you all the steps so that you can apply the patch before it is too late.
Microsoft has just discovered a major security hole in the Windows 10 operating system that would affect both the behavior of the system itself and more specifically the Outlook mail client.
The National Institute of Cybersecurity (INCIBE), dependent on the Ministry of Economy, has echoed the security failure reported by Microsoft and advises all customers with Windows 10 operating system to update their computer with the new security patches that already are available.
INCIBE rates these security holes as critical with the importance of 5/5 and they would be affecting both the ICMPv6 protocol of Windows and Microsoft’s Outlook mail client. These vulnerabilities would allow an external attacker to execute malicious code on our device remotely, or through a malicious file if they attack us from the email client.
As explained from INCIBE, the specific security failure of Windows 10 “is due to inadequate management of ICMPv6 packages” and cybercriminals who successfully exploit the vulnerability could run malicious software on the remotely attacked device. To do this, the cybercriminal should send malicious ICMPv6 packets created specifically for the occasion, which can affect both the devices that act as servers and clients.
Regarding the security flaw in the Outlook mail client, INCIBE explains that “the problem is due to an incorrect handling of memory“. Unlike the previous one, full interaction is required from the target having to click on a link in a sent email or download a malicious attachment.
Depending on the level of permissions granted by the user, the attacker could compromise the entire system if he had administrator permission, or the attack would have less impact if the permission level were lower.
These are all affected versions of Windows 10:
- Windows 10 version 1709 for 32-bit, ARM64, x64 systems
- Windows 10 version 1803 for 32-bit, ARM64, x64 systems
- Windows 10 version 1809 for 32-bit, ARM64, x64 systems
- Windows 10 version 1903 for 32-bit, ARM64, x64 systems
- Windows 10 version 1909 for 32-bit, ARM64, x64 systems
- Windows 10 version 2004 for 32-bit, ARM64, x64 systems
- Windows Server 2019
- Windows Server 2019 (Server Core installation)
- Windows Server version 1903 (Server Core installation)
- Windows Server version 1909 (Server Core installation)
- Windows Server version 2004 (Server Core installation)
And all affected Outlook mail client versions:
- Microsoft 365 Apps Enterprise version for 32-bit and 64-bit systems
- Microsoft Office 2016 for 32-bit and 64-bit systems
- Microsoft Office 2019 for 32-bit and 64-bit systems
How to fix the security flaw
You can do it manually by entering the following two links and choosing the version of your operating system, downloading the patch and executing it:
- Windows 10 security bug fix (CVE-2020-16898 | Windows TCP/IP Remote Code Execution Vulnerability)
- Security bug fix with Outlook mail client (CVE-2020-16947 | Microsoft Outlook Remote Code Execution Vulnerability)
You can also go directly to Windows 10 updates through the operating system options, click on the “check for updates” button, and the system will automatically find the latest security patch that you must apply. It is likely that, depending on the configuration of your Windows 10, the whole process is automatic or you already have the patch applied.