Although many Windows users don’t have remote access capabilities on their home computers, business computers or people working remotely and connecting back to the office could be most affected, according to Michela Menting, a cybersecurity expert at ABI Research.
How big a deal is this?
Windows 10 runs on about about 1.3 billion devices worldwide, according to market research firm CCS Insight, so the magnitude of the vulnerability’s reach is massive. “This is a big deal because Windows 10 is the most popular desktop OS out there with over 75% market share,” Menting said.
Because Windows 10 is used by desktop computers as well as some servers, it could potentially enable hackers to infiltrate a network “very quickly” and get in “practically anywhere to find the most lucrative databases and systems,” Menting said.
Once Sangfor shared a proof-of-concept exploit code on the Microsoft-owned code hosting platform Github, it was copied by users before it was deleted.
How to download the patch
Menting said a buggy patch is in many ways like “years in cybercrime time,” adding it’s “highly likely” ransomware attacks or data theft could occur as a result. “There is no doubt that not every company will have updated their OS before attackers get in,” she said.
The big takeaway
Still, the incident serves as a reminder for both businesses and consumers to routinely update any kind of software to ensure impacted systems aren’t left exposed. For anyone who believes they could be at risk to a vulnerability or isn’t sure, Menting suggested disabling impacted functions until a company rolls out an official fix.