Microsoft has changed the severity of three Preview Rollups for a vulnerability in the kernel of Windows 7, Windows 8.1 and Windows Server 2012, from optional to recommended. The result is that the updates will now be automatically installed. During this month's Patch Tuesday, Microsoft released updates for the kernel vulnerability but decided to withdraw them due to issues.
The vulnerability allowed an attacker who already has access to the system, to execute arbitrary code with kernel privileges, and gain full control over the system that way. Microsoft explains that when the attack is succesful, "an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights."
The vulnerability exists in all support Windows versions and Microsoft already released patches for the issues. Unfortunately, the updates for the leak caused issues on some systems which made the software giant to decide to withdraw them.
For users who had issues after installing the updates, an Alternate Cumulative Update for Windows 10 and a Standalone Update of Preview Rollup for older versions was released on the 18th of July. These packages can be downloaded through the Microsoft Update Catalog, WSUS or by manually searching for them in Windows Update.
In case of the Preview Rollups for Windows 7, Windows 8.1 and Windows Server 2012, Microsoft yesterday decided to change the severity from optional to recommend which means they are automatically installed when automatic updates are enabled.
