14 DAY TRIAL // Microsoft rolled out a total of 12 security updates on this month’s Patch Tuesday, and five of them were rated as critical, but one of those labeled as important can be considered at least as critical as the others.
MS15-100 is an update supposed to address a vulnerability in Windows Media Center, which, according to Microsoft, has never been exploited by attackers.
But what’s worse is that this is one of the exploits found in the Hacking Team leak, which means that, unless you patch your computer as soon as possible, you might be vulnerable to attacks.
Security company Trend Micro was the one to discover the exploit and contacted Microsoft to patch Windows Media Center. According to their information, the found exploit works perfectly fine on the latest version of Windows Media Center.
How the exploit works
Basically, a cybercriminal who wants to take advantage of this vulnerability has to convince the user to open a malicious file that contains code that can be used to get the same rights as the logged-in user. Obviously, the file might arrive via email, instant messaging, or even land on your computer when visiting specific websites, so you’d better stay away from links that you don’t know where they come from.
“Once the file is opened by the user, no further interaction is required,” Trend Micro says, while also adding that it’s extremely easy to create a malicious Windows Media Center file.
“It should be noted that the Windows Media Center file extension is .MCL. We found that it is easy to create .MCL files using Notepad. For example, we created a .MCL file that contained instructions that will launch the computer’s calculator.”
Trend Micro warns that cybercriminals could try to exploit the vulnerabilities because it has been out for more than one month, so you are highly recommended to patch your computer as soon as possible.
If patching is not on your to-do list right now, make sure you avoid clicking any MCL files in the near future until you install the provided updates.