Microsoft issues security update addressing critical vulnerability impacting Windows server services

Microsoft has released a security update to address a critical remote code execution vulnerability impacting multiple versions of Windows Server Update Services that was not fully eradicated by a previous update, according to the Cybersecurity and Infrastructure Security Agency. CISA urged organizations to implement all actions in Microsoft's guidance to mitigate the risk of cyberthreat actors obtaining remote access with system privileges. "Remote code execution vulnerabilities give an attacker the ability to take control of a victim's system completely," said Scott Gee, AHA deputy national advisor for cybersecurity and risk. "This is a serious issue that needs immediate attention for hospitals using the WSUS system." For more information on this or other cyber and risk issues, contact Gee at [email protected]. For the latest cyber and risk resources and threat intelligence, visit aha.org/cybersecurity.