“With SYSTEM-level access, attackers could install programs, view, change, or delete data, or create new accounts with full user rights, compromising the security and integrity of corporate systems,” noted Mike Walters, president of patch management provider Action1.
Tyler Reguly, associate director of security R&D at Fortra, agreed. “While both vulnerabilities are rated Important by Microsoft and have CVSS (Common Vulnerability Scoring System) scores in the 7.x range, I would treat the Windows AFD for WinSock vulnerability as critical when it comes to patching, given that it has seen active exploitation,” he said in an interview.
This vulnerability has the potential to hit all three parts of the CIA (data confidentiality, integrity, and availability) triad, he added.
