"These two vulnerabilities are also 'wormable, ' meaning that any future malware that exploits these could propagate from vulnerable computer to vulnerable computer without user interaction", Microsoft says in a blog.
Naturally, you'll want to patch these vulnerabilities as quickly as possible.
While Microsoft is "looking into" things, if you have an app or tools that rely on Visual Basic, your only option at the moment is to not install the August 2019 updates until the issue is resolved, or to uninstall the Windows updates if you're already getting problems.
Users of Remote Desktop Services are advised to apply the patch that was issued in May, and also to protect the system's Remote Desktop Protocol "listener". However, Windows Server 2003, Windows XP and Windows Server 2008 are not affected due to the flaws.
"However, affected systems are still vulnerable to Remote Code Execution (RCE) exploitation if the attacker has valid credentials that can be used to successfully authenticate", Pope said. For the last 4-5 years, however, Microsoft has made great strides in improving their Windows Defender software and, with regular updates, is one of the best out there.
Luckily, the remote desktop feature is disabled by default in Windows 10.
It appears that affected Windows systems are looking for SHA-1 in the update package and ignore SHA-2. Attackers can use them to create worms that spread like wildfire online. Microsoft has termed these vulnerabilities as wormable.
Microsoft has yet to acknowledge these installation issues, but some users have also been complaining about random reboot issues on Reddit.