The software is also often used for support requests and covers a wide spectrum, from audio and internet to storage and update problems. For the attack to work, users must run a modified .diagcab file used for Windows troubleshooting. Because of this user interaction, Microsoft only classifies the problem as “important” and not as a critical vulnerability.
An executable file is then added to the autostart, which then runs automatically the next time you reboot and can carry out any actions on the infected computer. For example, password theft, branching off of any files or recording of data traffic would be conceivable. According to Microsoft, all current Windows versions are affected. Users should therefore react in good time and import the updates provided.