Microsoft Pushes Out Emergency Windows Patch: Update Now

Microsoft has pushed out an out-of-band, i.e. emergency, update to all Windows users to resolve a serious security flaw in Internet Explorer -- and the printing problem that was caused by the first version of the same security fix.

The company initially released the fix for the Internet Explorer vulnerability on Sept. 23. But it had to be manually downloaded and installed, and the instructions Microsoft included to do so, if you could even find them, were pretty confusing to anyone who wasn't an IT administrator. 

By contrast, the patch released yesterday (Oct. 3) is available through the regular Windows Update channel, which means the machine will download and install it for you as soon as you let it. 

"We recommend that you install this update as soon as a possible and restart your PC to fully apply the mitigations," Microsoft said in yesterday's advisory.

How to update now

To make sure you get the update, go to the Control Panel in Windows 7 through 10 and find the Windows Update icon (in Windows 10, type "control panel" into the search field on the bottom left of the screen), or click the Windows icon in Windows 10, select the gear icon for Settings and click Update & Security. 

Check for updates to see if there's anything outstanding. If you're unsure whether you have this latest update, go into Update History and see if there's an entry for KB4524147 dated Oct. 3 or later.

While you're at it, decide whether you want updates to download and install automatically, download automatically but wait for your authorization to install, or do nothing until you manually check for updates.

Flaw actively being attacked

Not many details are available about the Internet Explorer vulnerability being fixed, but the flaw is being exploited in the wild by an undisclosed adversary. The flaw was discovered by Google researchers and apparently permits remote code execution. 

An attacker could use a malicious crafted web page to reach out over the internet to install and run malware on your PC, but only if you are running Internet Explorer in an administrator account with full software-modification privileges. 

For precisely, such reasons, we at Tom's Guide recommend that you perform day-to-day computing tasks in a limited account that cannot install or modify most software. We also recommend avoiding Internet Explorer, as it is still the most attacked browser despite its dwindling market share; Microsoft Edge is much better.

Microsoft's original, manual release of this patch on Sept. 23 appeared to cause printing problems, so the new, automatic version fixes those problems as well.

Microsoft's regular Patch Tuesday updates for October will arrive Oct. 8.

Image credit: Tom's Guide