PC users, it's time to fire up Windows Update once again, and this time, you have Google to thank.
Last Monday (Oct. 31), Google decided to disclose a scary Windows problem that it thought Microsoft had taken too long to fix. (Google found the issue and reported it to Microsoft on Oct. 21, but the flaw was being actively used by hackers.) This month's Patch Tuesday security update, released today (Nov. 8) by Microsoft, fixes security issues that could give hackers control of your system.
In a blog post last week (Nov. 1), well before the fix was ready, Microsoft VP Terry Myerson attributed the ongoing attacks to the so-called Strontium hacker group, aka Fancy Bear, which is believed to be part of Russian military intelligence and is one of two Russian groups accused of hacking into the Democratic National Committee earlier this year.
Myerson noted the Strontium group "conducted a low-volume spear-phishing campaign" which "used two zero-day vulnerabilities in Adobe Flash and … Windows … to target a specific set of customers."
Adobe patched the problem on its end on October 26, but Microsoft waited until today to release the fix in this month's edition of the Patch Tuesday update. The update is available for systems running Windows 10, 7, 8.1 and Vista, so everyone needs to make sure this patch is applied now that it's available. Microsoft labelled the update as Important, so look out for that nomenclature to make sure you're getting the update.
While this patch should be enough to fight off the current known vulnerabilities, Microsoft is advising that users upgrade systems to Windows 10 to protect themselves against other variants of spear-phishing attacks. Myerson claimed that those using Microsoft's Edge browser were already protected from the "versions of this attack observed in the wild."
In that blog post released last week, Myerson complained about the early disclosure from Google, writing that its "decision to disclose these vulnerabilities before patches are broadly available and tested is disappointing, and puts customers at increased risk."
Google believed that customers were already facing enough risk without the update, as its announcement claimed the vulnerability "is being actively exploited."
So what can I do?
- First, make sure Flash is up to date.
- If you're using Windows 7, click the Start button, click Control Panel, click Windows Update, click Check for Updates and follow the subsequent instructions.
- Those on Windows 10 should click the Start button, click Settings, click Update & security, click Check for updates and follow the subsequent instructions.
- Windows 8.1 users should swipe in from the right edge of the screen, tap Settings, tap Change PC Settings, tap Update and Recovery, tap Windows Update and then tap Check now. Follow the subsequent instructions to install updates. Also, read how easier it is to update a Windows 10 system, and consider moving on from Windows 8.1
Windows 10 Security and Networking
- Use the Windows 10 Parental Controls
- Find Your MAC Address
- Turn Your Windows PC into a Wi-Fi Hotspot
- Password Protect a Folder
- Create a Guest Account in Windows 10
- Enable Windows Hello Fingerprint Login
- Set Up Windows Hello Facial Recognition
- How to Restrict Cortana's Ever-Present Listening in Windows 10
- Automatically Lock Your PC with Dynamic Lock
- Blacklist Non-Windows Store Apps
- Find Saved Wi-Fi Passwords
- Set Up a Metered Internet Connection
- Use Find My Device
- Stream XBox One Games
- All Windows 10 Tips
- Map a Network Drive
- Create Limited User Accounts
- Set Time Limits for Kids
- Pin People to Your Taskbar