UPDATE WINDOWS NOW
Emergency security fix for ALL PCS
Microsoft
has been forced to issue its first emergency patch since November 2014 for a vulnerability in Windows that affected all versions from Vista to 10.
Normally, Microsoft releases security fixes on the second Tuesday of every month. The company’s decision to release a fix outside this schedule shows that it regards the flaw as extremely serious.
All Windows users should check that they have Windows Update switched on to make sure they receive the fix - follow Microsoft’s instructions at www.snipca.com/17422. If it is switched on, you should have received the update automatically.
If the option to update automatically isn’t selected, click it, then restart your computer.
Microsoft acted after a flaw was found in the way Windows handles fonts. Hackers would have been able to exploit it to take remote control of victims’ computers after tricking them into opening infected email attachments or visiting malicious websites.
Once hackers have control, Microsoft said, they’d be able to “install programs; view, change, or delete data; or create new accounts with full user rights”.
In its Security Bulletin announcing the fix (MS15078, www.snipca.com/17421), Microsoft said it had no evidence that the flaw had been used to attack Windows users.
However Microsoft’s decision to issue an emergency patch indicates that it thought was an attack was imminent.
XP also at risk
Given that the flaw affects every currently supported version of Windows, it’s highly likely that XP is also affected. Users of Windows XP systems will therefore remain vulnerable to the attack.
Researchers at security companies Fireeye and Trend Micro detected the flaw after scouring files from Italian software firm Hacking Team, which were leaked online in July (see News, Issue 454).
It was also spotted by experts from Google’s Project Zero, which is a team of security analysts that look for zero-day exploits. These are flaws that are unknown to the software developer responsible for the vulnerable program – in this case, Microsoft.