Windows 10 bugs are still rolling in and one of the latest security flaw that was discovered by Google has finally been patched by Microsoft.
While the vulnerability was tagged critical by Microsoft, the company says that it wasn’t pleased with how Google went about disclosing the vulnerability. The patch is now available for any Windows 10 user to apply and secure their systems.
Microsoft says that the vulnerability didn’t affect those users’ computers that already had Windows 10 Anniversary Update installed. Also, any attack that used this vulnerability would have been detected by Windows Defender Advanced Threat Protection. However, for those who didn’t have the requisite protection offered by the Anniversary Update, chances were high that the vulnerability could have been exploited by hackers and could have gained control of the victim PC and installed programs; view, change, or delete data; or create new accounts with full user rights.
After Google’s Threat Analysis Group reported their findings, Microsoft traced the activity to a hacker group it calls Strontium, which mostly dabbles in “low-volume spear-phishing”. According to Microsoft, Strontium has been linked with more zero-day exploits to their name than any other group in 2016. The group mostly targets government agencies, diplomatic institutions, and military organisations, along with defence contractors and public policy research institutes.
And owing to the risk involved, Microsoft’s Windows and Devices Group VP Terry Myerson believes coordinated vulnerability disclosure is better for customers. “Google’s decision to disclose these vulnerabilities before patches are broadly available and tested is disappointing, and puts customers at increased risk,” he added.
Now that Microsoft has a patch out, you should check the updates section to ensure you’re in the clear. And if you’re yet to update Adobe Flash, get on that pronto.