Windows 10, 8.1 and 7 Users Endangered: How to Avoid the Latest Threat
Experienced Windows users know: there is rarely a month without a new breach or vulnerability found, and new security update rolled out on the issue. Lately, these warnings became so common that few take it seriously. And this generates another danger, the one of warning fatigue – the story of the boy cry wolf retold.
Well, the warnings are routine, but still should be taken seriously, like bomb warnings in anonymous calls. There has been an update that damaged Windows Defender in Windows 10. Not long before that Microsoft warned about an exploit that worms could use. It will be a long list, so let’s go back to today, as this time the wolf seems to really come. That is, the vulnerability recognized and confirmed by Microsoft is really serious. But still, not hopeless if you care.
The Zero-Day Vulnerability
What we have today is both good news and bad news. At least, Microsoft admits there is a problem and does something to fix it. But what’s the problem? And what can a regular user do about it?
Let’s start with the good news. There is a fix that covers the hole and removes the vulnerability. It was rolled out by Microsoft Security Response Center recently, and it’s solid enough to never bother about this particular threat again.
The bad news may seem nothing bad for experience users, but those not so familiar with the system can be perplexed, and it’s understood. Because the malware may already use the vulnerability and lock automatic update installs (or at least interfere with it to provide its own security), the update needs to be installed manually. Bet you haven’t done that for long, in our cloud-based antivirus era. The installer, though, is easy to find in the Microsoft Update Catalog and download from there, and then run.
Rolled out before the scheduled October update, this security patch is meant just to protect you from this threat. Run it manually, and the installer will guide you through the rest of the process. And remember to download it only from the official Microsoft resources.
It is also highly recommended to use Enhanced Security Configuration mode for Internet Explorer on Windows Server 2008/12/19 if you use this combination. This mode reduces the risk of the exploit being used against your privacy.
Details You May Find Excessive
What most of us need to know is that there is a potential sickness for your computer, and there is a pill you have to swallow to protect yourself (all of it digital, of course). But here is some information for those who need to know it because of technical interest or another sort of curiosity.
The vulnerability’s codename is CVE-2019-1367, and it is a “scripting engine memory corruption vulnerability”. This vulnerability could be used by cyber villains this way: they create a site with a certain script and send you a link to it. As you enter the site in your Internet Explorer, the script works, the memory corruption makes your data vulnerable, and the attacker can run arbitrary code on your PC. That means that, if your account is an administrator one, the villain can take over your computer completely. For example, they can remotely install malware, copy or delete your files, and even manage accounts, deleting some and creating others. There are some cases reported already, and we wish you don’t count in.
When it comes to scripts, there must be the software vulnerable to certain scripts, and this time it’s Internet Explorer 9 (it’s still alive on Windows Server 2008), 10 (on its successor, Windows Server 2012) and 11 (on any home version from 7 to 10, and on Server 2008/12/19).
No, it doesn’t mean you are safe on Chrome or Firefox. Internet Explorer is more than a browser: it’s an integral part of Windows, and its engine is home for many other apps you surely use as you run Windows. It adds much more to your safety if you don’t visit rogue sites at all, or at least check them with an anti-phishing service.
To install the updates as soon as you see them. Build your houses of bricks. And never let things go if there is a danger sign. Stay safe.