Install Windows Updates now to avoid being exploited
Microsoft today released a monthly collection of security updates that address vulnerabilities in Windows, Office, Silverlight, Windows Server, Internet Explorer and Edge. Three of the vulnerabilities patched in this update were part of the same group of vulnerabilities stolen from the NSA and exploited to spread the WanaCry ransomware last month.
Due to what Microsoft describes as “an assessment of the current threat landscape” and a “heightened risk of exploitation” they have also released security updates for older, usually unsupported platforms, such as Windows XP. Read the Microsoft Security Advisory guidance for these updates.
What to do now
If these updates haven’t been installed automatically on your Windows computers already, or if you postponed the installation when prompted, install them now.
Note: If you have automatic updates enabled and are using a supported platform such as Windows 7, Windows 8.1 or Windows 10 you should not need to take additional action. Read the guidance from Microsoft for these platforms.
Important: If you are using an older, unsupported platform, such as Windows XP, Vista, Windows 8 or Windows Server 2003, use this guidance to manually download and install the relevant security update. Ideally update your system to use a currently supported version of Windows.
Security updates fix vulnerabilities or weaknesses in computer systems that attackers may try to use to gain unauthorised access or to perform other malicious activity.
Several of the vulnerabilities addressed by this update are ranked ‘critical’ and could potentially allow an attacker to gain control of an affected system.
In related news, security researchers from SophosLabs have just published research detailing how quickly new Microsoft Office vulnerabilities are exploited by criminals after they become public. Their research illustrates just how important it is to install updates as soon as they become available.
Windows Update provides the latest security and other important updates from Microsoft automatically for supported platforms (including updates for Microsoft Office, Internet Explorer and Edge). Automatic updates are turned on by default in Windows 10, and you can switch automatic updates on for Windows 7 and 8.1. Refer to Windows Update for information on how to do this.
If you are using an older, unsupported version of Windows, such as Vista or XP, we strongly recommend updating to a more recent, and more importantly, supported version. Supported versions of Windows receive free regular security updates that are necessary to keep you safe online.
Stay Smart Online has more information on updating software, including how to automate updates.
The information provided here is of a general nature. Everyone’s circumstances are different. If you require specific advice you should contact your local technical support provider.
Thank you to those subscribers who have provided feedback to our Alerts and Newsletters. We are very interested in your feedback and where possible take on board your suggestions or requests.
Disclaimer This information has been prepared by the Attorney General’s Department (‘the Department’). It was accurate and up to date at the time of publishing. This information is general information only and is intended for use by private individuals and small to medium sized businesses. If you are concerned about a specific cyber security issue you should seek professional advice.
The Commonwealth and all other persons associated with this advisory accept no liability for any damage, loss or expense incurred as a result of the provision of this information, whether by way of negligence or otherwise.
Nothing in this information (including the listing of a person or organisation or links to other web sites) should be taken as an endorsement of a particular product or service. Please note that third party views or recommendations included in this information do not reflect the views of the Commonwealth, or indicate its commitment to a particular course of action. The Commonwealth also cannot verify the accuracy of any third party material included in this information.