Leave a comment

Microsoft security update you must install now!

Microsoft security update you must install now!
© Dennizn | Dreamstime.com

A few days ago, we reported about a newly revealed Microsoft Word zero-day flaw that affected all versions of Microsoft Word. The said bug can be used to secretly install malware, even on fully patched machines.

Microsoft said that a fix will be issued in this month's set of updates and patches, regularly scheduled for "Patch Tuesday" (the second Tuesday of each month is unofficially called Patch or Update Tuesday).

As promised, the patch was rolled out yesterday, together with fixes for 45 other vulnerabilities, including two other zero-day exploits. Yesterday also marked the end of the line for one of Microsoft's most reviled Windows versions.

Zero-day fixes

Aside from the fix for the Microsoft Word/Note Pad zero-day flaw (CVE-2015-0199), two other zero-days were fixed.

  • CVE-2017-0210 is a patch for an Internet Explorer elevation of privilege vulnerability that allowed an attacker to access information from one domain and inject it into another domain.
  • CVE-2017-2605 is more of a defensive measure against an Encapsulated PostScript filter vulnerability in Office. Instead of an actual patch for this zero-day flaw, this update merely turns off the EPS filter for now.

Vulnerabilities rated critical

Other patches are for critical vulnerabilities including fixes for Microsoft Edge, Hyper-V, Internet Explorer 9, 10, 11, Microsoft Office, various versions of Windows and Adobe Flash Player.

New look

This month also marks the debut of the new Microsoft Security Update Guide in lieu of the old Security Bulletin format.

Although this new portal has a search feature, compared to the old format, it takes more clicks to get the information for each update. Additionally, the patch details are no longer viewable on one page, grouped according to the issue. This is probably not a big deal for regular users but IT professionals may find this new system cumbersome.

End of Vista

In related news, as we warned you earlier, yesterday, April 11, marked the last day of support for Windows Vista. If you're still in this Windows version, it is recommended that you upgrade as soon as possible since there will be no more security patches or software updates for Vista as of April 12.

Windows 10 Creator's Update

For Windows 10 users, the big Creator's Update also started rolling out yesterday. This will bring a plethora of new features and improvements to Microsoft's latest operating system. Read more about it here.

How to update Windows

Most Windows machines are set to download and install updates automatically by default. If you haven't changed your automatic update settings then you should be fine.

But if you want to check, here's how:

Automatic Windows updates

 

On Windows 10, click Start (Windows logo), choose "Settings," select "Update & Security," then on the "Windows Update" section, click on "Advanced Options." (Note: the "Windows Update" section is also handy for showing you updates that are currently being downloaded or applied.) Under "Advanced Options," just make sure the drop down box is set to "Automatic."

If you have an older Windows 7 system, check out our tips on how to set up and check Windows Updates.

HUGE Windows 10 update finally rolls out! You'll love these exciting new features
Previous Happening Now

HUGE Windows 10 update finally rolls out! You'll love these exciting new features

Massive medical records breach leaves 918K seniors vulnerable
Next Happening Now

Massive medical records breach leaves 918K seniors vulnerable

View Comments ()