Leave a comment

Urgent Microsoft security updates you need to get now!

Urgent Microsoft security updates you need to get now!
© Dennizn | Dreamstime.com

Yesterday, we reported about the emergency patch Microsoft issued for what was described as the "worst Windows remote code exec (execution exploit) in recent memory." The severe vulnerability in Windows Defender would have allowed an attacker to take over an entire machine without user interaction.

Hours after this out-of-band emergency patch, Microsoft released its monthly "Patch Tuesday" updates.

Along with the Windows Defender remote code execution emergency patch (CVE-2017-0290), May's updates also include three other zero-day fixes. It's important that you update your Windows machines as soon as you can.

Note: Zero-day flaws are exploitable bugs that are previously unknown to the software maker.

Zero-day fixes

The first vulnerability (CVE-2017-0261) is a remote code bug that affects Microsoft Office. With this exploit, an attacker can send or trick victims into viewing a poisoned graphics file to take over their machines. Microsoft stated that they have received reports of limited targeted attacks using this flaw.

The next vulnerability (CVE-2017-0263) is an elevation of privilege flaw that allows any logged-in user to take control of a machine by running a specially crafted application. According to Microsoft, this flaw was exploited in the wild.

The third vulnerability (CVE-2017-0222) is another remote code execution weakness, this time in Internet Explorer. This flaw can be triggered with a specially crafted website causing Internet Explorer to improperly access objects in memory. Microsoft stated that this issue was also exploited in the wild.

Other updates

All in all, 57 vulnerabilities have been addressed in May's Microsoft updates. Sixteen of these are critical fixes and 41 are rated important.

Other important fixes involve cumulative security updates for

As always, this month's Adobe Flash Player patches are included as well, addressing seven security flaws.

How to update Windows

Most Windows machines are set to download and install updates automatically by default. If you haven't changed your automatic update settings then you should be fine.

But if you want to check, here's how:

Automatic Windows updates

 

On Windows 10, click Start (Windows logo), choose "Settings," select "Update & Security," then on the "Windows Update" section, click on "Advanced Options." (Note: the "Windows Update" section is also handy for showing you updates that are currently being downloaded or applied.) Under "Advanced Options," just make sure the drop down box is set to "Automatic."

If you have an older Vista or Windows 7 system, check out our tips on how to set up and check Windows Updates.

More must-read stories:

Worst Windows bug ever found - Your system is at risk without this patch

Intel chip flaw leaves tons of PCs wide open to hacks

Urgent malware warning issued for popular Mac app

Next Story
Worst Windows bug ever found - Your system is at risk without this patch
Previous Happening Now

Worst Windows bug ever found - Your system is at risk without this patch

How you can make $500K by creating the next Oreo flavor
Next Happening Now

How you can make $500K by creating the next Oreo flavor

View Comments ()