A security flaw that could let hackers into your computer has Microsoft issuing an emergency patch. If the patch isn't installed, hackers could remotely control your computer.
It's serious enough that the Department of Homeland Security is issuing its own advisory urging the public to get the patch. Making matters worse, hackers could also take control of servers.
Microsoft has had a series of security flaws this year. We'll tell you how the latest vulnerability can be exploited and what damage could it wreak. We'll also tell you how you can get the patch.
Update your device ASAP
In a rare move by the tech giant, Microsoft is telling users to download an “emergency” out-of-band security patch immediately. The patch is meant to close up a security flaw that can be exploited by hackers.
It's found in some versions of Internet Explorer. Specifically, the flaw could corrupt memory and allow a hacker to remotely run malicious code on an affected device and take it over.
A user could be infected by visiting a malicious web page or clicking on an email designed to exploit the vulnerability through Internet Explorer. That opens the door for attackers to execute malware to get into a computer. The flaw could also infect entire servers.
If a user has administrative rights, a hacker who has successfully exploited the vulnerability could take control of an affected system and install programs, view, change or delete data. They could even create new accounts with full user rights.
Microsoft rarely issues emergency patches outside of Patch Tuesday, which is the second Tuesday of each month. If you're wondering how serious this vulnerability is, Homeland Security has also issued an advisory telling users to download the patch immediately.
The vulnerability was discovered by Google’s Threat Analysis Group.
Who's at risk
Luckily, attacks can be contained because the number of vulnerable users is not large. The security flaw affects more than 7% of all browser users running affected versions of Internet Explorer 9, 10 and 11.
However, because it affects a series of Internet Explorer versions, a number of operating systems can be at risk as well. Certain supported versions of Windows are affected. This includes Windows 7, and Windows 8.1. The flaw also affects several Windows Server versions.
The patch has to be manually downloaded and executed. You can find the patch here. From the list, choose the update that corresponds with the versions of Internet Explorer and Windows that you are running.
There are reports that the flaw has already been exploited "in the wild," but Microsoft is not providing any details. Meanwhile, Microsoft also issued an advisory that it had already fixed a flaw in another program.
This flaw was found in the built-in malware scanner Windows Defender. Exploitation of the flaw could have created denial-of-service conditions that would have resulted in Windows Defender not working.
Microsoft has been having several rough weeks, most of them due to Windows 10. Last week alone, the company released updates that broke many Windows 10 features including its own anti-virus protection program.
PC problems? We've got you covered with Kim's NEW weekly Windows Scoop newsletter, designed to help you master your Windows gadgets. Get it straight to your inbox for free, and learn about the latest Windows updates and security tips!
All the ways you can get Microsoft Office for free
The Microsoft Office Suite — Word, Excel, Powerpoint, Outlook, OneNote, Access, and Publisher — is the standard when it comes to digital office software. It set the precedent of what organizational and presentational software should be and continues to be the software set you need most for basic computer and work tasks. Sadly, it’s now also very expensive, but we know some ways you can get Microsoft Office for free.