Windows 10 update season is here, and users across the world are keeping their fingers crossed that the latest patch won’t be as bad as some previous ones. In the past, Microsoft has released updates with zero-day vulnerabilities, glitches that deleted data, and security holes that worms and viruses could take advantage of. This time around, however, users have been hopeful that Microsoft finally listened and addressed the issue before launching the update to millions of computers.
Unfortunately, this doesn’t seem to be the case. The latest Patch Tuesday update from Microsoft has been identified by security experts to contain a number of zero-day exploits that hackers can easily seize upon. Even worse, it’s unlikely Microsoft will have a viable fix within the next few weeks.
We’ve previously recommended waiting on the latest Windows update until all the kinks were worked out. If you’ve already taken the plunge, we have details on the risks you could face, along with how to protect yourself until Microsoft updates their update.
What are the zero-day exploits in the latest Windows 10 patch?
Microsoft’s latest Windows 10 patch was designed to fix several issues with the operating system, but the patch itself seems to have some problems of its own. A security researcher (in other words, a hacker who finds bugs and gets paid for it) calling herself SandboxEscaper has posted an update to her blog outlining a critical vulnerability in how Windows handles its Task Scheduler.
For the exploit to work, a hacker would need to break into your computer first. Surprisingly, this doesn’t immediately grant hackers access to all of your data, since a new user would lack the “administrator privileges” needed to do so.
This exploit, however, uses a flaw in Windows Task Scheduler to allow hackers to update their accounts to administrator status — giving them complete access to all data and settings on your computer.
The most unnerving part of all this is the way SandBoxEscaper is handling her discover. She claims to despise “The West,” America in particular, and is offering to sell her findings to anyone with an ax to grind against the U.S.
This includes adversary nation-states, hackers, and cybercriminals on the run from U.S. law enforcement. Microsoft’s “bug bounties” for exploits tend to pay generously, so this move seems politically motivated on the researcher’s part.
How can I protect myself from this new exploit?
Right now, the exploit has not been formally named or addressed by Microsoft, so your routes of protection will not involve them. If you’re waiting to update your system, continue to do so until the next patch for Windows is released. That way, you’ll be able to skip the problematic update and dive right into the latest version.
If you’ve already updated your computer, chances are Microsoft won’t have a fix for the issue for several weeks. Your best bet for the time being is to make sure your antivirus software is as up-to-date as possible. Perform regular scans so any viruses that can pose a danger are removed from your computer.
Most important of all, you’ll want to exercise extreme caution when browsing the internet. Straying from the beaten path can sometimes lead you to exploitative websites that can infect your computer or trick you into giving up personal information.
By refusing to offer this data, sticking to familiar websites, and avoiding strange downloads, you’ll be able to keep yourself safe enough until Microsoft drops its latest patch.
That being said, one must wonder if that update will be vulnerable too. At this point, it’s just another waiting game for PC users until the next big release.