Critical’ Windows bug prompts emergency warning from government
Have you updated Windows recently and experienced any new bugs? Odds are you aren’t alone, and at this point in time, it almost seems like bugs are part and parcel of using a PC these days.
Why so many bugs? It’s because software updates have to come out fast enough to stay one step ahead of hackers. This means old bugs are sometimes replaced with new ones as the cycle continues. Tap or click here to see just how many bugs were addressed in Microsoft’s latest patch Tuesday update.
Some software bugs are more dangerous than others, and security flaws are usually the worst of the worst. That’s why the Department of Homeland Security is sounding the alarm on a recently discovered bug in Windows that can let hackers take over entire networks of computers in one go. Here’s what we know about it, as well as what you can do at home to protect yourself.
DHS warning: Update now!
The Cybersecurity and Infrastructure Security Agency, a wing of the Department of Homeland Security, has issued a warning to all federal departments and agencies to update their Windows computers immediately. The reason: A dangerous security flaw that gives hackers the keys to entire networks of PCs.
Yes, you read that right: Networks. This means if one computer is exploited, every other one its connected to can potentially fall victim.
The cause for concern is a bug known as Zerologon, which was identified and patched as a critical flaw back in August. Like so many other flaws, Zerologon affects the remote access systems of Windows 10 — which is normally used for remote work and downloading files.
What makes Zerologon so dangerous, though, is the fact that hackers don’t even need to know a username or password to break in. They just need to know which systems have the flaw.
If a hacker is able to exploit the bug, they could easily install malware or steal files — including files sensitive to national security interests. For this reason, CISA has deemed any vulnerable or unpatched Windows computers to be an “unacceptable risk.”
Will this bug affect me? What can I do?
Right now, the government is a higher priority target for anyone looking to exploit the Zerologon flaw. But home users shouldn’t rest easy, either. Cybersecurity firm Secura, which discovered the flaw, reports that a hacker can exploit the vulnerability in less than three seconds. That’s one fast hack!
Should the exploit become widespread, it’s easy to imagine entire home networks falling victim in addition to business and government ones. But home networks have an additional vulnerability to worry about on top of Zerologon: All the unsecured IoT devices that are also connected. Tap or click here to see how much risk all these gadgets actually face.
Just like for government and business users, the easiest fix is to update Windows 10 to its most recent version. The Patch Tuesday update for September includes patch data from the last several updates, so you won’t have to worry if you’ve been lagging behind.
To get the update, turn your PC on and click the Start Menu. Next, select the Settings gear icon, followed by Update and Security.
If the patch is available, you’ll see it ready for you to download and install. If you don’t see anything, your computer may have already updated itself automatically. This happens if you have Automatic Updates enabled.
This recent update addresses several bugs beyond the Zerologon flaw, so it’s a good idea to install anyway. At the very least, you’ll be current until the next batch of updates arrives.
Still, we haven’t seen the last of Zerologon just yet. Due to its complexity, Microsoft has acknowledged that a second patch is in the works to completely stamp out the problem by early next year. We’ll be letting you know as soon as that’s available.
Related: Tap or click here to see how these malicious photos and videos can hijack your PC
We recommend getting this patch on your PC as soon as possible. If national security depends on it, we’d say it’s safe for you to take the plunge, too.
Tags: Bugs, cybersecurity, Department of Homeland Security, hackers, IoT devices, malware, Microsoft Windows, Microsoft Windows 10, national security, Patch Tuesday, Security flaw, software updates, update, vulnerability