Last week Google revealed to the world that there was a severe vulnerability in Windows.
To make matters worse for Windows users, that vulnerability was still being actively exploited at the time. Now, Microsoft has released a patch that deals with the vulnerability.
“The most severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially-crafted application that could exploit the vulnerabilities and take control of an affected system,” said Microsoft.
While Microsoft pointed out that anyone who had applied the Windows 10 Anniversary Update and was using an up-to-date browser was not at risk, people running any other version of a Windows operating system including Windows Vista should update their systems immediately.
If you aren’t sure if your system needs patching check out the rather extensive list Microsoft has on its website.
The vulnerability allowed hacking group Strontium to execute a targeted phishing campaign, according to Engadget.
Google drew fire from Microsoft last week when it released news of the vulnerability before Microsoft had a chance to patch it. While Google said it was simply applying its policy of revealing security vulnerabilities within seven days of reporting them, Microsoft said that Google’s actions put users at risk.
Let’s hope this incident sees Microsoft and Google having a sit-down and a nice cup of tea to discuss the best practice for announcing security vulnerabilities to the world.
[Via – Engadget/htxt.co.za, Image CC by 2.0]