Windows users told to patch now after active zero-day attacks disclosed by Google

Windows users told to patch now after active zero-day attacks disclosed by Google




Yesterday was the second Tuesday of the month which meant – you guessed it! – it was time for Microsoft to release its latest bundle of security patches.


On this occasion Microsoft fixed more than 100 security holes in a wide variety of its products, some of which could allow critical remote code execution attacks if left unpatched.


But the update which will probably grab the most attention is CVE-2020-17087, a zero-day vulnerability that has been exploited in active attacks against users of Windows 7 and Windows 10.




Sign up to our newsletterSecurity news, advice, and tips.

The vulnerability, which allows local privilege escalation and sandbox escape, was made public by Google’s Project Zero team at the end of last month.


That was just seven days after Microsoft was informed of the security hole, because security researchers said it was being exploited – in co-ordination with a Google Chrome flaw (itself patched on October 20th) – by cybercriminals in targeted attacks.


Personally I’m impressed to see Microsoft patch the vulnerability and push it out to its many millions of users so quickly just a few days after finding out about it.


If you are running Windows on a computer you are responsible for, and want to ensure your security patches are installed, select “Start”, and then go to Settings > ..

Support the originator by clicking the read the rest link below.