Microsoft patches Google outed Windows security hole

As promised, Microsoft has issued a fix for the Windows security flaw that Google disclosed before a patch was ready. The update tackles vulnerabilities in numerous versions of Windows (from Vista through Windows 10) that would let an attacker get control of your system through a malicious app. You’re already safe if you use Windows 10 Anniversary Update and an up-to-date browser, we’d add — this is for people who can’t or won’t move to a newer operating system.

You have a strong incentive to upgrade quickly if you’re affected. The attack is known to have been used by hacking group Strontium for a low-intensity but targeted phishing campaign. It’s not certain that other organizations used the hole, but you likely don’t want to find out about new attacks first-hand.

The patch ends a brief but tumultuous episode between Google and Microsoft. Google published details of the flaw after learning that it was already being used for real-world attacks, but Microsoft criticized the move as irresponsible. It put users at “potential risk” by making it easier for malware writers, the Windows creator said. Whether or not that’s true, the question is whether or not the two sides are taking steps to minimize these issues in the future — ideally, any security disclosure comes with a patch ready and waiting.

Source: Engadget