Sponsored Links

Microsoft patches Google-outed Windows security hole

Attackers are using the exploit, so you'll want to update quickly.
Reuters/Robert Galbraith
Reuters/Robert Galbraith
Jon Fingas
Jon Fingas|@jonfingas|November 8, 2016 5:50 PM

As promised, Microsoft has issued a fix for the Windows security flaw that Google disclosed before a patch was ready. The update tackles vulnerabilities in numerous versions of Windows (from Vista through Windows 10) that would let an attacker get control of your system through a malicious app. You're already safe if you use Windows 10 Anniversary Update and an up-to-date browser, we'd add -- this is for people who can't or won't move to a newer operating system.

You have a strong incentive to upgrade quickly if you're affected. The attack is known to have been used by hacking group Strontium for a low-intensity but targeted phishing campaign. It's not certain that other organizations used the hole, but you likely don't want to find out about new attacks first-hand.

The patch ends a brief but tumultuous episode between Google and Microsoft. Google published details of the flaw after learning that it was already being used for real-world attacks, but Microsoft criticized the move as irresponsible. It put users at "potential risk" by making it easier for malware writers, the Windows creator said. Whether or not that's true, the question is whether or not the two sides are taking steps to minimize these issues in the future -- ideally, any security disclosure comes with a patch ready and waiting.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission. All prices are correct at the time of publishing.
Microsoft patches Google-outed Windows security hole