Windows users told to patch now after active zero-day attacks disclosed by Google

Graham Cluley
Graham Cluley
@[email protected]

Windows users told to patch now against active zero-day attacks disclosed by Google

Yesterday was the second Tuesday of the month which meant – you guessed it! – it was time for Microsoft to release its latest bundle of security patches.

On this occasion Microsoft fixed more than 100 security holes in a wide variety of its products, some of which could allow critical remote code execution attacks if left unpatched.

But the update which will probably grab the most attention is CVE-2020-17087, a zero-day vulnerability that has been exploited in active attacks against users of Windows 7 and Windows 10.

Sign up to our free newsletter.
Security news, advice, and tips.

The vulnerability, which allows local privilege escalation and sandbox escape, was made public by Google’s Project Zero team at the end of last month.

That was just seven days after Microsoft was informed of the security hole, because security researchers said it was being exploited – in co-ordination with a Google Chrome flaw (itself patched on October 20th) – by cybercriminals in targeted attacks.

Personally I’m impressed to see Microsoft patch the vulnerability and push it out to its many millions of users so quickly just a few days after finding out about it.

If you are running Windows on a computer you are responsible for, and want to ensure your security patches are installed, select “Start”, and then go to Settings > Update & Security > Windows Update.

Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.

Graham Cluley is a veteran of the cybersecurity industry, having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent analyst, he regularly makes media appearances and is an international public speaker on the topic of cybersecurity, hackers, and online privacy. Follow him on Twitter, Mastodon, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.