Windows users told to patch now after active zero-day attacks disclosed by Google

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

Windows users told to patch now against active zero-day attacks disclosed by Google

Yesterday was the second Tuesday of the month which meant – you guessed it! – it was time for Microsoft to release its latest bundle of security patches.

On this occasion Microsoft fixed more than 100 security holes in a wide variety of its products, some of which could allow critical remote code execution attacks if left unpatched.

But the update which will probably grab the most attention is CVE-2020-17087, a zero-day vulnerability that has been exploited in active attacks against users of Windows 7 and Windows 10.

Sign up to our free newsletter.
Security news, advice, and tips.

The vulnerability, which allows local privilege escalation and sandbox escape, was made public by Google’s Project Zero team at the end of last month.

That was just seven days after Microsoft was informed of the security hole, because security researchers said it was being exploited – in co-ordination with a Google Chrome flaw (itself patched on October 20th) – by cybercriminals in targeted attacks.

Personally I’m impressed to see Microsoft patch the vulnerability and push it out to its many millions of users so quickly just a few days after finding out about it.

If you are running Windows on a computer you are responsible for, and want to ensure your security patches are installed, select “Start”, and then go to Settings > Update & Security > Windows Update.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.