Update Your Windows Software NOW!
What you need to know and do about Windows updates
In May 2017 one of the largest ransomware attacks of all time struck more than 100 countries, thousands of businesses and affected millions of computers. When users tried to open a file on their computers, they got a scary screen message announcing that they'd been attacked by the WannaCry virus and that access to their files had been frozen—to get them back they'd have to pay a ransom.
All the infected computers had one characteristic in common. It wasn't the brand of computer, the amount of memory it had or the age of the machine.
They all were operating with a flaw in their Microsoft Windows (operating system) software that made their computers vulnerable to the attack.
Here's what's interesting:
About the flaw:
- Microsoft knew about the Windows vulnerability and had released patches, or fixes, to the problem only two months before the WannaCry attack.
- The U.S. intelligence community allegedly knew about the flaw and had even exploited it to monitor computers of certain individuals
- The hackers had learned about the vulnerability and chose to exploit it on a massive scale.
About the hack:
- Most companies using Windows had been advised or were aware there was a vulnerability.
- Thousands of computers implemented the Windows updates when they released it and were not affected by the attack.
- The computers that were attacked had not updated their Windows software with the patch and were impacted by the ransomware.
Of course, Microsoft did not know of the WannaCry attack in advance. After the attack, they released more updates, even for versions of Windows they had officially stopped supporting, such as Windows XP.
Here's what you need to know—and do.
This is an important clarification about the vulnerability, one that's important to YOU if you use any version of Windows.
- Microsoft proactively sends software updates to customers to fix known vulnerabilities
- Microsoft releases information about updates to various versions of Windows regularly
- It is up to you to install an update for your version Windows (if you use a PC) whenever they are available.
- Most Windows users receive automatic online prompts to install updates or are advised of automatic installed and downloaded fixes via Windows Update weekly.
- They also provide updates for software applications (Word, Excel, etc.) when necessary.
The information is out there.
You need to stay on top of Windows updates to stay protected. You can find information on Microsoft updates easily, including on their official website.
Just do some Google searches and you'll find plenty of resources from several reliable sources.
For example, Symantec, a leading security software company, devotes a regular blog (written by security consultants) to important topics, including Microsoft updates. It's part of their mission to help customers stay safe online and avoid computer crashes and attacks.
For example, below is the information posted on the Symantec Connect site/blog regarding Microsoft updates one month prior to WannaCry:
Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor has released 44 vulnerabilities, 13 of which are rated Critical.
As always, customers are advised to follow these security best practices:
- Install vendor patches as soon as they are available.
- Run all software with the least privileges required while still maintaining functionality.
- Avoid handling files from unknown or questionable sources.
- Never visit sites of unknown or questionable integrity.
- Block external access at the network perimeter to all key systems unless specific access is required.
Of course, you can always go directly to Microsoft's website for the latest updates, which is probably a good habit to get into.
However, you don't even have to do that because Microsoft updates come to you. But are you paying close enough attention?
Although they have taken much criticism for the WannaCry attack, Microsoft strives to keep their software operating at top efficiency. They issue updates and information routinely through what's known as Patch Tuesday.
Patch Tuesday, or Update Tuesday, takes place the second Tuesday of each month. It is the day Microsoft posts online links to software security updates to individual files that help Windows and other Microsoft software avoid problems. Microsoft is keenly aware when specific files have security "bugs" that cause a program to be vulnerable to malware.
Ironically, here is the is the exact information Microsoft provided just three days before the WannaCry ransomware was released on May 12, 2017.
Latest Patch Tuesday: May 9, 2017
- The latest Patch Tuesday was on May 9, 2017 and consisted of 18 individual security updates.
- May's updates correct 57 unique security issues across Microsoft Windows operating systems and some other Microsoft software.
- The next Patch Tuesday will be on June 13, 2017.
- Important: If you're currently using Windows 8.1 but have not yet applied the Windows 8.1 Update package or updated to Windows 10, you must do so to continue to receive these important security patches!
- See my Windows 8.1 Update piece for more on what this is and how to upgrade or How to Download Windows 10 for more on that upgrade.
Remember, a patch for the flaw that hackers exploited for the WannaCry attack was released in March of 2017. Microsoft was on top of the issue. Windows users had two months to implement affix the patch to the problem files.
However, when there are hundreds or thousands of computers affected that belong to just one company or entity, the updates take time. Individuals whose computers were part of their workplace network had little control over their security because an IT department is usually responsible for software updates.
One last time. It's up to you.
However, if you are a Windows user and you're the one who receives updates from Microsoft, it's up to you to install them ASAP.
It's also up to you to be sure your up to date right now.
Sources: telegraph.co.uk/; blogs.technet.microsoft.com; www.symantec.com/connect/blogs/microsoft-patch-tuesday-april-2017