Microsoft has patched the zero-day security hole disclosed by Google

Microsoft makes America update again.

Microsoft has patched the zero-day security hole disclosed by Google

We've just had the second Tuesday of the month, and you know what that means... Patch Tuesday!

Microsoft has issued a bundle of security bulletins, detailing fixes for numerous vulnerabilities, including critical remote code execution flaws in Microsoft Office, Microsoft Edge and various Windows components.

And this Patch Tuesday update includes a fix for the vulnerability that Google engineers controversially chose to make public last week.

The security hole is said to have been exploited by the Russian-linked Fancy Bear hacking group in targeted attacks, and details were shared by Google only days after it privately told Microsoft about the flaw, and informed Adobe of an associated Flash zero-day bug.

Although Adobe was able to issue a patch promptly, Google didn't wait for Microsoft to push out a patch for the security vulnerability that was known to be being exploited in targeted attacks.

It was clear at the time that Microsoft was highly unimpressed by Google's action:

"We believe in coordinated vulnerability disclosure, and today’s disclosure by Google puts customers at potential risk."

Whether you think Google was wrong or not to do what it did, you're hopefully pleased to see that Microsoft has kept its promise and now issued a patch - meaning millions of users can benefit from protection.

Although the Microsoft patch for the Google-found flaw is likely to get the majority of the media attention, it's important to recognise the latest collection of security patches from Microsoft cover a wide range of vulnerabilities.

As always, I strongly recommend that home users and companies update their Windows systems at their earliest convenience.

Tags: , , , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

Subscribe to the free GCHQ newsletter

, , , ,

2 Responses

  1. Bob

    November 9, 2016 at 11:36 am #

    All crucial updates for Windows and Microsoft Office (pretty much every business) users. The new delta/cumulative updates that Microsoft provide are far better and more efficient than the old way updates were delivered.

  2. Bob

    November 10, 2016 at 12:24 am #

    Google Chrome has also been updated to version 54.0.2840.99 offering security enhancements.

    Go into the menu (the inverted ellipsis at the top right of your screen), select Settings, then click About and it'll update the browser for you.

Leave a Reply