Statistically speaking, you’re probably running a Windows PC – it’s still the world’s most-used operating system, and not by a small margin, and it’s fairly likely you’re on Windows 10. With the recent removal of support for Windows 7 operating systems, it’s even more likely.
Being big and popular means that most applications are written with Windows in mind, and that’s very useful, but it also means that it’s the single largest target for hackers looking to pry into people’s private affairs, whether that’s for outright identity theft, using a PC as part of a botnet or an attempt to get access to your financial affairs or business details.
Typically speaking, when there are flaws in Windows (or for that matter Apple’s macOS) they’re disclosed by security researchers, or quietly patched by Microsoft’s own rather busy security team. As an example, it recently disclosed a security issue with its older Internet Explorer browser, although it’s yet to issue a patch to resolve it. Internet Explorer probably isn’t your browser of choice anymore – even if you wanted to stay in-house with Microsoft you’d be better off with its newer Edge browser – but it’s still lurking in the background of Windows 10 code.
Still, that pales next to the discovery by the US National Security Agency of a very serious flaw in Windows 10 in both its desktop and server implementations. It’s a flaw that undermines the cryptographic security used by Windows 10, and the picture the NSA paints is pretty grim. In its advisory, it states that:
“NSA assesses the vulnerability to be severe and that sophisticated cyber actors will understand the underlying flaw very quickly and, if exploited, would render the previously mentioned platforms as fundamentally vulnerable. The consequences of not patching the vulnerability are severe and widespread. Remote exploitation tools will likely be made quickly and widely available.“
The NSA’s focus is on businesses and government enterprises that could be compromised by the flaw, but make no mistake – any tool developed to crack those kinds of systems will most likely be flung out far and wide as possible, because while your own files might not be as interesting as some of the US government’s activities, if there’s money to be made, somebody will try everywhere to get it.
So, what should you do? At this stage, you absolutely should make sure that your Windows 10 PC is as up to date with patches as possible. Sadly, there’s some reports that the specific patch to deal with this vulnerability may not install cleanly on some Windows systems – hopefully that’s something that Microsoft can smooth over quickly without issues for most – but it’s absolutely imperative that you at least try.
The easiest way to do this is to type “Windows Update” into the text search box on a Windows PC, where it says “Type here to search” which should bring up a search option that says “Windows Update Settings”. Click on that, and it’ll bring up Windows Update. With some luck it may say that you’re up to date, but in any case, you should click on the “Check for updates” button and make sure that it hasn’t missed any updates or fresh patches.
This may take some time depending on the speed of your connection and the number of updates needed, but it really is vital. In this case, prevention will be way, way better than the possible cure.
