Security vulnerabilities are somewhat part and parcel of living in this digital world and new vulnerabilities are being discovered every single day.
Two major vulnerabilities, however, have been discovered recently that given the expanse and level of chaos caused by the latest WannaCry and related ransomware attacks, need to be addressed by users as soon as possible.
US-CERT, which is a division of the United States Department of Homeland Security have issued warnings for the vulnerabilities recently, prompting anyone using Chrome and/or Windows to update their systems to the latest patches as soon as possible.
The Chrome update, bring the browser version to 60.0.3112.80 addresses many vulnerabilities, many of which could allow an attacker to execute arbitrary code. Which in short means a malicious file could potentially be used to do almost anything to your computer. Wipe it, log everything you type, download your search history, capture your passwords or excrypt your data. It’s labelled a ‘critical’ update by Google, also addressing the BroadPwn security bug, the details of which won’t be released until the vast majority of users have been patched.
At the same time, a new vulnerability in the Windows operating system has been found that executes whenever a shortcut link is clicked. This one extends back at least as far as Windows 7 and since Microsoft doesn’t support earlier operating systems, anything earlier can be guaranteed to have the flaw and not ever be officially updated (although there may be 3rd party patches written by enthusiasts).
Users are urged to at least install updates for Security Vulnerability CVE-2017-8464 and then recommended to block outgoing connections on a number of ports at the network perimeter (your router) to ensure absolute security. The first part is easy, simply enable automatic updates on your Windows system and you are good to go. In reality, this should be enabled anyway to ensure you are protected by the latest security patches as they become available. The second part takes some knowledge of your router’s firewall capabilities, so if you’re not confident please let us know and we can set it up for you.
The warnings are timely, given Apple urged all iDevices be updated to cover security patches just two weeks ago.