Update your Windows 10 NOW – new bug lets hackers hijack your PC with a single image file
MICROSOFT has issued an emergency update to fix two bugs that could expose Windows users to hackers.
The flaws in Windows 10 could allow cyber crooks to take over a Windows 10 computer by sending a single booby-trapped image.
Microsoft has fixed two major Windows 10 vulnerabilities [/caption]
Microsoft announced it had released a fix for the two security vulnerabilities in a short blog post on Thursday.
“An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system,” the US firm said.
The bugs were reported to Microsoft by Abdul-Aziz Hariri, a security researcher at Trend Micro.
They affect the Microsoft Windows Codecs Library, which handles multimedia content such as image and video files.
Hackers could have used the bugs to take over people’s PCs[/caption]
Hackers could have exploited the vulnerabilities by sending a victim a single “specially crafted” image file, Microsoft said.
A target would have had to open the image file, which could have been sent as an email attachment or downloaded after clicking on a dodgy website.
Once on someone’s PC, the image file could have allowed a hacker to collect information like usernames and passwords, or even taken control of the PC.
There is no evidence to suggest any hackers used the exploit before it was fixed.
Patches for the bugs rolled out to Windows 10 customers this week as part of an update to the Windows Codecs Library.
“Customers do not need to take any action to receive the update,” Microsoft said.
How to keep yourself safe from hackers and scammers
FOLLOW these steps to protect yourself from hackers in the future:
- Make a ‘strong’ password with 8 or more characters and a combination of upper case characters, numbers and symbols
- Don’t do online banking on public WiFi, unless absolutely necessary
- Don’t click on dodgy email links claiming to be from banks
- Use different passwords for different sites
- Never re-use your main email password
- Use anti-virus software
- Don’t accept Facebook friend requests or LinkedIn invitations from people you don’t know
- Think before you put personal info on social media
- Find My iPhone, Android Lost and BlackBerry Protect all allow you to remotely wipe a stolen phone. Set this feature up
- Only shop online on secure sites
- Don’t store your card details on websites
- Password protect your phone and other devices
However, anyone who has switched off automatic updates will not have received the fix.
You can manually check whether you have the most up-to-date version of Windows 10 manually.
To do so, click on Settings, Apps & Features and select HEVC, Advanced Options. You will see the version there.
The secure versions are 1.0.31822.0, 1.0.31823.0 and later.
To avoid getting caught out by cyber crooks, it’s always a good idea to use a strong password, and avoid using the same password for multiple accounts.
Experts also recommend that web users stick to trustworthy sites and avoid opening email attachments from senders they don’t know.
Most read in Phones & Gadgets
In other news, Microsoft has hidden an addictive surfing game inside Windows 10.
Typing this “Konami Code” into websites unlocks loads of hidden features and jokes.
Here are 18 incredible gaming Easter Eggs you probably didn’t even know existed.
And, we’ve rounded up 44 phrases that unlock hidden tricks and games in Google search.
We pay for your stories! Do you have a story for The Sun Online Tech & Science team? Email us at email@example.com