Microsoft has released an unplanned security update for Windows 10. It is said to close two serious security holes. What users should consider now.
Once a month, Windows 10 has “Patch Day”: a series of security updates are installed every first Tuesday. In particularly urgent cases, Microsoft deviates from this plan and sometimes releases an update that does not work.
Two vulnerabilities threaten Windows 10 computers
This is exactly the case at the beginning of July. These are two critical vulnerabilities in certain Windows 10 systems that allow attackers to hack their computers remotely. The systems affected by the problem should receive an update from the Microsoft Store.
Installation is usually automatic – unless the user has interrupted the update function. Therefore, users should now check their update settings and update their computers manually if necessary. Our photo show offers step-by-step instructions.
You can also do the following:
- Enter the keyword “Update” in the search bar to find the settings.
- Click on “Check for updates”.
Missed updates can now be installed. If the search does not lead to a hit, it means that your computer is already up to date or your system was not affected by the vulnerability.
Detailed instructions for pausing and reactivating the update function you can find here.
Why was the emergency update necessary?
The unplanned update eliminates two security gaps in the Windows Codecs library. They are particularly dangerous because attackers can use them to inject malicious code and access data without physical access to the device. There is therefore a risk of remote access (remote code execution), for example via the Internet.
The problem stems from a bug in the Windows Media Codecs, which the update should fix. Affected systems could otherwise be attacked using prepared image files, Microsoft fears. But not all versions of Windows are equally vulnerable. It depends on the version number and the chip architecture used.
Microsoft has published a list of systems at increased risk of an RCE attack for both vulnerabilities on its support pages. You can find this in the source device below. If you’re not sure if your computer is one of them, you should perform a manual update as a precaution.