Last Monday (Oct. 31), Google decided to disclose a scary Windows problem that it thought Microsoft had taken too long to fix. (Google found the issue and reported it to Microsoft on Oct. 21, but the flaw was being actively used by hackers.) This month’s Patch Tuesday security update (opens in new tab), released today (Nov. 8) by Microsoft, fixes security issues that could give hackers control of your system. In a blog post (opens in new tab) last week (Nov. 1), well before the fix was ready, Microsoft VP Terry Myerson attributed the ongoing attacks to the so-called Strontium hacker group, aka Fancy Bear, which is believed to be part of Russian military intelligence and is one of two Russian groups accused of hacking into the Democratic National Committee earlier this year. Myerson noted the Strontium group “conducted a low-volume spear-phishing campaign” which “used two zero-day vulnerabilities in Adobe Flash and … Windows … to target a specific set of customers.” MORE: 12 Computer Security Mistakes You’re Probably Making Adobe patched the problem on its end on October 26, but Microsoft waited until today to release the fix in this month’s edition of the Patch Tuesday update. The update is available for systems running Windows 10, 7, 8.1 and Vista, so everyone needs to make sure this patch is applied now that it’s available. Microsoft labelled the update as Important, so look out for that nomenclature to make sure you’re getting the update. While this patch should be enough to fight off the current known vulnerabilities, Microsoft is advising that users upgrade systems to Windows 10 to protect themselves against other variants of spear-phishing attacks. Myerson claimed that those using Microsoft’s Edge browser were already protected from the “versions of this attack observed in the wild.” In that blog post released last week, Myerson complained about the early disclosure from Google, writing that its “decision to disclose these vulnerabilities before patches are broadly available and tested is disappointing, and puts customers at increased risk.” Google believed that customers were already facing enough risk without the update, as its announcement claimed the vulnerability “is being actively exploited.”

So what can I do?

First, make sure Flash is up to date.If you’re using Windows 7, click the Start button, click Control Panel, click Windows Update, click Check for Updates and follow the subsequent instructions.Those on Windows 10 should click the Start button, click Settings, click Update & security, click Check for updates and follow the subsequent instructions. Windows 8.1 users should swipe in from the right edge of the screen, tap Settings, tap Change PC Settings, tap Update and Recovery, tap Windows Update and then tap Check now. Follow the subsequent instructions to install updates. Also, read how easier it is to update a Windows 10 system, and consider moving on from Windows 8.1

Windows 10 Security and Networking

Previous TipNext Tip

Use the Windows 10 Parental ControlsFind Your MAC AddressTurn Your Windows PC into a Wi-Fi HotspotPassword Protect a FolderCreate a Guest Account in Windows 10Enable Windows Hello Fingerprint LoginSet Up Windows Hello Facial RecognitionHow to Restrict Cortana’s Ever-Present Listening in Windows 10Automatically Lock Your PC with Dynamic LockBlacklist Non-Windows Store AppsFind Saved Wi-Fi PasswordsSet Up a Metered Internet ConnectionUse Find My DeviceStream XBox One GamesAll Windows 10 TipsMap a Network DriveCreate Limited User AccountsSet Time Limits for KidsPin People to Your Taskbar