It’s been a busy week for Microsoft Security. First, they took down all support for Windows 7 on January 14th. And, if you are still using Win7 you saw this warning message pop up on your screen that Tuesday morning:
Microsoft Security – Windows 10:
And then, also on January 14th, the National Security Agency or NSA tells us that Windows 10 has a major security breach.
“On January 14, Microsoft released a set of patches for the Windows platform. While all of the issues addressed in the patch release are serious, this article will discuss one of them: CVE-2020-0601. Above anything else, we urge everyone to take action and patch their systems. CVE-2020-0601 is a serious vulnerability, because it can be exploited to undermine Public Key Infrastructure (PKI) trust. PKI is a set of mechanisms that home users, businesses, and governments rely upon in a wide variety of ways. The vulnerability permits an attacker to craft PKI certificates to spoof trusted identifies, such as individuals, web sites, software companies, service providers, or others. Using a forged certificate, the attacker can (under certain conditions) gain the trust of users or services on vulnerable systems, and leverage that trust to compromise them.”
I don’t pretend to know what this security breach does, but I do know that if your Operating System is Windows 10 and you haven’t downloaded and installed the latest Windows 10 updates, you’re crazy!
Internet Explorer:
And, now we find out that Internet Explorer also has a major vulnerability. Cybersecurity and Infrastructure Security Agency (CISA) reports:
“Microsoft has released a security advisory to address a critical vulnerability in Internet Explorer. A remote attacker could exploit this vulnerability to take control of an affected system. According to the advisory, “Microsoft is aware of limited targeted attacks.””
And, from Newsgram:
“Microsoft has confirmed a security flaw affecting Internet Explorer is currently being used by hackers and it is working on a fix, to be released at a later date. The vulnerability was first reported by US Homeland Security on Friday evening, although the issue is not limited to American devices.”
Since 2014, CISA has recommended that people not use Internet Explorer, but use a different browser instead:
“US-CERT is aware of active exploitation of a use-after-free vulnerability in Microsoft Internet Explorer. This vulnerability affects IE versions 6 through 11 and could allow unauthorized remote code execution. US-CERT recommends that users and administrators review Microsoft Security Advisory 2963983 for mitigation actions and workarounds. Those who cannot follow Microsoft’s recommendations, such as Windows XP users, may consider employing an alternate browser.”
Our recommendation? Use Firefox!
Is Your Machine Infected?
How can you tell if you have a virus or other malware? Here is a description of some possible malware symptoms you may be experiencing.
Remember, with software, you get what you pay for, so don’t use a free anti-virus. Do you have a great anti-virus? We like Eset’s NOD32.
Conclusion:
Make sure you have your anti-virus set to automatically check everything you do. At least once a week, you should also run a virus scan to make extra sure that your machine is good to go.
Information about Geek For Hire, Inc.
Chris Eddy of Geek For Hire, Inc. has been providing computer service to families and small businesses with Mac’s and PCs for the past eighteen years. Angie’s List and the BBB rate Geek For Hire very highly. You can find more on our website, or give us a call 303-618-0154. Geek For Hire, Inc. provides onsite service (Tier 3 support) to the Denver / Boulder / Front Range area as well as remote service throughout North America.
We’ve been using Amazon Prime for the past few years. We like the free and fast shipping. With Prime, we have access to online streaming too. Prime is usually $119/year, but you can get a free 30-day trial by clicking on this link: Try Amazon Prime 30-Day Free Trial. As an Amazon Associate, we earn from qualifying purchases.