Click to Skip Ad
Closing in...

Microsoft just released an emergency fix for a critical bug – here’s how to get it right away

Published Aug 19th, 2015 10:20AM EDT
BGR

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

For some people, it doesn’t get any more annoying than Windows Update, which always seems to begin downloading huge files that slow down your computer every time you need to do something important. On the flip side of the coin, however, the Windows Update mechanism often updates your machine with critical security fixes that are needed in order to ensure your private data is safe. Well, if you have Windows 10 your private data might not be safe anyway, but that’s an entirely different story.

Microsoft on Wednesday pushed out a major security update that fixes a critical security vulnerability in Internet Explorer, so all versions of Windows are affected, not just Windows 10 and not just older versions of Windows. In other words, you absolutely need to download it right now — here’s how.

DON’T MISS: OnePlus 2 review: There can be only one

The vulnerability in question impacts all versions of Internet Explorer from 7 through 11, and it’s a pretty serious one. Here’s an explanation from Microsoft’s website:

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer, and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements by adding specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an instant messenger or email message that takes users to the attacker’s website, or by getting them to open an attachment sent through email.

An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Systems where Internet Explorer is used frequently, such as workstations or terminal servers, are at the most risk from this vulnerability.

The update addresses the vulnerability by modifying how Internet Explorer handles objects in memory.

Yikes, indeed.

The good news is that if you have automatic updates enabled on your PC, annoying though they may be, you may have already downloaded and installed the update. If you’ve disabled automatic updates or you simply want to be on the safe side, you have two options.

First, you can open your Settings app in Windows and go to Windows Update. Click the link to search for new updates and Windows will likely find a number of available updates that are ready for download. Install them.

If you don’t want to bother with that and would rather just address this specific vulnerability, click this link to visit Microsoft’s security bulletin, and then download the appropriate update by finding your Windows and Internet Explorer version listed under “Affected Software.”

Zach Epstein Executive Editor

Zach Epstein has been the Executive Editor at BGR for more than 15 years. He manages BGR’s editorial team and ensures that best practices are adhered to. He also oversees the Ecommerce team and directs the daily flow of all content. Zach first joined BGR in 2007 as a Staff Writer covering business, technology, and entertainment.

His work has been quoted by countless top news organizations, and he was recently named one of the world's top 10 “power mobile influencers” by Forbes. Prior to BGR, Zach worked as an executive in marketing and business development with two private telcos.