Update April 15: Following confirmation of a highly dangerous fake Windows update that users were warned not to download, this article has been amended to include information about a new Microsoft update that all users should install to ensure their Windows systems are properly protected from attack. Don’t get confused. Stay informed and stay safe.
When it comes to staying on top of your security, it can sometimes be an uphill climb for Microsoft Windows users. Dozens, sometimes hundreds, of new vulnerabilities are confirmed on the second Tuesday of every month, with new malware to deal with and now comes news that a fake Windows Update is stealing account passwords, payment data and more.
Because security updates are such an important part of the risk reduction process, when malicious copies are introduced into the mix, they not only harm those who download them but also prevent others from installing the genuine product for fear of an attack. Here’s what to know and do about malicious Microsoft support websites and related dangerous downloads.
More from ForbesGoogle Chrome users have been warned that hackers are targeting Gmail and YouTube usersBy Davy Winder
Fake Microsoft Windows Update steals data and kills security tools
It’s been a minute since I last warned about dangerous Microsoft Windows security updates that were actually nothing of the sort. But the threat certainly hasn’t gone away, and with billions of people using different Windows operating systems, why would it? The latest warning comes courtesy of Stefan Dasic, a cybersecurity and malware researcher at Malwarebytes, who has published a highly detailed technical analysis of the malware distributed by a fake Microsoft support site and wrapped up with full knowledge of the article number based on what could be a legitimate cumulative update for Windows version 24H2. “Because the file looks legitimate and avoids detection,” Dasic said, “it can elude both users and security tools.”
The fake Windows website appears to specifically target French Microsoft users, but as Dasic warns, “these campaigns spread quickly.” All users, regardless of nationality, are therefore urged to take note and be aware of the dangers posed by this and similar attacks.
More from ForbesMicrosoft confirms a new and widespread 2FA code attack is underwayBy Davy Winder
While reading the full analysis is recommended for the technically inclined, the bullet point version is as follows:
-
The threat is delivered through social engineering, requiring the victim to click a link to reach a fake Microsoft support website.
-
The malware is dressed up as a cumulative Windows 24H2 update; Its file properties are carefully duplicated in comments that claim to contain “argument and data required to install WindowsUpdate”.
Don’t ignore this new Microsoft Windows update, here’s why and how to install it safely
As mentioned earlier, the second Tuesday of the month sees Microsoft release patches for Windows vulnerabilities and other issues affecting users. The April Patch Tuesday rollout has now dropped, and it’s important that you don’t miss it.
Here’s why, by the numbers:
-
A total of 167 security issues have been addressed.
-
Two of this number are zero-day risks.
-
Eight of the patched vulnerabilities have a critical severity rating.
-
Seven of them include remote code execution as the payload threat of a successful exploit.
This is the highest number Microsoft has patched so far this year, up from 88 last month.
“Microsoft is aware of today’s vulnerabilities being wildly exploited for one and public disclosure for another,” said Adam Barnett, principal software engineer at Rapid7.
Meanwhile, Tyler Reguli, associate director of security research and development at Fortram, told me that “the 19 vulnerabilities listed as exploits are more likely. In the first quarter of the year, we saw 20 vulnerabilities listed as exploits and now, one month in, we’re seeing less attention than the total number of services affected.”
More from ForbesAngry Hacker Releases Microsoft Zero-Day Exploit, 1 Billion Users WarnedBy Davy Winder
All of which means that sitting back and doing nothing isn’t really an option for consumers, at least. Enterprise users will, of course, apply updates according to their organization’s risk and patch management processes.
All Microsoft Windows users are encouraged to install updates through Settings | Windows Update | Check for updates. Automatic updates exist for a reason, and they can reduce the chances of finding yourself on the receiving end of a fake. If you want to update manually, do so only through the official Microsoft Update Catalog and always access it directly through your browser.
This article was originally published on Forbes.com
