Heads up: All products featured here are selected by Mashable's commerce team and meet our rigorous standards for awesomeness. If you buy something, Mashable may earn an affiliate commission. By
If you’re a Windows user, all Patch Tuesdays should be important, save for those instances where Microsoftborks a patchand actually makes your Windows system worse than it was previously. Getting the latest feature and security updates for your system—mostly the latter—should be something you look forward to each month. But today’s Patch Tuesday is even more important than most.
First, if you’restill clinging to Windows 7, know that today marks the very final Patch Tuesday you’ll ever experience. Unless Microsoft backtracks and opts to release future fixes when huge vulnerabilities are uncovered, this is the last round of security updates you’ll receive for your operating system. Make sure you install them, becauseyou’re on your ownfrom here on out.
Windows 10 users have a vulnerability to fix
For the rest of you, today isalsoan important day, as Microsoft is allegedly fixing a rather large security vulnerability that affects Windows 10 and Windows Server 2016. The company tipped off a number of major organizations about the issue in advance, including the U.S. military. And it appears the fixes they received (before you) came with a “don’t disclose” clause, as nobody was talking about said vulnerability openlyuntil today.
“A critical vulnerability in this Windows component could have wide-ranging security implications for a number of important Windows functions, including authentication on Windows desktops and servers, the protection of sensitive data handled by Microsoft’s Internet Explorer/Edge browsers, as well as a number of third-party applications and tools.
Equally concerning, a flaw in crypt32.dll might also be abused to spoof the digital signature tied to a specific piece of software. Such a weakness could be exploited by attackers to make malware appear to be a benign program that was produced and signed by a legitimate software company.”
Sounds serious? The curious thing about this vulnerability is the amount of disagreement surrounding whether it’s actually a big deal or not.
As I understand it, the vulnerability lays out the groundwork forfutureattacks, rather than being something that attackers are actively exploiting at this time. In other words, I wouldn’t stop everything I’m doing to immediately update my home system the second Microsoft’s patch drops—which already happened, if you’re reading this (KB4528760in Windows Update). Don’t dawdle, though.
And just in case Microsoft’s first Patch Tuesday of the year has issues, you can always take the super-safe route ofbacking up your systemprior to installing today’s updates. Whether you want to just save your critical files elsewhere orcreate a full image of your driveis up to you—it depends how much you trust Microsoft and its patching process (and whether Microsoft will let youroll back this updateif things start to go haywire).