Some Windows PCs could be vulnerable to hackers - what you need to know
Google has identified a bug in Microsoft's Windows operating system that could leave your computer vulnerable to hackers.
Discovered by Google's Project Zero security team, the weakness was found in various versions of the software, from Windows 7 to Windows 10. The experts reported that the bug left devices open to outside attacks.
A fix to this issue is not expected to be rolled out until Tuesday 10 November, meaning the security of your computer could be compromised for close to a week.
According to Project Zero, the bug is located in the Windows Kernel Cryptography Driver.
What is Microsoft saying about the bug?
After discovering the fault, Project Zero - which aims to improve internet security across the board - notified Microsoft, and requested that the Windows creator fix it within the following seven days. This deadline was not met.
The Sun reports that Microsoft has encouraged Windows users to remain vigilant, but said that the bug did not pose any real threat.
It seems that hackers were only able to take advantage of the Windows bug because of a separate vulnerability in the Google Chrome internet browser. This problem was fixed on 20 October.
Director of Google's Threat Analysis Group, Shane Huntley, confirmed that the Windows bug was designed for "targeted exploitation," aimed at individuals, but stressed that it was "not related to any US election related targeting."
How to stay safe online
Action Fraud (the UK’s national reporting centre for fraud and cyber crime) suggests following these steps to stay safe online:
- Do not give any personal information (name, address, bank details, email or phone number) to organisations or people before verifying their credentials
- Make sure your computer has up-to-date anti-virus software and a firewall installed. Ensure your browser is set to the highest level of security and monitoring to prevent malware issues and computer crimes
- Many frauds start with a phishing email. Remember that banks and financial institutions will not send you an email asking you to click on a link and confirm your bank details
- Destroy and preferably shred receipts with your card details on and post with your name and address on. Identity fraudsters don’t need much information in order to be able to clone your identity