So, keeping the promise, Microsoft has delivered the patch exactly on time as dated for the critical Windows vulnerability which was publicly disclosed by Google last week. After Google going public before the actual patch could have been delivered, Microsoft was unhappy as what the search giant did putting the security of huge base of customers at risk.
The fix was shipped with monthly security patches released on November 8th combined within cumulative update for various Windows versions. The concerned issue is fixed in Microsoft Security Bulletin MS16-135 labeled as “Security Update for Windows kernel-Mode Drivers (3199135)”.
Microsoft believes that a Russian hacker, known as Strontium carried out the low-volume spearphishing attack designed to attack a particular target. However Microsoft has said that the attack could be detected if the users were running Windows Defender Advanced Threat Protection. As well, users who had Windows 10 anniversary update and were using Microsoft Edge instead of Chrome were protected from the vulnerability.
Windows VP Terry Myerson is still not happy about how quickly Google went public with such a critical vulnerability. “Google’s decision to disclose these vulnerabilities before patches are broadly available and tested is disappointing, and puts customers at increased risk,” he expressed later after the Google’s public disclosure.
If you are concerned you can go to Windows Update section and see if you have got the update, or you can hit update button to update now.
You will need to look for the operating system you are running in the list Microsoft has provided where the issue is going to be patched via Windows update. The list include a wide range of operating systems, various versions of Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8.1, Windows Server 2012 and Windows Server 2012 R2, Windows RT 8.1, Windows 10, Windows Server 2016. All version of Windows have different kB versions, such as for Windows 10, it was KB3200970.