Yesterday Google disclosed the existence of a zero-day vulnerability in Microsoft Windows software for which no fix is currently available. Hackers were already aware of the vulnerability and have been using it to comprimise people's machines. Commenting on this news is Stephen Gates, Chief Research Intelligence Analyst at NSFOCUS IB says:
"Users must understand the need to constantly update their applications and operating systems, and that won’t change anytime soon. However, most people don’t know that in order to auto-update Adobe Flash in Windows that users are required to enable it from their Control Panel. Unfortunately, most average users do not know what the Control Panel is, or how to get to it. There must be an easier way to notify the public that they need to update certain vulnerable apps when updates are available.
"With regards to the latest vulnerability in Windows, Google has done the responsible thing by notifying the public about the vulnerability, since it is being exploited in the wild with no update from Windows as of yet. However, notification without a fix does not solve the problem. Hopefully, Microsoft will issue an update ASAP before more computers are compromised by hackers who know this vulnerability exists. Expect to see Exploit Kits bundled with code that takes advantage of this latest Microsoft vulnerability released into the wild."