If you use the Google Chrome browser, you may have noticed that it’s not working reliably since the last set of updates from Microsoft were installed on your PC.
It seems that one of the most recent fixes issued by Microsoft breaks Chrome, but both Microsoft and Google have been left scratching their heads because they can’t work out why.
The bug also breaks the Cortana personal assistant, meaning that you can no longer say ‘Hey Cortana’ to wake up your system.
If you are affected, I’d suggest using another browser, such as Edge, for the time being. Hopefully Microsoft will come up with a fix soon, but they’re likely to have a lot of work on their hands. That’s because security researchers have just uncovered a host of new problems related to the Spectre bug in Intel processors.
The researchers have discovered at least 8 new ways to exploit the problems in Intel processors. The researchers are still investigating whether the problems could affect AMD processors too.
Spectre is a serious problem for all PC users, since flaws in the design of the processor inside your PC means a hacker could take over the machine and steal data, even if you have a firewall, anti-virus tool and all the latest fixes from Microsoft.
The only fool-proof solution is to replace the processor in your PC with one not affected by the bug.
However, that’s not really practical considering the millions of systems affected, so instead Intel, AMD and Microsoft have been looking to use software updates to protect against the problems.
That’s had mixed results, with one of Microsoft’s fixes causing more problems than it solved and requiring an updated version to be released almost immediately.
Hopefully these latest problems will be fixed quickly!
But because the underlying security flaw is deep inside the processor of practically every PC, new problems like this are likely to crop up regularly, and the software and hardware companies will be constantly battling against them.
If you use Microsoft Outlook to read your email, there's bad news. A security bug in the program can allow an attacker to send you a malicious email using rich text format (RTF). If you so much as preview this message – without actually opening it – your PC can be taken over!
By setting up the message in a certain way, the Outlook bug allows the attacker to get hold of your Windows username and password.
While the password is scrambled – using a process called hashing – a determined attacker could probably break it.
The problem is all down to the way that Outlook loads remote content from a server, but it appears to be tricky for Microsoft to tackle.
The problem was first reported in October 2016! Microsoft's previous patch failed to fully solve the problem, but hopefully this new one will.
If you have Outlook installed on your computer (it comes as part of Microsoft Office), you should make sure that the fix is installed, even if you use a different email reader.
That isn't the only long-standing security problem that Microsoft have recently had to issue new fixes for. Windows has had security problems caused by fonts for a while.
These little files do nothing more than tell Windows how to display various type faces on screen. But bugs in how they are handled mean that fonts can also be used to spread viruses and worms.
This month Microsoft have fixed five different problems that would allow an attacker to use malicious fonts on a web page to execute code on your PC.
Simply viewing the page is enough to activate the bugs. This kind of attack is similar to the Duqu virus of 2011, which also used malicious fonts to attack PCs. You'd have thought Microsoft would have got on top of the problem by now, but apparently not.
If you have Windows 10, or automatic updates activated on Windows 8.1 or 7, these should be put in place automatically. If not, install them manually from the Windows Update Control Panel.
All software should be created with security in mind. But when the primary purpose of a tool is to protect your computer’s security, you’d hope the developers were doing everything they could to minimise any targets that hackers can exploit.
Unfortunately, it seems that Microsoft took their eye off the ball in this respect, and Windows Defender has a nasty bug that can spread malware.
For a tool designed to protect your system that’s a major problem, especially with Microsoft building the tool directly into Windows 10.
On many Windows 10 systems it's the only security tool installed, putting them particularly at risk.
The problem is down to the way Windows Defender handles .RAR archive files. If the tool scans a malicious RAR archive, it can trigger a bug that launches code embedded in the RAR, giving it total control over the system.
This is exactly the opposite of what Windows Defender should be doing.
And the security researcher who uncovered the problem also discovered how it came to be there in the first place.
The problem originated with an open source tool, called Unrar, designed to allow you to create and extract files from RAR archives.
It seems Microsoft took a copy of this code and included it in Windows Defender. Open source licence terms usually allow code to be included in other products, provided the original developer is acknowledged, so there is nothing wrong with Microsoft borrowing someone else’s code, in principle.
However, there was nothing wrong with the original Unrar code. Instead, the problem was created by the way Microsoft modified the code they borrowed. By changing some of the variables in the code, they managed to mess up the way the Unrar code checked files, creating the bug and putting Windows Defender at risk.
Fortunately, they’ve managed to rush out a fix for the bug via Windows Update. If you have Windows 10, or automatic updates enabled on Windows 8.1 or 7, this will be installed without you having to do anything.
If not, open the Windows Update Control Panel and check for any available updates.
The hugely serious Meltdown bug, present in systems with Intel and AMD processors, still shows no sign of being fully solved.
If you have an affected processor in your PC, you should be worried. The bug allows a hacker to exploit a flaw in the design of the processor to run their own code on your system.
People can't easily swap the processor in their PC, and usually need to change the motherboard and memory too. So, Microsoft stepped in and issued patches for Windows in January and February which were designed to block hackers from making use of the bug.
However, it turns out that Microsoft's fixes might have made PCs running Windows 7 less secure, rather than more secure.
According to security researchers, Ulf Frisk, the fixes from Microsoft made a crucial kernel memory table readable and writable for normal user processes.
This means that any malware code that manages to run on your system, even without administrative privileges, can access the full system memory, gain administrator privileges and insert its own code into protected areas of memory. Once it has done this, it has full control of your system.
Malware could also use the bug in Microsoft's fix to read passwords, and other sensitive data, from protected areas of memory.
Although the problem with Microsoft's fix affects all versions of Windows, from Windows 7 to Windows 10, Windows 8.1 and 10 have extra security features that protect the memory contents.
Unfortunately, these features are not present on Windows 7, so the fix leaves those systems wide open to attack.
Microsoft have managed to act on the tip off and have just released a new fix to cure the problem they created.
If you have Windows 7, you need to make sure that this fix is installed immediately. Unlike Windows 10, it is possible to configure Windows 7 to disable automatic updates, so you are not guaranteed to have it.
To check if there are any updates waiting to be installed for your system, click on Start > Control Panel > Windows Update.
Click on the Check now button to search for available updates and install any that are found.
With all the latest security features that Microsoft have built into Windows 10, you'd hardly think it was possible for your PC to be infected with malware from a simple hacked web page.
After all, it’s the hackers' first line of attack, so Windows should be wise to it by now.
But unfortunately not! It turns out that both Internet Explorer and the new Edge browser are vulnerable to a problem that allows a malicious web page to implant a virus on your computer.
The problem affects the browser's Chakra scripting engine and could allow a malicious web page to run any code it likes on your PC.
Luckily, Microsoft have crafted a fix for this problem and 74 other Windows bugs, just hours before a major hacker conference was due to start in Vancouver, Canada.
The CanSecWest Pwn2Own meeting of security researchers includes a competition for hackers and security investigators to see how fast they can compromise a Windows system.
Any of the hackers planning on using one of the 75 security problems Microsoft have now fixed will be disappointed.
But, as a Windows user, you can at least be relieved that another bunch of problems that put your PC at risk have been dealt with and are no longer available to crooks trying to steal from you.
As well as the browser problems, Microsoft's latest batch of patches fix problems in Excel, the SharePoint document sharing server, and 13 different bugs in the Windows Kernel – the heart of the Windows operating system.
If you have automatic updates enabled, which is pretty much compulsory on Windows 10, and the default setting on Windows 8.1 and 7, then the patches will be installed for you and your PC will be protected.
If you don't have automatic updates enabled, you need to manually check and install the fixes.
To do so: open the Control Panel and click Windows Update.
Click Check for updates and when the new fixes are found, click on Install now. Once the update process completes, re-boot your PC for the changes to take effect.
We all know that Microsoft have upped the amount of data they collect on Windows users in the latest Windows 10 versions.
They're trying to copy their big rivals, Apple and Google, and focus on earning money from advertising. That's why you see adverts for new Apps appear in the Start menu, even if you've never shown any interest in installing the Apps in question.
By using Windows 10 and the Edge browser, Microsoft can build up a profile of the kinds of things you view on the Internet and what you use your PC for. Added to this, because you sign into all your Windows 10 devices using the same Microsoft account, Microsoft can link what you search for on all of your devices.
They know the Apps you use and what is installed on your PC.
But what exactly does Microsoft know about you, and what information do they collect?
That's a very good question and, until now, Microsoft have been cagey about answering it.
However, it looks like they’re having a change of heart. They've brought out a new tool, called the Windows Diagnostic Data Viewer, which will give you a breakdown of everything the operating system sends to Microsoft.
The company claims it will display:
Common data, such as the operating system name, version, device ID, device class, diagnostic level selection and so on.
Device connectivity and configuration information, including the device properties and capabilities, preferences and settings, peripherals, and device network information.
Product and service performance data that shows device health, performance and reliability data, movie consumption functionality on the device and device file queries. It’s important to note that this functionality is not intended to capture user viewing or listening habits.
Product and service usage data, including details about how you use your device, operating system, applications, and services.
Software setup, such as installed applications and installation history, and device update information.
The tool isn't available yet, but a preview version should be released in the next few weeks, and the final version will be available from the Windows Store.
Let's hope it is released soon, and we can all check what Microsoft knows about us.
Skype’s a great program to keep in touch with friends and family, whether they live down the street or on the other side of the world. Using it you can make free phone and video calls to anyone using the software from the comfort of your PC.
So, if you use Skype like I do, you were probably terrified if you saw the latest security scan concerning it this week. The problem has led to panic and heated debate in online forums and on Twitter.
Basically the claim was that there was a security problem in the software that was so severe that Microsoft couldn’t fix it without rewriting the entire program.
The problem does indeed exist in Skype 7.4 and earlier. It allows malware running on a computer to use Skype’s update mechanism to take over the entire PC via a fake DLL file.
But the problem isn’t with Skype itself, but rather with its companion updating tool.
The rumour seems to have started when a security researcher uncovered the bug and told Microsoft about it. Microsoft told him that patching the bug would require a large code revision, so he subsequently went public with his findings.
The thing is, Microsoft have already fixed it. They released Skype 8 last October which fixes the problem.
So the solution is simple – update to Skype 8.
Unfortunately, Skype 7.4 won’t automatically update to Skype 8 so you will need to install it manually.
To do so, visit the site below and download the latest version:
One you’ve installed the latest version, you should check that the old version is not present on your PC.
To do so, press [Windows Key] + [R], type control and click OK.
In the Control Panel, click on Programs and Features. Look through the list of programs for an entry for Skype.
There should only be one version. If there is more than one, uninstall the old version by selecting it and clicking on Uninstall.
For the last few years, ransomware infections have been the bane of Windows user’s lives.
Get one of these nasty infections and it will silently encrypt the data on your hard drive. The first you’ll know about it is when you turn your PC on and find you can no longer access Windows or any of your programs.
Instead, you see a message telling you that you must pay a ransom in order to get your data back. Unless you have a recent backup of your data, this is your only chance of recovering your important files and then you cannot guarantee that hackers will actually keep up their end of the bargain.
So, it's great news that these kinds of infection are on the decrease.
While it's true that the latest anti-virus software and operating system updates are making these kinds of attack more difficult, the decline unfortunately isn't due to mass arrests of the cybercriminals behind these attacks.
Instead, the crooks have found a new and simpler way to steal. They've switched to installing cryptocurrency mining software on the PCs of unsuspecting users.
These infections steal the processing power of PCs to generate digital currencies using so-called mining algorithms.
And the reasons the crooks are making the switch are clear. For example, security researchers have uncovered a botnet called Smominru, which consisted of over 500,000 infected Windows machines.
The researchers calculated that this network was making its controllers around $8,500 per day in mined cryptocurrency.
When you're making money like that, why bother running the risk of arrest by trying to blackmail people.
Especially since most of the people infected with a cryptominer malware infection won't even know their computer has been compromised.
That means that the hackers can simply sit back and watch the money roll in, without having to worry about a knock on the door from a law enforcement agency.
To make sure that you stay safe and don't unwittingly donate your PC's performance to these crooks, the best advice, as always, is to make sure that your anti-virus software is up-to-date and that you regularly use it to scan your PC.
It seems like most Internet users have learned nothing in 2017. A firm called SplashData have analysed more than 5 million passwords leaked by hackers in 2017, and found that the most common password people were using was still ‘123456’, closely followed by 'password'!
You know as well as I do why that is a terrible password: when hackers are trying to crack an account, they use tools to enter common words and number sequences, in the hope of striking it lucky.
It's not like people don't have enough warnings. Every time a new hacker attack hits the headlines, security researchers advise people to use strong passwords.
In case you're wondering, these are the 10 most popular passwords of 2017:
Needless to say, all of these passwords are the equivalent of leaving your front door wide open. In fact, any password based on dictionary words or number sequences are an open invitation to hackers and will one day ensure that your account is compromised.
The only way to stay safe is to use a password that combines upper- and lowercase letters, numbers and punctuation symbols. That doesn't mean that your password can be a dictionary word with the number 1 tacked on at the end either.
It needs to be a random combination of letters and numbers and a minimum 8 characters long.
If you're not sure whether one of your passwords is safe, you can check it using a free password strength checker:
Simply enter your password and you'll see a score for how secure it is. I'd advise that for best protection you should be aiming to be above 90%, otherwise you're liable to be a victim of a hacker attack in the near future.
So, if you're using an insecure password, make sure your New Year's resolution is to change it!
It seems that never a day goes by without news that hackers have managed to steal the password database from some company or another.
Even when the company finds out – often several months later – simply telling everybody affected to change their password is not enough to stop any further damage from being done.
That's because people often use the same passwords for lots of different sites. Hackers are well aware of this, so once they manage to get hold of a password file they use automated scripts to try the same username and password combinations on a range of other sites.
More often than not they'll find some keys that fit the locks. If that happens to you, hackers can access any of your accounts that use the same login credentials and you'll probably not even notice.
This happened to food delivery service company, Deliveroo. Customers found that food which they'd never ordered was being charged to their accounts. In this case, the crooks behind the scam were simply trying out passwords and usernames that had been stolen from other sites to log into Deliveroo and none of the Deliveroo servers themselves had been hacked.
Fortunately, help is at hand in the form of a company called Shape Security who have launched a new product called Blackfish.
This so-called 'credential defence' service is designed to identify stolen passwords before a security breach is even reported by a company, or even before it has been detected.
It can do this before the stolen password files turn up for sale on the dark web. It works by trying to spot patterns of incorrect login attempts – which indicate that a hacker is automatically trying a list of stolen passwords. If it spots a correct login as part of this automated process, it can be pretty sure that the password has been stolen from another site.
Currently three of the top four biggest banks are using this technology, along with several airlines too. Let's hope that it becomes standard on all websites soon.