Microsoft issued two emergency Windows updates Monday to protect against “critical” and “important” vulnerabilities impacting Internet Explorer and Windows Defender, the anti-virus software.
The Internet Explorer flaw, which affects versions 9, 10 and 11, could enable attackers to gain the same user rights as the current user and infect a computer. Although Microsoft replaced Internet Explorer with the Edge browser in Windows 10, the software is still pre-installed on all versions of Windows.
The Windows Defender bug makes it possible for a remote attacker to take over a target system and prevent legitimate users from using the software.
Users must install the security update for Internet Explorer manually as Microsoft (MSFT) will not release an updated scan file until the next security release in October 2020, but the update for Windows Defender will be installed automatically.
Recently there have been complaints from users about Windows updates breaking and slowing computers, which could deter users from installing the updates. However, Gartner analyst Peter Firstbrook told CNN Business that users should go ahead with the updates because a blue screen is much easier to cleanup than an attack.
“From a security perspective, you’re much better off to stay current and stay with the latest updates,” Firstbrook said.
Although it might seem like bad updates are a common occurrence, Firstbrook said attacks are actually more frequent. Bad updates typically receive more user reaction compared to attacks that occur when users don’t install updates.
The latest security threats come just a little over a month after the company warned Windows 10 users to update their operating systems due to two potentially “wormable” vulnerabilities.