During this month’s Patch Tuesday, Microsoft released a handful of updates for all supported versions of Windows. Most of these updates are security bulletins that came bundled in various cumulative updates. One of these security updates is update KB3185848.
This security bulletin addresses vulnerabilities found in Microsoft Graphics Component, like code execution privilege escalation, and information disclosure. If exploited, these vulnerabilities can give an attacker a full control over a user’s computer.
In plain English, if an attacker ‘smells’ this vulnerability, he can break into your computer, create user accounts, install programs, and access all your information. Microsoft warns that a ‘victim’ can be affected by opening a malicious site, or a document.
What’s interesting in this case is that the critical code execution vulnerability is only present in Windows 10 version 1607 (the Anniversary Update), where KB3185848 is listed as a critical patch, and is available as apart of cumulative update KB3189866 . For all other versions of Windows, this update is listed as Important.
“The security update addresses the vulnerabilities by correcting how certain Windows kernel-mode drivers and the Windows Graphics Device Interface(GDI) handle objects in memory and by preventing instances of unintended user-mode privilege elevation.”
So, if you’re running Windows 10 version 1607, we highly recommend downloading cumulative update KB3189866. To download this patch, simply go to the Settings app > Updates & security, and check for updates. In case you have problems installing the update, and some people do, download it manually, and you shouldn’t have any problems.
For more information about this security bulletin, check out TechNet’s support page.
RELATED STORIES YOU NEED TO CHECK OUT:
- Windows 10 KB3178469 update fixes major lock screen vulnerability
- Download Updates KB3189866, KB3185614, and KB3185611 manually to fix the installation problem
- Windows 10 Anniversary Update to get delayed for millions
- Windows 10 Redstone 2 will feature a new Wi-Fi setting page
- Manage Event Log channels with Nirsoft’s EventLogChannelsView release