Busy with midterms, she waited until nearly the last minute before flipping open her Windows 10 computer -- only to watch Windows Update take control of her machine until well after the deadline had passed. I could have finished the test on time if it wasn't for the Windows Update," she tells me.She got a 58 on the midterm, and was barely able to bring it up to a C by the end of the semester."I wasn't terribly happy," recalls Beattie, adding that he now has a habit of explicitly running Windows Update a few hours before his presentations "just to make sure it's not going to spring any surprises." Alex Gibson, a 3D printing consultant, says he no longer trusts Windows to manage his 3D printer after his computer forced a restart near the end of a 6-hour-long print job for a customer in November. Lydricsama, a digital artist from Finland, says she lost hours of work on a commissioned piece she was working on late into the night, leaving her with a bare sketch (instead of a mostly lined and colored illustration) after her machine forced an update back in October.She tells me that while it was her fault for not saving the document more often, Windows also didn't help: "I had no prior warning before it restarted itself." Luckily, her client didn't mind the delay.For example, an attacker could use a website to deliver a specially crafted file to the victim's system that is scanned when the website is viewed by the user," Microsoft explains."An attacker could also deliver a specially crafted file via an email message or in an Instant Messenger message that is scanned when the file is opened.Alexsander Stukov, an software engineer who spends days running stress tests and cloning virtual machines, says he's lost hours of work to forced Windows Updates on five separate occasions now.
The bug was discovered and reported by the UK's National Cyber Security Centre – which is part of GCHQ, Blighty's spying nerve center.
And don't expect to use your computer again soon; depending on the speed of your drive and the size of the update, it could be anywhere from 10 minutes to well over an hour before your PC is ready for work.
But my Windows laptop -- a Windows laptop in a sea of Mac Books! I figured it just needed a quick reboot, so that's what I did.
In addition, an attacker could take advantage of websites that accept or host user-provided content, to upload a specially crafted file to a shared location that is scanned by the Malware Protection Engine running on the hosting server." Microsoft notes that, because Malware Protection Engine is set up to constantly receive updates, the fix will automatically be delivered over the air for most home users and many enterprise customers.
The out-of-band update comes just days before Microsoft is scheduled to post its December security updates with the December 12 Patch Tuesday release.