By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

When even the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency is starting to get nervous about your unpatched Windows 10 system, maybe it’s time to make sure you’ve downloaded everything you need from Windows Update. This time around, the agency is reacting to the emergence of new proof-of-concept attacks related to a vulnerability that was discovered in March—yes, three months ago. The exploit, “SMBGhost,” take advantage of an issue with Windows’ server message block protocol that could give an attacker unrestricted access to run whatever they want on an affected machine. (That includes servers, obviously, but also any unpatched clients connecting to one that has already been hit.) All you have to do to stay safe is to make sure you’ve installed the latest updates for Windows 10. That’s it. It’s incredibly easy to do this on your home machines—and, really, they should be updated already if you’ve been using them regularly and have them connected to the internet. Here’s the quirk, though. If you’re using a version of Windows 10 that’s older than version 1903 (released in May of last year), you’re in the clear. Your operating system doesn’t yet support SMBv3.1.1 compression, which is the source of the bug that’s being exploited by SMBGhost. So, in some weird way, not updating has kept you safer from this attack than installing a major update and getting lazy about the rest. That’s not a practice you should continue, however. It’s time to update to the latest version of Windows—version 2004, as of when we wrote this article—and make sure you stay on top of your Patch Tuesday updates and any other critical out-of-schedule updates. But there’s a caveat to that, too. As you no doubt know, Microsoft tends to have some issues with its various Windows 10 updates. So much so that it’s probably not worth your while to install every single update you can get your hands on the minute it’s released. Were I you—and this is what I do, too—I’d make sure I’m using at least Windows version 1909. I’d then use its ability to pause Windows Updates, found via Settings > Update & Security, to keep your operating system from downloading and installing updates the moment they’re released. As for how long you should wait before you install one, that’s up to you and the severity of the update in question. If an update is patching a zero-day exploit, you might want to err on the side of installing it sooner; if it’s a gigantic feature update, you can probably wait a week (or two weeks) to make sure that system-breaking bugs haven’t revealed themselves as part of the update’s public launch. Is this taxing? Yes. Will you forget about it? Sure. Will you remember it when you can’t understand why your system worked well on Tuesday but is coughing up some terrible glitch on a Wednesday morning? You will now. We have more posted on OUR FORUM.