skip to primary navigationskip to content

Microsoft Windows vulnerability announced: how to protect yourself

last modified Apr 03, 2020 09:39 AM
Microsoft has announced a serious vulnerability in all versions of Windows. Find out the steps you can take to protect your machine and your data.

Microsoft has announced a serious vulnerability in all versions of Windows. For Windows versions earlier than Windows 10, and Windows Server versions earlier than Windows Server 2019, this is a 'Critical' vulnerability. For Windows 10 and Windows Server 2019, this is rated 'Important'. Further information is available in Microsoft's security advisory.

Be cautious about downloading and opening documents

Be particularly cautious about downloading, opening and viewing documents sent to you. They could be email attachments, or things you're directed to via a link. Even if the messages appear to come from people you know and trust, those people's accounts may have been hacked. If in doubt, call them up to be sure they sent whatever you've just received.

Find out if you need to update your PC

  • If you are using UAS remote access: the UIS Desktop Services team will ensure the device is kept up to date.

  • If your Windows computer is managed by a department or college IT administrator: contact them for support, if you've not heard from them already.

  • If you use Windows 10: Windows 10 is inherently more protected from this vulnerability, but not completely safe. Follow the advice above about documents and attachments. Your computer should update itself when the patch is released.

  • If you use Windows 8.1: You should stop using Windows 8.1 until the patch for this vulnerability is released and installed on your system. You can in the meantime use the Remote Desktop service from UIS to log onto a managed Windows 10 system. If you must continue using a Windows 8.1 system, you can review the workarounds suggested by Microsoft.

  • If you use Windows 7: you should stop using Windows 7 immediately. No patch is expected (for this or any future vulnerability) because Windows 7 is no longer supported by Microsoft. You can use the Remote Desktop service from UIS to log onto a managed Windows 10 system.

If you're not sure which version of Windows you are using, follow Microsoft's instructions to find out.

Apply patches as soon as they become available

Whatever you decide to do, the most important thing to remember is that, when Microsoft release a patch to fix this vulnerability, you should update your machine immediately. Microsoft send out patches on the second Tuesday in the month. We understand this patch is scheduled for Tuesday 14 April, but they may send it sooner. We will try to keep you informed when they release the patch.

Further information for IT staff 

We recommend that IT administrators review the workarounds suggested by Microsoft and assess whether to recommend or implement them for your users. In all cases, prepare to install the patch as soon as possible after it's released. The patch is expected by 14 April 2020, but may be released sooner.


UIS Service Status

Phone padded  Service status line: (01223) 463085
Website  Sign up for SMS/email status alerts
Website  Read major IT incident reports

UIS bITe-size bulletin

A regular newsletter aimed at the University's IT community, highlighting service and project news from UIS.

Sign up >  |  Back issues

RSS Feed Latest news

LinkedIn Learning now available for all staff and students

May 19, 2020

All University and College staff and students can now access LinkedIn Learning, which offers a wide range of online courses on creative, technical and professional skills.

Wireless Service essential maintenance 08:00–09:00 Tues 19 May

May 14, 2020

The University Wireless Service will be unavailable between 08:00 and 09:00 on Tuesday 19 May while we apply an essential software update.

View all news