Windows 10 users have been “strongly” advised to install a new update to protect the Microsoft OS from a ‘critical’ bug.
Windows 10 is the most popular operating system in the world, after overtaking its ageing sibling at the end of last year.
In December 2018 Windows 7 was finally eclipsed by Windows 10, with the flagship Microsoft OS moving into pole position after three years of trying.
And now, according to stats from NetMarketShare, Windows 10 at last count had a 45.79 per cent share of the operating system marketplace.
This is compared to the second-placed Windows 7 which has a 35.38 per cent share.
And the huge Windows 10 install base has been advised to install a security fix rated as ‘critical’.
As reported on in a post by ZDNet, users of Windows 10 version 1903 are being urged to install this month’s ‘servicing stack update’.
The download will address a bug which could force the BitLocker encryption system into recovery mode.
In a post online, Microsoft said: “This update makes quality improvements to the servicing stack, which is the component that installs Windows updates.
“Key changes include: Addresses an issue with a Secure Boot feature update that may cause BitLocker to go into recovery mode because of a race condition.
“Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU).
“Installing servicing stack updates (SSU) ensure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft security fixes.”
The news comes as this month’s update also fixes a Win32k zero-day vulnerability that was discovered by security experts.
The flaw, which doesn’t affect Windows 10 and instead impacts earlier OS versions, was discovered by ESET researcher Anton Cherepanov.
In a post online Cherepanov said: “In June 2019, ESET researchers identified a zero-day exploit being used in a highly targeted attack in Eastern Europe.
“The exploit abuses a local privilege escalation vulnerability in Microsoft Windows, specifically a NULL pointer dereference in the win32k.sys component.
“Once the exploit was discovered and analysed, it was reported to the Microsoft Security Response Center, who promptly fixed the vulnerability and released a patch.”
The ESET researcher added: “The exploit only works against older versions of Windows, because since Windows 8 a user process is not allowed to map the NULL page. Microsoft back-ported this mitigation to Windows 7 for x64-based systems.
“People who still use Windows 7 for 32-bit systems Service Pack 1 should consider updating to newer operating systems, since extended support of Windows 7 Service Pack 1 ends on January 14th, 2020.
“Which means that Windows 7 users won’t receive critical security updates. Thus, vulnerabilities like this one will stay unpatched forever.”