Huge Security Update Batch from Microsoft
Kevin R. Smith
If you haven't already gotten notice from your PC that there are updates waiting to be installed, you're now on notice.
This batch of patches covers a lot of ground: Windows, Internet Explorer, and even Microsoft Office (which you'll likely need to take care of separately).
With so many patches, you can count on one thing: the bad guys are watching these updates, too, to see what things they can exploit on un-patched PCs.
According to a great summary at ComputerWorld on the Microsoft Security Updates,
Here's how the 13 updates break down:Microsoft today issued 13 security updates that patched 22 vulnerabilities in Internet Explorer, Windows, Office and other software, including one that harked back two decades to something dubbed 'Ping of Death.'
Curiously, there's some debate about what updates are most important among security researchers,
- Critical: 2
- Important: 9
- Moderate: 2
Given this many updates, and this many high-priority updates, there's no question, this batch of updates is worth taking the time, including reboot, needed to get them all applied.Other security experts from Symantec [makers of Norton Antivirus and Kaspersky Lab also highlighted the IE update as the one users should deploy first.
As far as I'm concerned, no one should be wondering, "Gosh, which ones should I apply?" or, "Which ones should I apply first?"
Simple. Do them all. Immediately.
The one in particular that caught a lot of people's attention was the "Ping of Death" patch, which sounds to a lot of people like the old "Ping of Death" that could be done to PCs years ago.
This begs the question: are there already exploits for this bug?
Equally important though is why is this only labeled as, "Important" and not "Critical?"
Regardless, it really is "Critical" in my opinion because of the ramifications of having an unpatched system.
Exploiting this bug requires very little technical knowledge, and it can allow an attacker to easily prevent your computer from having any Internet access, effectively shutting your PC down.
In Ye Olden Days, a similar attack would even cause the computer to reboot, and continue to reboot, 'til the attacker stopped their attack or you disconnected your PC from the Internet. Ouch.
Bugs like this are one of the main reasons why looking at an Internet Security Suite with built in firewall software is so important. In most cases a PC protected by a software firewall would be immune to this and similar attacks.
Regardless of whether or not you have an ISS with a software firewall, there are still a lot of other things these updates take care of, so get it done!
Here's where you can get the patches:
The comments to this entry are closed.