Huge Security Update Batch from Microsoft


« Do Macs Need Antivirus Software? More Answers to this Persistent Question | Main | Best Web Browser for Blocking Malicious Content? »

08/10/2011



Huge Security Update Batch from Microsoft

Kevin R. Smith
Co-Editor




If you haven't already gotten notice from your PC that there are updates waiting to be installed, you're now on notice.

This batch of patches covers a lot of ground: Windows, Internet Explorer, and even Microsoft Office (which you'll likely need to take care of separately).

With so many patches, you can count on one thing: the bad guys are watching these updates, too, to see what things they can exploit on un-patched PCs.

According to a great summary at ComputerWorld on the Microsoft Security Updates,
Microsoft today issued 13 security updates that patched 22 vulnerabilities in Internet Explorer, Windows, Office and other software, including one that harked back two decades to something dubbed 'Ping of Death.'
Here's how the 13 updates break down:
  1. Critical: 2
  2. Important: 9
  3. Moderate: 2
Curiously, there's some debate about what updates are most important among security researchers,
Other security experts from Symantec [makers of Norton Antivirus and Kaspersky Lab also highlighted the IE update as the one users should deploy first.
Given this many updates, and this many high-priority updates, there's no question, this batch of updates is worth taking the time, including reboot, needed to get them all applied.

As far as I'm concerned, no one should be wondering, "Gosh, which ones should I apply?" or, "Which ones should I apply first?"

Simple. Do them all. Immediately.

The one in particular that caught a lot of people's attention was the "Ping of Death" patch, which sounds to a lot of people like the old "Ping of Death" that could be done to PCs years ago.

This begs the question: are there already exploits for this bug?

Equally important though is why is this only labeled as, "Important" and not "Critical?"

Regardless, it really is "Critical" in my opinion because of the ramifications of having an unpatched system.

Exploiting this bug requires very little technical knowledge, and it can allow an attacker to easily prevent your computer from having any Internet access, effectively shutting your PC down.

In Ye Olden Days, a similar attack would even cause the computer to reboot, and continue to reboot, 'til the attacker stopped their attack or you disconnected your PC from the Internet. Ouch.

Bugs like this are one of the main reasons why looking at an Internet Security Suite with built in firewall software is so important. In most cases a PC protected by a software firewall would be immune to this and similar attacks.

Regardless of whether or not you have an ISS with a software firewall, there are still a lot of other things these updates take care of, so get it done!

Here's where you can get the patches:

Posted by Kevin R. Smith at 04:55:07 PM in Microsoft , Microsoft Windows

Comments

You can follow this conversation by subscribing to the comment feed for this post.

The comments to this entry are closed.