Next Tuesday, August 14th,
is the second Tuesday of the month. Every month on the second
Tuesday Microsoft releases it's latest batch of updates. The vast
majority of these are what is known as security patches. As an
illustration, think of your computer as an air mattress. All of your
personal information is the compressed air inside of the mattress,
and the mattress keeps that compressed air separate from the rest of
the world. Along comes a computer hacker, and he starts poking holes
in that air mattress releasing your information, and possibly control
of your system, to the outside world. Once a month, on Patch
Tuesday, Microsoft comes along with security patches to fill those
holes and make your system safe again. This month's batch of updates
is particularly interesting. Microsoft has announced that it will be
releasing nine security patches, five of which it considers critical.
In order to understand why
next week's updates are so important we have to understand what
Microsoft's criteria is to deem an update critical. Microsoft's
definition of critical is an exploit that "could allow code
execution without user interaction". This means that somebody
could access your computer and run commands without you having done
anything at all to allow it. You also wouldn't necessarily be
notified in any way that this is happening. In other words, these
security holes allow hackers and malware access to your system,
without your knowledge, whenever they feel like causing some damage.
One of these flaws even allows for elevation of privileges, meaning
that malicious code can operate with administrative authority even if
your user account doesn't have admin privileges. This allows hackers
and malware to access parts of your system that you can't even
access, which makes it extremely difficult to correct the problems
that they cause.
So now that you know what a
critical update is we need to make sure that you install them as soon
as they become available. Microsoft suggests that all critical
updates are installed within three days of being released. This is
because once they release a patch the hackers and malware writers
will be able to analyze that patch and determine how to exploit the
holes that the patch is trying to fill. In other words, by putting
out a fix Microsoft is making it easier for the bad guys to exploit
the security flaw on any systems that haven't yet been patched. This
is why the day after Patch Tuesday is commonly referred to as Exploit
Wednesday. In order to ensure that your system is not vulnerable you
have to make sure you check for and install critical updates on
Tuesday. For Windows XP users this means going to the Start Menu,
clicking on All Programs, and then selecting Windows Update at the
top of the left hand column. For Vista and Windows 7 users you can
simply click the Start Menu and type “windows update” in the
instant search box. For all three operating systems make sure that
you check for updates and then select all critical updates before
clicking Install Updates. Windows Updates has a cache and it doesn't
always look for the latest batch of updates before presenting you
with your update options. Adobe also has two critical updates that
they're releasing Tuesday, so if you have Adobe Reader or Adobe
Acrobat installed make sure that you're checking for updates for
those two programs as well.
Many systems are set up to
automatically install critical updates every night. However, when
this many large security flaws are being patched at once you know
that the hackers and malware writers are going to take notice. In
instances such as this it is good practice to manually check to
ensure that your critical updates are in fact up-to-date. This batch
of updates affects Microsoft Windows, Internet Explorer, Microsoft
Office, Adobe Reader and Adobe Acrobat, so if you're missing your
updates there are a lot of opportunities for criminals to take
advantage. Hopefully we've given you the knowledge you need to
protect yourselves against these attacks.
