Friday, August 10, 2012

Patch Tuesday

Next Tuesday, August 14th, is the second Tuesday of the month. Every month on the second Tuesday Microsoft releases it's latest batch of updates. The vast majority of these are what is known as security patches. As an illustration, think of your computer as an air mattress. All of your personal information is the compressed air inside of the mattress, and the mattress keeps that compressed air separate from the rest of the world. Along comes a computer hacker, and he starts poking holes in that air mattress releasing your information, and possibly control of your system, to the outside world. Once a month, on Patch Tuesday, Microsoft comes along with security patches to fill those holes and make your system safe again. This month's batch of updates is particularly interesting. Microsoft has announced that it will be releasing nine security patches, five of which it considers critical.

In order to understand why next week's updates are so important we have to understand what Microsoft's criteria is to deem an update critical. Microsoft's definition of critical is an exploit that "could allow code execution without user interaction". This means that somebody could access your computer and run commands without you having done anything at all to allow it. You also wouldn't necessarily be notified in any way that this is happening. In other words, these security holes allow hackers and malware access to your system, without your knowledge, whenever they feel like causing some damage. One of these flaws even allows for elevation of privileges, meaning that malicious code can operate with administrative authority even if your user account doesn't have admin privileges. This allows hackers and malware to access parts of your system that you can't even access, which makes it extremely difficult to correct the problems that they cause.

So now that you know what a critical update is we need to make sure that you install them as soon as they become available. Microsoft suggests that all critical updates are installed within three days of being released. This is because once they release a patch the hackers and malware writers will be able to analyze that patch and determine how to exploit the holes that the patch is trying to fill. In other words, by putting out a fix Microsoft is making it easier for the bad guys to exploit the security flaw on any systems that haven't yet been patched. This is why the day after Patch Tuesday is commonly referred to as Exploit Wednesday. In order to ensure that your system is not vulnerable you have to make sure you check for and install critical updates on Tuesday. For Windows XP users this means going to the Start Menu, clicking on All Programs, and then selecting Windows Update at the top of the left hand column. For Vista and Windows 7 users you can simply click the Start Menu and type “windows update” in the instant search box. For all three operating systems make sure that you check for updates and then select all critical updates before clicking Install Updates. Windows Updates has a cache and it doesn't always look for the latest batch of updates before presenting you with your update options. Adobe also has two critical updates that they're releasing Tuesday, so if you have Adobe Reader or Adobe Acrobat installed make sure that you're checking for updates for those two programs as well.

Many systems are set up to automatically install critical updates every night. However, when this many large security flaws are being patched at once you know that the hackers and malware writers are going to take notice. In instances such as this it is good practice to manually check to ensure that your critical updates are in fact up-to-date. This batch of updates affects Microsoft Windows, Internet Explorer, Microsoft Office, Adobe Reader and Adobe Acrobat, so if you're missing your updates there are a lot of opportunities for criminals to take advantage. Hopefully we've given you the knowledge you need to protect yourselves against these attacks.

No comments:

Post a Comment