New Microsoft Update Patches Big Hole

Microsoft launched an update Tuesday to patch about fifteen holes in Windows 2000, Windows XP, Windows Server and Office. While most of the patches are related to various Word and Excel, or Windows Server issues, a critical vulnerability was found within the Windows OS kernel – a fairly rare occurrence.

The Big Hole

The Windows kernel is the core of the operating system and the flaw is related to how embedded font files are processed. We’re not going to get into the technical mumbo-jumbo here, so we’ll just tell you that the problem – if exploited – would allow malicious code to be passed directly to the system, bypassing any browser defenses that have been created to stop this sort of attack. The code could be downloaded just by visiting a web page prepared by hackers. With the increase of URL shorteners being used as well as advertising attacks, it’s easier than ever to be accidently exposed to some nasty code.

Microsoft rated the kernel flaw as critical and gave it an exploitability ranking of 1. This means that Microsoft expects there to be a working exploit within 30 days and is similar to SEVERE – Severe risk of terrorist attacks” on the Homeland Security advisory system (if anyone is actually paying any attention to that any more).

Researchers agree that the bad guys are going to move quickly:

“An exploit will appear sooner rather than later,” said Jason Miller, the security and data team manager for patch management vendor Shavlik Technologies. “The target is Internet Explorer, and browsing is the number one attack vector in the world right now. Users can be infected simply by browsing on a [malicious] site.

So this is a big hole that can do some nasty things on unpatched computers.

The Solution

Take the following steps to protect your computer:

  • Set your computer to automatically download Microsoft updates.
  • Run updates immediately or just set the system to install them automatically.
  • Reconsider using Internet Explorer as your browser of choice. The same problem will not occur using Firefox or other non-IE browsers.

How to Update Windows Automatically

Windows XP

To set your PC to update automatically in Windows XP, simply access the Control Panel in the start menu, click “Automatic Updates,” and choose “Automatic.”

Windows Vista

For Vista, open Windows Update in the start menu, select “Change Settings,” and then select “Install updates automatically.”

More information can be found at Computer World and The Washington Post’s Security Fix blog.

Author: Richard Patterson

Share This Post On

Submit a Comment