New Microsoft Update Patches Big Hole
Microsoft launched an update Tuesday to patch about fifteen holes in Windows 2000, Windows XP, Windows Server and Office. While most of the patches are related to various Word and Excel, or Windows Server issues, a critical vulnerability was found within the Windows OS kernel – a fairly rare occurrence.
The Big Hole
The Windows kernel is the core of the operating system and the flaw is related to how embedded font files are processed. We’re not going to get into the technical mumbo-jumbo here, so we’ll just tell you that the problem – if exploited – would allow malicious code to be passed directly to the system, bypassing any browser defenses that have been created to stop this sort of attack. The code could be downloaded just by visiting a web page prepared by hackers. With the increase of URL shorteners being used as well as advertising attacks, it’s easier than ever to be accidently exposed to some nasty code.
Microsoft rated the kernel flaw as critical and gave it an exploitability ranking of 1. This means that Microsoft expects there to be a working exploit within 30 days and is similar to “SEVERE – Severe risk of terrorist attacks” on the Homeland Security advisory system (if anyone is actually paying any attention to that any more).
Researchers agree that the bad guys are going to move quickly:
“An exploit will appear sooner rather than later,” said Jason Miller, the security and data team manager for patch management vendor Shavlik Technologies. “The target is Internet Explorer, and browsing is the number one attack vector in the world right now. Users can be infected simply by browsing on a [malicious] site.
So this is a big hole that can do some nasty things on unpatched computers.
Take the following steps to protect your computer:
- Set your computer to automatically download Microsoft updates.
- Run updates immediately or just set the system to install them automatically.
- Reconsider using Internet Explorer as your browser of choice. The same problem will not occur using Firefox or other non-IE browsers.
How to Update Windows Automatically
To set your PC to update automatically in Windows XP, simply access the Control Panel in the start menu, click “Automatic Updates,” and choose “Automatic.”
For Vista, open Windows Update in the start menu, select “Change Settings,” and then select “Install updates automatically.”