You are at risk. No, seriously. Every time you turn on any kind of
technology, you turn on risk.
The question for today is this: Exactly how do you know what risk you are taking when
you use that technology? Some argue that “old code” is secure code, under the
assumption that the older the code, the more “eyes” have
reviewed it. But is that true? Let’s revisit the Windows Metafile issue with
this in mind, shall we?
The ball dropped in New York, ushering in the New Year. But we network admins
were scrambling because of a zero-day
exploit for which no patch was available, other than hoping our antivirus
vendors would catch it.
Little did we know at that time that the ‘bug’ was perhaps a wakeup call for us
better procedures to handle a zero-day event in the future (as InfoWorld’s Roger
When you read that there’s a new security bulletin for IE, you probably tune me out
like you do with flight attendants: "Keep your browser
in its upright and patched position."
There’s a twist this week, though, as Microsoft closes a hole that’s already being
exploited but which hasn’t had a patch available for weeks.
I should have known it was going to be an unusual week when two wooden mouse
traps disappeared in my garage. I thought I had one kind of pest problem at
first — cute, furry little mice in my garage. It turns out, I probably had
a different critter: a rat.
The yellow shield is in the System Tray reminding me this is Patch Tuesday.
And before I began to write this article, I installed all 9. (Yes, there are 8 patches and
one malicous software removal tool.)
Normally, my second column of the month is my “clean up your patch details”
column. (The first column of the month deals with the problems that beset us from
Microsoft’s Patch Tuesday.)
Last Friday, I got the news that Microsoft would only have a new Malicious Software
Removal Tool and a high-priority, nonsecurity patch coming out on Patch Tuesday. So I
thought I’d be writing to you with my thoughts on Hurricane Katrina. Little did I know
that we’d end up with quite a bit of patching news after all.
The calendar says we’re in the dog days of August, and Patch Tuesday this
week was crawling along pretty slow, too.
The expected patches were released, all right. But reports were soon received from
sources on the PatchManagement.org list that the
direct-download patches for Internet Explorer had faulty digital signatures. As reported the
however, the patches for Windows Update,
Microsoft Update, SUS, and WSUS were unaffected this. I cover the details of
the problems below.
I go to Windows Update or Microsoft Update and think nothing of downloading
bits and pieces of what’s there. But many folks would really like to know what is
happening to their machines.
Where has the year gone? We’re already to the first Patch Tuesday of July, which means we have half of our patches for the year under our belt
and the other half to come.