You are at risk. No, seriously. Every time you turn on any kind of
technology, you turn on risk.
The question for today is this: Exactly how do you know what risk you are taking when
you use that technology? Some argue that “old code” is secure code, under the
assumption that the older the code, the more “eyes” have
reviewed it. But is that true? Let’s revisit the Windows Metafile issue with
this in mind, shall we?
The ball dropped in New York, ushering in the New Year. But we network admins
were scrambling because of a zero-day
exploit for which no patch was available, other than hoping our antivirus
vendors would catch it.
Little did we know at that time that the ‘bug’ was perhaps a wakeup call for us
better procedures to handle a zero-day event in the future (as InfoWorld’s Roger
When you read that there’s a new security bulletin for IE, you probably tune me out
like you do with flight attendants: "Keep your browser
in its upright and patched position."
There’s a twist this week, though, as Microsoft closes a hole that’s already being
exploited but which hasn’t had a patch available for weeks.
What’s your plan for catastrophic PC failure?
It’s one thing to plan for dead hardware. If your budget can take the hit, some of you
might even welcome an excuse to have to replace some aging machine. The real problem
is all of your data. Do you have everything categorized, backed up, and
I should have known it was going to be an unusual week when two wooden mouse
traps disappeared in my garage. I thought I had one kind of pest problem at
first — cute, furry little mice in my garage. It turns out, I probably had
a different critter: a rat.
There’s been a trend lately with Microsoft’s "critical" patches. You may
have noticed that a significant portion of the time, patches the company rates
as Critical aren’t critical on Windows XP SP2 and Windows Server 2003 SP1. This is certainly no accident.
With these releases, in my opinion, Microsoft has achieved some actual payoff for
its security efforts.
The yellow shield is in the System Tray reminding me this is Patch Tuesday.
And before I began to write this article, I installed all 9. (Yes, there are 8 patches and
one malicous software removal tool.)
Normally, my second column of the month is my “clean up your patch details”
column. (The first column of the month deals with the problems that beset us from
Microsoft’s Patch Tuesday.)
Last Friday, I got the news that Microsoft would only have a new Malicious Software
Removal Tool and a high-priority, nonsecurity patch coming out on Patch Tuesday. So I
thought I’d be writing to you with my thoughts on Hurricane Katrina. Little did I know
that we’d end up with quite a bit of patching news after all.
The calendar says we’re in the dog days of August, and Patch Tuesday this
week was crawling along pretty slow, too.
The expected patches were released, all right. But reports were soon received from
sources on the PatchManagement.org list that the
direct-download patches for Internet Explorer had faulty digital signatures. As reported the
however, the patches for Windows Update,
Microsoft Update, SUS, and WSUS were unaffected this. I cover the details of
the problems below.