Needless to say, Some Significant Patches are Needed Now
I thought I'd take a minute to update people on a couple of items that are of interest in the computing community:
As most people know by now, Microsoft has posted an out of band patch to Windows Internet Explorer (the browser). This patch is in response to an unpublished hole in the IE code which was exploited by unknown hackers to attack Google. I won't go into the details of the exploit and who is responsible, but this hole has existed for some time and has been used to gather critical information from not only Google as widely reported, but now also three of the largest petroleum companies in the United States. Needless to say, it probably doesn't end there.
If you have not yet patched Internet Explorer, go to Windows Update NOW and get it patched. You can thank me later. LOL!
Another Microsoft vulnerability that surfaced was a unpatched problem with the 16 bit engine included with 32 bit Windows software from Windows 3.1 to Windows 7. This is being referred to an a 17 year vulnerability. Used to run MS-DOS and what is now very old 16 bit software, it is included in all 32 bit Windows operating systems. It is NOT included in 64 bit Windows operating systems, so those of you who use 64 bit Windows are safe for the moment. A fix for this problem is expected in the February patch cycle. There are fixes for this now on Microsoft's website.
For people using Adobe Reader and other of Adobe's products, there are patches available for these products on Adobe's website. Frankly its gotten to the point that hackers are moving from attacking Windows to now attacking 3rd party addons like Adobe Reader. I don't think there is a quarter that goes by when another major patch is needed for the Reader. This is one of those patches you need to do now, so get over to Adobe's site and get it patched.
I have suggested the Foxit Reader for some time as a replacement, but in the past, vulnerabilities found in Adobe Reader have somehow been found in Foxit Reader. So be sure you check the Foxit site if you are using that instead.
The last thing I wanted to mention and I forgot to say something at the last CEBUG meeting is that Microsoft is now patching on a twice a month cycle. Critical pathes and updates are being done on the second Tuesday of the month while "important" patches are being distributed on the fourth Tuesday of the month. Most people are unaware of the 4th Tuesday patch day. For that matter, if you are using some of the speciality Microsoft software like Dynamics, those updates and patches are distributed on an as available basis.
If you are expecting Microsoft to patch on one or two days a month, as we have found out, we are sadly mistaken. At least we are not seeing a new patch every day <G>.