Thursday, June 15, 2006

Hackers already exploiting MS vulnerabilities

Microsoft announced 21 bugs (vulnerabilities) and their patches on Tuesday. On Wednesday, hackers were already exploiting 7 of these to attack PCs. Note that some of the patches are for Microsoft Office products. So if you normally only run Windows Update, be sure to check Microsoft Office Update.

The moral? Don't wait -- update your computer when a software vendor offers new security patches. Apple computers are usually set to automatically update. Windows computers can also be set to automatically download updates. I prefer to have the system alert me when the updates are ready to install and let me actually start the installation.

The old maxim used to be to wait and carefully test patches or wait for someone else to test them. Then and only then did you install a security patch. In today's world of same-day exploits (called "zero-day exploits"), smart computer users don't wait. They keep data backed up and they patch as fast as they can.

I often force Microsoft Update (which checks for both Windows and Office updates) to check and update my PC even before Windows alerts me. I know that new updates usually come out on the second Tuesday each month, so I start checking that night.

Security-savvy computer users also keep their Antivirus, 2-way Firewall, and AntiSpyware software updated. It's OK to be paranoid when bad guys really are out to get you.

No comments: