Update Now!

As your computer and personal identity security are a major concern for DogGoneComputers, we are highlighting this month’s Microsoft Updates.  Microsoft released several CRITICAL and IMPORTANT patches Tuesday, October 8, 2013, that should be applied as soon as possible.  The most important ones that you, as a responsible cyber citizen should understand are listed below.   Whether you want to read and “understand” the patches or not, please apply them ASAP!

Internet Explorer – Critical – Zero Day Patch

One of the patches is a Critical patch to correct a “zero day” vulnerability in Internet Explorer.   A “vulnerability” or bug, is called “zero day” because the software maker (in this case, Microsoft) has “zero days” notice to address/fix the bug that is exploited as soon as it is discovered by hackers/exploiters.  The Microsoft Website provides the following description for this Critical patch.  This patch will require a restart of your computer.

  • Cumulative Security Update for Internet Explorer (2879017)

    This security update resolves one publicly disclosed vulnerability and nine privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the most severe of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

 Microsoft Office-Important – Remote Code Execution

Microsoft Office patches are included in this month’s updates.    Microsoft Word and Excel are the targeted products.  These updates should be applied as soon as possible.  The Microsoft Website provides the following description for these Important patches:

  • Vulnerabilities in Microsoft Excel, Word, Could Allow Remote Code Execution (2885080, 2885084)

    This security update resolves two privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Office file with an affected version of Microsoft Excel, Word or other affected Microsoft Office software. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Microsoft Silverlight – Important – Information Disclosure

Silverlight, as defined by Microsoft, is “a powerful development tool for creating engaging, interactive user experiences for Web and mobile applications. Silverlight is a free plug-in, powered by the .NET framework and compatible with multiple browsers, devices and operating systems, bringing a new level of interactivity wherever the Web works.”  It is a competitor to Adobe Flash Player.  The Microsoft Website provides the following description for this Important patch:

  • Vulnerability in Silverlight Could Allow Information Disclosure (2890788)

    This security update resolves a privately reported vulnerability in Microsoft Silverlight. The vulnerability could allow information disclosure if an attacker hosts a website that contains a specially crafted Silverlight application that could exploit this vulnerability and then convinces a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. Such websites could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit a website. Instead, an attacker would have to convince users to visit a website, typically by getting them to click a link in an email message or in an Instant Messenger message that takes them to the attacker’s website. It could also be possible to display specially crafted web content by using banner advertisements or by using other methods to deliver web content to affected systems.

Make NO BONES about it… These updates are critical for you to apply as soon as possible.  If your computer is set to “Automatic Updates”, then you just have to apply/install the updates.  One of the updates requires a restart of your computer.  Please note that after the restart, you will probably have to install the remaining updates.   An Update Reminder will not let you forget…

If your Windows computer is not set for “Automatic Updates” or you’re not sure if it is, or you want to know how to setup it up, this Microsoft support site provides directions for the various Windows Operating Systems on setting up Automatic Updates:  http://support.microsoft.com/kb/306525

If you have questions about Automatic Updates for your Apple Computer, please visit this site:  http://support.apple.com/kb/HT1338

 

 

 

 

 

Advertisements