Tuesday, August 3, 2010

Microsoft updates major security flaw

As you know I am loathe to run around about the latest security releases saying “the sky is falling”. Last night, however, Microsoft released an extremely important security patch – out of band from their normal Tuesday security patch release. The security hole this patch addresses would allow an attacker to potentially drop files on a server or workstation that could be run simply by viewing them in file explorer. This would allow a hacker to potentially take over a machine without anyone ever clicking on a file or running it. Files could arrive by USB Drive, email, hacks, web uploads – any of a number of vectors. This is an extremely dangerous issue, which is actively being exploited by criminals trying to interfere with US operations by taking over manufacturing sites and control systems, stealing retail credit cards and identities, and a variety of other activities. It is imperative that your servers and workstations be updated as soon as possible to avoid allowing this vulnerability to spread. Once a system is infected with this problem it becomes very difficult to remove it since you cannot view files without re-running the virus. In addition, it spreads by so many different vectors that we can’t just rely on something like an email filter to remove all possible sources of contamination. The very best way to avoid this problem is to run Windows Updates AS SOON AS POSSIBLE on all your servers and workstations. It’s especially critical to protect workstations, but you should VERIFY that all servers and workstations have been updated – even if you believe them to be set on automatic updates. Each server or workstation will need to be rebooted after the patch is applied to fully implement the patch.

If you are running Windows XP SP2 – you need to update to SP3 before you can patch for this vulnerability. Service packs MUST BE DONE MANUALLY – automatic updates does not apply service packs, and must be done logged in as an administrator. Be sure you verify that your XP system is at least service pack 3, then update all the patches that are recommended after the service pack is applied. Microsoft no longer support XP SP2 with new security releases.

If you are running Windows 7 be sure to patch BOTH your core Win7 operating system and any virtual XP instances that you run.

If you need assistance with any tasks related to this issue, please call Jim Rock at the office at 585-756-2444 and he can help you (on a ticket basis) to update and verify that your systems are no longer vulnerable either remotely or by going onsite. We would rather you spent a little bit up front to be sure this is patched – then to pay us a lot later if there is a problem. This update needs to be applied ASAP, which is why Microsoft released it quickly. Even if you have automatic updates on, we recommend that you force the update through Internet Explorer (on windows xp machines or virtual machines) by going to updates.microsoft.com, or for Vista and Win7 machines by choosing Windows updates from your start menu.

To read more about the problem and its impact see the following Microsoft Knowledgebase article: http://www.microsoft.com/technet/security/bulletin/ms10-046.mspx  If you do NOT use us for your IT support and you didn’t get a warning this morning from your current IT support – consider using us in the future. This is the kind of proactive service we provide for all our technical support customers.

No comments: