?

Log in

No account? Create an account
entries friends calendar profile My Website Previous Previous Next Next
Please update your Windows computer now. - Mark's Journal
mhaithaca
mhaithaca
Please update your Windows computer now.
If you own or use a Windows computer, running Windows 2000, Windows Server 2003, Windows XP, or Windows Vista, you need to be aware that Microsoft has released a critical patch today. Microsoft patches security flaws all the time, waiting until the monthly "Patch Tuesday" to release nearly all of them. The very fact that they are releasing a separate patch rather than waiting a couple of weeks makes it clear to me how urgent Microsoft considers the situation.

Please install this update to your Windows computers today. You can do so by choosing "Windows Update" from your Start menu, or visiting http://www.windowsupdate.com/ in Internet Explorer. (That's the only time I'm ever going to tell you you should be using IE instead of another web browser.) Or, if you don't have control over the Windows computer you use at work, please ask your IT staff to install the update today.

I've already patched the Sony Vaio I have at work. Please patch your computer now. Thanks.

More details are available here. The upshot is that unpatched Windows computers could be easily taken over by an attacker, who could then use your computer to attack other computers.

(Details added based on discussion in comments. Yes, I take this seriously. I'm not a Windows security expert, but Windows security experts whose opinions I trust are concerned enough about this vulnerability that I felt it worth my time and energy to spread the word.)
16 comments or Leave a comment
Comments
sproing From: sproing Date: October 23rd, 2008 06:58 pm (UTC) (Link)
What's the KB/Patch number. We don't have access to Windows Update on our corporate machines...
mhaithaca From: mhaithaca Date: October 23rd, 2008 07:08 pm (UTC) (Link)

All the details are here, but it appears there are several KBs that have been generated, at least for XP.
kiji_kat From: kiji_kat Date: October 23rd, 2008 07:01 pm (UTC) (Link)
Why the urgency? Is there a serious flaw?
mhaithaca From: mhaithaca Date: October 23rd, 2008 07:14 pm (UTC) (Link)

The urgency is that there is a serious flaw that could be exploited remotely. Microsoft patches security flaws all the time, waiting until the monthly "Patch Tuesday" to release nearly all of them. The very fact that they are releasing a separate patch makes it clear to me how urgent Microsoft considers it.
kiji_kat From: kiji_kat Date: October 23rd, 2008 08:21 pm (UTC) (Link)
Ok. I went to update, and it gave me that stupid "Windows Validation" thing. I trust the guy who built my computer, so I highly doubt he used pirated software - probably just uses the same copy of Windows to install on all the computers he makes. Unfortunately, Microsoft gives me that hassle every time I try to update manually, and I don't have the money right now to buy one of their "genuine" licenses or whatever they are. So...I don't know what to do. And I can only assume that just crossing my fingers won't help. ;)
perisoft From: perisoft Date: October 24th, 2008 02:58 pm (UTC) (Link)
You don't need to do the genuine thing to get security updates. Grab a file you can do the update with here:

http://www.microsoft.com/downloads/details.aspx?FamilyID=0d5f9b6e-9265-44b9-a376-2067b73d6a03&DisplayLang=en
kitchenqueen From: kitchenqueen Date: October 23rd, 2008 07:05 pm (UTC) (Link)
Looks like mine got an auto-update this morning. I think I'm all good!
ruhe From: ruhe Date: October 23rd, 2008 07:05 pm (UTC) (Link)
What's it do? I'm guessing the support staff will patch thing sometimes next month, but I'd sort of like to know what havoc my office will see.
mhaithaca From: mhaithaca Date: October 23rd, 2008 07:17 pm (UTC) (Link)

There's been lots of discussion and speculation, but the upshot is that unpatched Windows computers could be easily taken over by an attacker, and used to attack other computers.

Now that the patch is out, the lowlifes who get their jollies by writing malware will do their best to take advantage of machines that aren't patched immediately. Leaving your machine unpatched until next month is not an option.
retrev From: retrev Date: October 23rd, 2008 08:11 pm (UTC) (Link)
The lowlifes have likely known about this problem for a few weeks now...they are usually the first to find out and don't usually tell others so by the time a patch is released the problem has been known in the wild for a few days to a few weeks.
ruhe From: ruhe Date: October 23rd, 2008 10:34 pm (UTC) (Link)
Wow, apparently our support staff -was- on top of things today. If anyone gov't wise goofed up on this though, we may get a call - and it's just too busy for another fire right now.
emaline412 From: emaline412 Date: October 23rd, 2008 07:28 pm (UTC) (Link)
Dude, where's the fire?
emaline412 From: emaline412 Date: October 23rd, 2008 07:28 pm (UTC) (Link)
Scratch that.
kinnerc From: kinnerc Date: October 23rd, 2008 07:28 pm (UTC) (Link)
Variable star astronomy thanks you. I'm in the middle of patching the XP and Vista computer here in Cambridge.
From: ddmd Date: October 23rd, 2008 08:57 pm (UTC) (Link)
I have Windows update set to install every day at the same time, but I went and did a quick update anyway.

Thanks for the heads up, Macintosh Man!
From: (Anonymous) Date: October 24th, 2008 05:56 pm (UTC) (Link)
Thanks for the heads up.

SpondyGirl
16 comments or Leave a comment