For this month’s Patch Tuesday, Microsoft has released five bulletins, tackling a total of 23 different security holes in Microsoft Windows, Internet Explorer and Silverlight.
The most important security update is undoubtedly the one for Internet Explorer, applicable for virtually all versions of the browser, which includes a fix for a zero-day vulnerability (CVE-2014-0322) that has already been exploited by hackers in targeted attacks against some organisations.
Last month, Microsoft released a temporary fix it tool for the problem, so a proper patch has been keenly anticipated.
Details of how to take advantage of the security weakness have already been publicised on the net, increasing the chances of further attacks if computer owners do not take action.
So, what’s the danger if you leave your computer unpatched?
Well, if you visit a boobytrapped website with a vulnerable version of Internet Explorer it can be tricked into allowing the remote hacker’s code to execute on your PC, gaining the same rights as the user you are logged in as on Windows. In the blink of an eye, your computer could be infected by malware – delivered via an exploit kit.
In Microsoft Security Bulletin MS14-012, isn’t shy about underlining the importance of the security update – giving it the highest critical rating for Internet Explorer 6, 7, 8, 9, 10, and 11 on affected Windows clients, and “moderate” for the same versions of Internet Explorer on affected Windows servers.
Of course, if you’re still using a version of Internet Explorer as old as version 6, this is just one of many many problems your organisation may be facing…
And, this is probably as good a time as any, to remind organisations and home users that are still using creaky old Windows XP that the ageing operating system will no longer be receiving security updates after next month.
If at all possible, it’s extremely important that you update your operating system as soon as you can, rather than wait until malicious hackers have free reign to exploit it. More details of the end of support for Windows XP can be found on Microsoft’s website.
Most Windows home users will hopefully be taking advantage of the automatic security updates which will be rolled out to them, but companies often prefer to do some internal testing before distributing patches across their network in case there are any niggles.
Whatever type of user you are, my advice is to not delay – but install the security updates at your earliest opportunity to better protect your computers and the data stored upon them.
To learn more about the latest security patches from Microsoft, including the ones for Windows and Silverlight as well as Internet Explorer, be sure to check out Microsoft’s March 2014 Patch Tuesday summary.
Author Graham Cluley, We Live Security