Update your Microsoft programs
#1

This was sent to me by a co-worker. There is a lot of techno-babble below so read if you want; the bottom line is update your PC if it doesn't do it automatically. If it makes you restart, then you did it right!

 

Todd O

 

*********************

 

All,

 

Ensure that you update your home computers. It's looking like a MS Patch Tuesday has two critical patches and out of the eight, six require reboots. If you need instructions, let me know. Your computers should be downloading these automatically. If its not asking you to reboot, something may be miss configured.

 

Additionally, make sure to look at your scan histories and virus definitions to ensure that your home systems are scanning nightly and your definitions are not more than a week old. If you need a copy of Symantec Corporate, let me know.

 

Finally, make sure you save your work nightly on your NMCI machine so that you can enjoy your 10 minute coffee break as you will eventually be forced to do the reboot process. I am still using an NMCI ESI machine with 256MB so I get 20 minutes!

 

Please read below for more specifics.

 

******************************************************

 

 

Microsoft to issue eight patches this month By Jabulani Leffall, Special to GCN Redmond is poised to release eight security bulletins for its April patch release, with five designated as "critical" and three deemed "important".

Remote code execution (RCE) implications continue to be a recurring theme for Microsoft applications and services, as all of the critical items would plug such vulnerabilities as they relate to Microsoft Office, Internet Explorer and the Windows OS. Meanwhile, the important fixes represent a hodgepodge of security preparedness measures as they attempt to block spoofing, elevation of privilege and RCE attacks.

Critical Patches Cut a Wide Swath

The first critical issue is a rare patch in that it affects Microsoft Project, a program designed and configured to help IT and operations project managers in a given enterprise develop plans, assign tasks, manage budgets and track workflow. Project 2000 Service Release 1 and the 2002 Service Pack 1 version, along with 2003 SP2, are all included in the patch that is designed to keep RCE hackers at bay.

Critical patch No. 2 is for Windows 2000 SP4, XP SP2, XP Professional x64 edition and its SP2 update. It also deals with any potential RCE problems in all versions of Windows Server 2003 and Windows Vista.

The third critical item is one that will, for the second time since February's release, raise the eyebrows of Web developers. It pertains to RCE exploits that would affect Visual Basic or VBScript and JScript, which are languages used to write browser functions embedded in or included in hypertext markup language (HTML) pages. A cursory inspection of the third bulletin reveals a smattering of fixes affecting VBScript 5.1 and 5.6, as well as JScript 5.1 and 5.6. Related OS versions under this patch umbrella are Windows 2000 SP4, XP SP2 and XP Professional SP2, and all Windows Server 2003 versions. VBScript and JScript are used mainly by Web developers working with IE.

And, once again, IE -- the near-ubiquitous Web browser bundled with Windows -- is rated critical in the fourth patch. The upcoming fix would plug up the application, thereby preventing any incursions of RCE-based bugs in IE 5.01 SP4 and IE 6 SP1. The fix also affects XP SP2 Standard and Professional editions, all Windows Server 2003 versions, both Vista SP1 editions (with an accompanying "important" footnote, in this case), and, lastly, all versions of Windows Server 2008, albeit with a "low" priority proviso.

The IE fixes continue with the last critical patch in the list. RCE implications are prevalent with IE 6 and 7 sitting on Windows 2000 SP4, both XP SP2 releases, both Vista SP1 releases and all versions of Windows Server 2008.

Important Patches

The sixth patch kicks off the important items. The patch would combat spoofing, or what is known in the hacking community as a "masquerade ball," an entry through a vector point after which an attacker or programmed bug passes itself off as legitimate to gain entry into a workstation or network. This bulletin touches Windows 2000 SP4, XP and XP Professional SP2 releases, and all Windows Server 2003 releases.

Patch No. 7 is designed to mitigate an elevation-of-privilege risk, where a hacker might circumvent access controls and upgrade his user profile to gain carte blanche access as an all-object administrator or super-user. The fix affects all the same OS versions as the sixth patch, except it also touches all three Windows Server 2008 releases.

Any IT pro or software developer or user who designs flowcharts, works up schematic presentations or uses the ConceptDraw 7 program on the diagramming application Microsoft Visio may be interested in the third and final important patch, which affects XP Office 2003 and 2007 Office System. The specific applications versions are Visio 2002 SP3, 2003 SP2 and SP3, and Visio 2007 and 2007 SP1.

Of the eight total patches, six items will require restarts.

Reiterating a previously announced push of IE 7 for Windows Update, Redmond is shaking things up with a change in content presentation <http://support.microsoft.com/kb/894199/en-us> for the way it describes its releases for Windows Update and Windows Server Update Services. It is also touting a new security content release for the April 8 Patch Tuesday. This is slated to include a Windows Malicious Software Removal Tool upgrade and a Malicious Software Removal Tool upgrade specifically for IE.

As with each rollout, the advance notice isn't the final product; the nature, number and design of all the patches won't be known officially until Tuesday. However, it will be interesting to see how IT pros adapt to the content and presentation changes and how these will affect lead time in future patch management initiatives.

 

 

This story was originally published April 3 at RedmondMag.com, an affiliate Web site of GCN.com.

Reply
#2

Yes, as Todd said, the bottom line is update your programs on a regular basis.

 

All my software is on automatic update, and ALL of you should use this method.

 

But, I do make exception for this; if you are still on dial-up, then you may not want to place your computer on automatic update, for it would EAT up all your bandwidth with updates while you were trying to download email etc. If you are on dial-up, then I recommend you update your computer late at night, or at another convenient time when you aren't retrieving your email, etc. But DO NOT forget to do this.

 

I had a friend write to me recently and said she hadn't done any of the Microsoft Windows updates for months. "Is it REALLY necessary?" Hell yes! This is why many people have troubles with their computers. You gotta follow the rules.

 

If you keep your computers up-to-date, then you don't need to pay attention to those STUPID email warnings that people forward to everyone on the face of the earth. In fact I hate those because 99 percent of them are bogus.

 

So here ya go, plain and simple:

 

Update Microsoft Windows

Update your virus protection - do not think of even doing this manually - It BETTER be on automatic!

Update Microsoft Office if you use it. You can set this for automatic too

 

I have moved this entire post to the computer section. Okay, class dismissed!

Any questions? Todd, Mary Ann and I are all IT people, so you have the advantage of having us on hand all the time.

Marion J Chard
Proud Daughter of Walter (Monday) Poniedzialek
540th Engineer Combat Regiment, 2833rd Bn, H&S Co, 4th Platoon
There's "No Bridge Too Far"
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Refresh your web pages - update page content Walt's Daughter 1 5,006 02-01-2013, 07:42 PM
Last Post: CaptO
  Microsoft Download Center Walt's Daughter 0 4,695 03-01-2010, 10:31 AM
Last Post: Walt's Daughter



Users browsing this thread: 1 Guest(s)