Microsoft readies monster-sized security patch for Windows users

Filed Under: Featured, Internet Explorer, Malware, Microsoft, Vulnerability

Mud golem. Image from ShutterstockPatch Tuesday is approaching, and for users of Microsoft's software it's going to be a monster.

In all, 57 separate security flaws are waiting to be fixed.

Perhaps the biggest concern will be related to the security holes in Internet Explorer.

According to Microsoft, every single version of Internet Explorer - from version 6 to version 10 - needs to be patched, as they are vulnerable to exploitation by drive-by attacks.

That means that simply visiting a boobytrapped webpage could silently infect your computer with malware - hijacking your PC for a hacker's own ends.

According to an advisory from the software giant, five of the 12 security updates have been given Microsoft's highest severity rating of "critical".

The worry will be, of course, that malicious hackers will examine the patches released by Microsoft and attempt to release exploit code to take advantage of vulnerable computers shortly afterwards.

The longer you take to update the security patches on your computer, the greater potential risk you could find yourself in.

Of course, the worry is even worse for corporations - many of whom are reluctant to automatically roll-out Microsoft security patches until they are confident that they don't cause conflicts that could increase calls to the internal support department.

So, if you are responsible for the security of your computer - do try to install the patches promptly.

If you work at a firm where there is a team who look after the computers on your behalf, buy them a cup of coffee and show a little more consideration next time you ring up to say that the laser printer has run out of toner again - it can't be much fun to have to deal with the multitude of security patches that come out every month.

Microsoft's security patches, alongside more detailed information, are due to be released at 1:00pm EST on Tuesday 12th February. Aside from Internet Explorer, other affected software dealt with by the patch includes Microsoft Windows, Server Software, Office, and .NET Framework.

Mud golem image from Shutterstock.

, ,

You might like

26 Responses to Microsoft readies monster-sized security patch for Windows users

  1. Donna · 599 days ago

    If our computer is set to download updates automatically, will that take care of this patch, or do I have to do it manually?
    Donna Spencer

    • If you have set up your computer to install Microsoft security patches automagically (via Windows Update) then you shouldn't have to do anything else.

  2. Wadalisi Lance · 599 days ago

    Will we need to install these patches if we use Google Chrome or Fire Fox? If so I really want to know. I also want to let you know that I do not check e-mails from anyone.

    • Steve Norton · 599 days ago

      Your computer or laptop uses Microsoft as it's operating system I would assume the answer to your question is yes indeed. The operating system will update automatically unless you have turned that function to update manually you shouldn't need to do anything.

    • Borincano · 599 days ago

      Always install updates regardless of what web browser(Chrome, IE, Firefox, Safari, Opera) or operating system(Windows, OS X, Linux) you use. I don't understand why so many people are so reluctant to install them. If for what ever reason you find it bothersome to do so set it to check only and before you go to bed install them overnight and it will be done over night.

      • NIgel · 595 days ago

        "I don't understand why so many people are so reluctant to install (updates)."

        I can't speak for anyone else, but there is a very practical reason why I'm reluctant, and why I never automatically install updates automatically for my systems (OS X, Windows) or for certain applications.

        I used to install all updates automatically, without question. In doing so, I learned a very costly lesson: Updates aren't perfect; sometimes they break existing features, or other applications.

        There's probably a much lower risk of that if you run only a few applications, or the applications themselves are relatively simple. But if you're running highly specialized software (say, audio, video, or graphics applications that use many plugins, or certain scientific and engineering applications), automatically installing updates without first running them on a cloned "test bed' volume can cause serious interruptions in your workflow.

        That applies not only to system updates, but application updates as well. I recall a Microsoft Office update a few years ago that broke certain features in Excel, making the application unusable for my purposes. As I recall, Microsoft fixed it within several days, but had I installed the original update without testing if first, I'd have been unable to work in the interim.

        The same is true for many other applications, and the more complicated and extensible they are, the greater the likelihood of something going wrong. Apple's Logic Pro is another example. It's utterly brilliant software, and a powerful tool, but with well over 100 plugins by non-Apple vendors (some 32-bit, some 64-bit) in my installation, testing an update on a cloned drive is not an option, it's a necessity.

        It's a major PITA to immediately have to stop work and run such tests, which is why such maintenance has to be scheduled and can't run automatically. But it's far better than letting the automatic updates run, and then find out that they've broken something that’s essential to your productivity.

    • Josh · 599 days ago

      You don't have to. But I would suggest to keep IE up to date, just in case!

  3. drew bostock · 599 days ago

    Should be fine considering i dont use internet explorer and also i have it disabled via windows features

    • Adam · 598 days ago

      Not all of the vulnerabilities are in IE. In any case, disabling it in windows features does not remove it, it only hides it from the UI. IE is deeply embedded into windows, and is required for Windows Update to work.

    • MikeP_UK · 596 days ago

      But elements of IE are always running as part of the OS so you need the IE updates as well. Disabling IE doesn't turn off all the elements of it as some are integrated into the OS.

  4. Joe · 598 days ago

    What should one do if he/she is going to be out of town and away from desktop computer on the date that you mentioned and for several days after that? Also, currently not using Internet Explorer but have had it for years until recently. Also, thinking about reinstalling. I do use Windows XL. What would I need to do?

    • If you've configured your installation of Windows to automatically download new security updates from Microsoft, it should automatically do so at its next opportunity.

  5. Name · 598 days ago

    show me the source code for every update.

  6. gregbacon · 598 days ago

    My next computer will be running Red Hat OS.

  7. Nick · 598 days ago

    Not 100% sure about this, but was told that IE is now such an integral part of Windows, regardless of what browser you use that if you don't update it compromises your security... ?!

    There really is very little you can do to stop this sort of thing, and I just have autoupdate set to do it automatically - if you don't then you have to use IE to browse for your updates which of course is almost defeating the object - isn't it ?!

    Why are people so against autoupdate etc ?
    Surely it's MS trying to plug holes that they have introduced by poor programming in the first place and they're trying to cover their backs - as well as trying to help we users who haven't a clue what's going out there from doing something silly... it's all well and good the techy types telling us to do this and that but 90% of users really haven't a clue what's going on, they only want to surf the net as easily as possible and not have to worry about security etc !

    • Rick · 597 days ago

      People are leery of auto-updating because the updates often break mission critical software. Microsoft only gives advance warning of any possible problems to major vendors (if they warn anyone at all). Companies that use custom-made applications have to delay implementation of updates until they can make adjustments to these applications. Even some home-use-only apps (games, etc) are often compromised by these updates.

      Yes, Microsoft is trying to plug the holes in their software (why are those holes there in the first place?) but they are pretty cavalier about what their fixes do to any non-Microsoft apps that you may be using.

      • Mick · 596 days ago

        "often"? I've had Windows 7 set to automatic updates since I started using it (which was shortly after the launch), and have never experienced compatibility problems.

        I'm not saying compatibility issues never happen, I'm just questioning the suggestion that they often occur.

        So I'm with Nick, not Rick.

        • Sootie · 595 days ago

          One computer is not really a big enough sample size mate, I have 200 odd here I manage and 95 or more percent never have issues with updates breaking things, the 5% though.....

      • Billy · 596 days ago

        I always run update manually, especially on laptops. I get a yuk out of the guy who takes a brand new laptop out of the box, presses the "on" button and watches as it links-up with the WiFi and starts installing 102 updates. Within about one minute the laptop starts complaining of a low battery and shuts down in the middle of updating. How to screw up an operating system right out of the box!

        I much prefer to have the update run when there's nothing else going on.

    • MikeP_UK · 596 days ago

      Autoupdate will download and install EVERYTHING MS wants to push out, even if you don't want it!
      We always set to tell us when an update is available and select all except those we know we don''t want, such as Bing toolbars etc.
      We use Firefox for preference with IETab2 so we can do everything without having a full IE open (even though parts always run in the background as integral parts of the OS).

  8. Otto · 597 days ago

    How do I do a manual update if I am not set to update automatically?
    Thanks

    • Paul Ducklin · 597 days ago

      Run the application called "Windows Update", which you'll find in Control Panel | System and Security.

  9. snert · 595 days ago

    Think about the millions of lines of code in ANY OS. What a lot of people don't consider is there's always some holes to patch, whatever the OS running. So what if MS needs to patch? Think of this, too, how many systems are running MS and how many people out there would be screaming their heads off if MS never patched. Ok, go run your Mac and don't worry about patches.

  10. roy jones jr · 595 days ago

    Let the folks that want to update their OS update & the group that is diehard against updates stay where they are. The argument for "well an OS shouldn't need patches if it was programmed right" or "its a waste of time" is so wrong I can't even laugh at it. Even the most customized computer with running scripts and whatnot will need updates to firmware or software if it is online. THATS the way it is & will be.

    Everyone gets up brushes their teeth? Get up and do updates on your computer.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.