Largest Microsoft Patch Ever Coming Soon!

Next Tuesday will be Microsoft’s Patch Tuesday for the month of October. For IT admins this means it’s time to clear your calendar and prepare to address a record-setting 16 security bulletins addressing 49 different identified vulnerabilities. This breaks the current record of 14 security bulletins that were issued back in August 2010.

Most of the updates plug security holes that could allow malevolent internet users to inject malicious code into the users’ computers. As these holes are usually in features not switched on by default, Microsoft usually labels them as Important (the most critical updates are labeled Critical).

It’s a long list of affected software that includes: Windows XP, Vista, Windows 7, Windows Server 2003 and 2008, Microsoft Office XP Service Pack 3, Office 2003 Service Pack 3, Office 2007 Service Pack 2, Office 2010, Office 2004 for Mac and 2008 for Mac, Windows SharePoint Services 3.0, SharePoint Server 2007, Groove Server 2010, and Office Web Apps.

These patches are considered important as we head into the last quarter of the year, a time when many businesses have a heavy volume of online shopping. This period sees many financial and retail companies going into lockdown mode where they don’t update their systems.

Microsoft will release the 16 updates at approximately 1 p.m. ET on Oct. 12.  I think I’ll take that afternoon off and turn off my phones.


Don’t Let Conficker Ruin Your April Fool’s Day

By now, hopefully EVERYONE has heard of “Conficker”. If not.. you have very little time to make sure you don’t become “The Fool” this April 1st.

Computers infected with the infamous Conficker worm will start scanning the Internet for instructions this April Fools’ Day, and the results might not leave you feeling like it was a funny joke.

CBS’s “60 Minutes” ran a piece on Conficker last night, and my phone has been ringing off the hook today from clients concerned about whether they should be concerned.

To that question I would answer, “Relax, but be vigilant.”

Some analysists estimate that 54% of the affected computers that already have the Conficker worm sitting there waiting to do whatever it is the creator has designed it to do, are machines in China, Russia, India, Brazil, and Argentina, where many people use unauthorized Windows knockoffs. (Microsoft doesn’t provide all its patches to unlicensed copies of Windows, leaving the vulnerable machines free to attack.)

If you have a legitimate copy of Windows, and you have installed the patch Microsoft released back in October 2008, you “should be” fine. Just to make sure, double check that you’ve got the patch installed on your machine. (MS08-067)

The update in question was probably installed in late October or November of last year; look for Security Update for Microsoft Windows (KB958644). If this patch isn’t installed, browse to Microsoft’s Download Center to retrieve and install it.

If your PC is blocked from visiting this site, use a noninfected PC to download the patch to a removable medium and install the update on the wormed PC from that device.

Next, run Microsoft’s Malicious Software Removal Tool (MSRT). The latest version of this Microsoft tool identifies and removes all of the Conficker variants I’ve heard about. The easiest way to get MSRT is through Windows Update, but if you can’t get through to that service on the infected PC, borrow a computer and download the tool from Microsoft’s site.

Another sure tipoff that your computer may already be infected is if you have trouble connecting to your Anti-Virus update site. One of the things Conflicker (and it’s variants) was programmed to do was to block you from accessing updates to your Anti-Virus program site.

If your PC is already infected and you can’t access your AV Update site, a technical trick might enable you to visit a site that Conficker is blocking. Instead of entering the site’s domain name in your browser’s address bar, enter the site’s dotted-decimal IP address instead, which Conficker doesn’t seem to interfere with.

One way to learn the IP address of a Web site: using an uninfected PC, open a Firefox window and install the Show IP browser extension. With this extension enabled, the IP address of whatever site you’re visiting shows up in the browser’s status bar.

Of course, if you navigate to a site using its IP address and then click a link, the site will probably use a spelled-out domain name in the link. Conficker would block the resulting page, which you’d have to replace manually with its dotted-decimal equivalent. A pain in the butt for sure, but a lot less painful than the alternatives if you are already infected.

Third-party applications, especially media players, are more likely to suffer from security holes than Windows itself is. The security firm offers a free scan, informing you when your PC is running an insecure version of an application that has a security patch available.

the Secunia Software Inspector offers three options: (a) a free online scan; (b) a free download for individual users; and (c) a LAN utility for IT adminstrators. (I use the free online scan).

I run Secunia Inspector every time they send me an email that something needs to be checked. They have an email sign up box after you do a scan the first time that will notify you automatically when updates need to be checked. I highly recommend everyone using this site.

It’s best to strengthen your defenses before April 1st rather than waiting to see what bad things might happen.

Good luck on Wednesday!

Until Next Time…