Patch Tuesday Brings An IE Update Frenzy

It's almost time for the monthly raft of Microsoft system updates otherwise known as 'Patch Tuesday'. The February update is dominated by patches for Internet Explorer (every version from the dreaded 6 right through to 10), which makes pushing it through especially important.

Tuesday picture from Shutterstock

As Sophos' Graham Cluley points out, IE vulnerabilities are likely to be speedily analysed and exploited by malware developers, so deploying them quickly once the patch appears (on Wednesday Australian time) is essential:

The worry will be, of course, that malicious hackers will examine the patches released by Microsoft and attempt to release exploit code to take advantage of vulnerable computers shortly afterwards. The longer you take to update the security patches on your computer, the greater potential risk you could find yourself in. Of course, the worry is even worse for corporations - many of whom are reluctant to automatically roll-out Microsoft security patches until they are confident that they don't cause conflicts that could increase calls to the internal support department.

IT professionals can legitimately argue that patches need testing so that they can make sure other elements of their workplace environment aren't affected. The same logic doesn't apply in smaller businesses. For instance, following last week's issue with an update to Kaspersky's anti-virus product which left some users unable to access the internet, newsagency blogger Mark Fletcher argued that all users should determine their own update schedule:

This automatic update, causing the web outage, is another example of damage that can be done to systems by automatic updates. Computer users should control what updates are applied and when.

I can't go along with this. The risk of being affected by a drive-by download or other malware is much higher than the risk of a badly-deployed update. I'm not saying bad patches never happen, but the average business owner with only basic technical knowledge is not in a position to be able to tell the difference ahead of time. Merely waiting 48 hours to see if anyone else experiences problems provides an ample window for bugs to be exploited by the criminally-minded.

Microsoft Security Bulletin


Be the first to comment on this story!

Trending Stories Right Now