It’s that time again. Microsoft has released a new critical security patch and is urging users to update.
The problems exist in Internet Explorer and are triggered by malicious web pages that, if designed in a specific way, could execute code remotely at the access level of the user visiting page. That’s particularly bad news for people who have full administrator privileges – like most home users.
Worse, most of the exploits can impact IE 7, 8 and 9 on Windows XP, Vista and 7. That’s a nearly worst-case scenario because a large number of computers are open to attack. Another flaw allows remote code execution through Media Player.
This all sounds ominous, but there is good news. These exploits are not known to appear in the wild yet, which means Microsoft has managed to cut off this avenue of attack before it could become a problem. The disclosure of the issue may cause hackers to start looking for the exploit but Microsoft does not provide detailed information. Even if someone manages to figure out what Microsoft patched, updated computers will be safe.
As always, if you don’t have Windows Update already turned on you should download and install the updates as quickly as possible. If you refuse to turn on automatic updates you can still install the critical updates manually by opening Windows Update and clicking on the text link informing you that there are updates ready for installation.