Sorry for the bad pun. If you grew up in the 90's like I did, then the words to this song are forever embedded in your brain.
Microsoft just released a somewhat rare non Patch Tuesday critical patch. I know it's wrong that I get so excited when an event like this happens, but we live, eat and breathe security at WatchPoint Data. As soon as a patch like this is released, we make sure that all devices are current and have the patch installed. Microsoft typically only released patches on Patch Tuesday, but non Patch Tuesday releases are becoming more frequent.
Why does this matter to you?
With so many patches being released all the time, it has become a cry wolf effect. No one pays that much attention. You should. This particular patch allows a remote attacker to execute code just by visiting an infected website with Internet Explorer. Translation - they can completely take over your computer just by opening a website that you think is fine. If they are a savvy hacker, you'll be infected with an Advanced Persistent Threat, and you will never even know it. Prior to today, this would have been known as a Zero Day Vulnerability. Only a handful of very skilled hackers would have known about and used it. Now that a patch has been released, this vulnerability is a widely known quantity and any hacker can reverse engineer the vulnerability. This means that lots of new drive-by websites will be popping up to steal your information.
What do you do about it?
Make sure the patch is installed. If you aren't using a patch management system like Prevention from WatchPoint Data, then you need to make sure every station on your network has Windows automatic updating turned on and working. This can be done network wide using WSUS or at the individual station level through the Control Panel. You should, at a minimum, do a weekly check to make sure every station is up to date. Windows updates are only one piece of the patch management puzzle though. You also need to make sure all of the non Microsoft software is up to date.
Essentially, you need to make yourself as hard a target as you possibly can. With 86,000 new pieces of malware being created daily, you may think there is nothing that can be done to protect yourself from cyber criminals. That just isn't true. Right now the cyber criminals are primarily using a shotgun approach because there are so many easy targets out there. Make yourself a hard target.
