I write this article on the second Tuesday of the month – “PatchTuesday,” as it’s come to be known – the day when Microsoft issues “patches” to fix the latest security and operational flaws that have been found in its products. Most prudent computer users access these patches through the Windows Update website.
Unless you simply don’t care if your computer turns into a useless box of circuits, running Windows Update is not optional. Instead, it is one of the most important things that you can do to keep the bad guys of the Internet from wrecking your machine. I recently repaired a computer that had never run Windows Update, yet had been used on the Internet for two years. Before I removed 249 viruses and over 3000 spyware programs, this computer would barely even turn on.
Over the past few years, the bad guys have also started attacking the applications and programs that most computer owners use. So many security flaws have been found (20, so far, in 2006) and patches issued for Microsoft’s Internet Explorer browser that computer professionals have taken to calling it “Internet Exploder.” Security flaws have also been found in video/music players, email programs, McAfee and Symantec/Norton “security” products, and even Apple’s iTunes player. The most dangerous attacks by the bad guys are now being hurled at Microsoft’s wildly popular and widely used Microsoft Office suite.
Microsoft Office is a package of programs that consists of Microsoft Word (word processor), Excel (spreadsheet), PowerPoint (presentation software), Outlook (email and contact management), and, in the “Professional” version, Microsoft Access (database). Some of the “hacks” that have been discovered cause your computer to crash, while others allow attackers to “escalate privileges,” which is fancy-pants geek talk for controlling your machine. Microsoft’s description of one of the latest patches for Word states, “A vulnerability could allow arbitrary code to run when the system uses the converter to open a maliciously crafted (Word Perfect) document.” Are you confused, yet? Just keep in mind that anything that allows “arbitrary code to run” is very, very bad.
As of last week, 24 Office flaws had been found thus far this year, which is six times the number found in 2005. In fact, a new Office patch was issued today, as part of Patch Tuesday, bringing the total to 25. Things are so bad at this point, since Office is installed on many millions of computers around the world, that Symantec, mimicking the Department of Homeland Security, has issued a “ThreatCon Level 2” alert. The alert states, “We have recently released a Threat Alert discussing the in-the-wild exploitation of an unpatched Microsoft Office vulnerability.” This means that yet another security flaw in Office has been found, for which Microsoft has not yet issued a fix, and probably will not issue a fix for another month!
Get Office updates at the “Office Family” link on the Windows Update website. Have your Office CD on hand, and do it today.