Security Advisor

Microsoft's Already Patching Windows 8?

Who says you need a product to be released before it can join the patching fun? Microsoft's April security update features a "critical" update for Microsoft's .NET Framework running on all versions of Windows -- including the test versions of Windows 8.

Those running either the Consumer Preview or the Developer Preview (released in October of last year) will want to apply bulletin MS12-024 because, even though Windows 8 isn't ready, hackers won't wait around for the release candidate to target Windows' upcoming OS -- if there's a hole, attackers will exploit it.

The hole in question here is of the remote code execution variety, something April's security update is not lacking of. Five of the six bulletins released this month deal with this nasty intrusion

While it may be a bit strange to already be seeing Windows 8 as a receiver of security updates, it's not the star of the show this month. That honor goes towards a cumulative security update for Internet Explorer that plugs five privately reported vulnerabilities. The worst of these can lead to, you guessed it, a remote code execution.

What makes this update so important is that while a hacker may have to jump through a few holes to pull off a RCE attack in, say, Excel or Office, it's a bit easier to do in a Web browser -- all they have to do is to trick you into clicking on a link that you shouldn't be clicking on.

For those who slept through all of this month's Patch Tuesday festivities, get caught up here.

For the 5 Readers Using Vista, Listen Up
Tuesday marked the end of Microsoft providing mainstream support for its highly popular and highly lucrative Vista OS. That means if you want free design changes, incident support or warranty claims for Vista in the future, you're going to have to look elsewhere for them. Microsoft is cutting you off. Unless you pony up the money for a "Premiere Support" contract, then you get all the help you want -- as long as your money is green.

The OS will live out the next five years of its life in the assisted living community known as Microsoft's extended support phase. While many of the support features will now be gone, security updates will still continue. But be forewarnd, after April 2017, your Vista machines (if still functional) will not receive patches to take care of new security issues.

Vista joins XP in the support retirement home, with XP's security updates drying up on April 8, 2014.

China's the Winner on Having the Most Talented Losers
Sites like Facebook and Zynga like to bring hackers onboard for security work. Nobody can secure your Web site better than a reformed thief that knows the ins and outs of the trade. And instead of posting help want ads for hackers on Craigslist, most use online testing tools to find the best.

And where are the best located? China. According to Interview Street, an online company specializing in hacking competitions, nine of the 10 top hackers who have taken part in its challenges are all from China. And that 10th person has no location marked down, so it could very well be a clean sweep for the large nation.

While the U.S. failed to break the top-10, a U.S. user named "ralekseenkov" is ready to make that jump -- he or she currently sits in 11th place.

 

 

About the Author

Chris Paoli is the site producer for Redmondmag.com and MCPmag.com.

comments powered by Disqus

MCPMag.com

Sign up for our newsletter.

I agree to this site's Privacy Policy.

Upcoming Events