Automatic Updates from Microsoft
If you're a regular reader you know, I'm not a big fan of automatic updates. I like to take a wait and see approach to make sure new bugs aren't introduced in an update. Sometimes obscure bugs don't show up during testing but when a large group updates the results can be surprising.
Lately, I've had to go with a hurry up and get the update immediately on the Tuesdays when Microsoft releases their security updates. In the past, it hasn't been unusual for serious security flaws to be found in Windows but there wasn't a rush to update.
What has changed? The bad guys are quick to take advantage of these flaws and are quickly releasing threats into the wild. Programming examples of exploits are being posted so anyone can learn how to use them. We're starting to see web sites using security holes within 24 hours of a security alert being issued. While IDS programs like WinPatrol will catch the attack, traditional security programs will miss them.
Last month it was the zero-day WMF Exploit. This week Microsoft is patching a number of exploits including MS06-005:Vulnerability in Windows Media Player....
Microsoft Security Bulletin Summary for February, 2006 will describe the 5 Important updates and 2 Critical updates released in just the first two weeks of the month.
I'm still not a fan of auto-updates but I do recommend regularly going to Windows Update which is available on the Internet Explorer Tools menu or in some cases right on the Start Button menu.
Windows XP users have an option that I like under the Windows Security Center. I recommend the option "Notify me, but don't automatically download or install them." When notified you can then review the need for updates before installing.
Whenever a problem is caused by a security patch, it's a free call to Microsoft. The number to start with is 1-866-PC-Safety. Other numbers and information available at http://support.microsoft.com/?pr=SecurityHome