Another second Tuesday of the month and another set of patches from Microsoft HQ in what seems to be the endless and potentially futile task of preventing the rise or fall of the machines.
This week, which is the last in which updates for the darling of the Microsoft product suite that is Vista (so long, farewell, good riddance), fixes a bug in Microsoft Word which is, or was, if you have applied your patches like sensible people, being actively exploited to drop Dridex malware onto unsuspecting users machines.
Researchers at Proofpoint have uncovered a mass mailing scam where mails purporting to be from your scanner or copier, or more boringly from “documents”, “no-reply” or “noreply” include a jacked Word document, which deposits the Dridex banking Trojan. With millions of recipients in the hit list, it is probably a good idea to have a think if you might have opened an email from your peripherals, perhaps in the hope of them professing their affections and asking for a quick shot of ink or some such. You can read Proofpoint’s excellent work here.
Regular readers of Microsoft’s straightforward TechNet security fix lists will have noticed that in act of total evilness, Microsoft has decided to move to a new, nasty, buggy table format which makes it quite difficult to get the low-down on the month’s nastiness. This month for instance, there were 39 other issues fixed – including yet another serious Internet Explorer escalation of privilege bug. These were not immediately apparent from the new format and security professionals all over are having a good old whinge. Graham Cluley has a minor whinge here, however this is nothing compared to El Reg’s toys out of pram, breath holding, feet kicking rant.
Mistake or deliberate obfuscation? What do you think?
As usual, we recommend that everyone gets with the program and does the patching before diving into a mound of Easter eggs, or holiday eggs, or whatever they are called these days.
If you are feeling lost about the state of your estate and are worried about the patch levels of your stuff, ITC has some pretty nifty technology to help you stay on top of the situation and restrict the access of unpatched machines before they rise-up and do for you. If you would like to talk to us about patching or chocolate, please contact us at: [email protected] or call 020 7517 3900.
Microsoft Vista was released in October 2009. It is and has always been rubbish. A loathsome operating system that should have been given the chop before it saw the light of day. If you are still using it then after you have sought medical attention, get rid of it now. Hasta la Vista and a Happy Easter, babies.