Microsoft is in the habit of releasing regular security updates and patches on the second Tuesday of each month. This month, though, in addition to the regular patch, the company’s massive user base got a second update that was rushed through development.
Security researchers at Google identified a critical vulnerability in a broad range of Microsoft software that included Microsoft Forefront, Windows Defender and Microsoft Security Essentials.
What these three pieces of software have in common is that they allow your PC to scan incoming files against a known malware database, and simply prevent them from ever hitting your computer in the first place.
Unfortunately, a flaw allowed hackers to dangle a “carrot” in front of the checking routine, which would distract it, fool it into thinking it had scanned all the files and wind up letting the malicious ones onto your system.
Microsoft took the discovery report seriously enough that they assembled an emergency response team to craft a fix and released it one day ahead of their regularly scheduled monthly update. The company got high marks from a variety of security professionals around the web for the speed with which they responded to this latest threat.
In related news, Adobe’s Flash Player got another major update on Tuesday, the same day as Microsoft’s regularly scheduled security update. If you’re still using the beleaguered Flash Player, the latest patch, which addresses seven critical security issues, is welcome indeed. However, most IT professionals are urging companies to retire Flash Player, which, by definition, means retooling company websites.
To this point, companies have been slow to respond to the threat Flash poses, and at present, it stands as one of the top digital security threats companies of all sizes face, simply because it’s so easy for hackers to exploit. If your company still relies on Flash, now is the time to prioritize moving away from it.