MS-DEFCON 2: Get locked down, and get IE upgraded ASAP!Posted on January 9th, 2013 at 10:23 Comment on the AskWoody Lounge
Microsoft released seven security bulletins earlier today. As usual, SANS Internet Storm Center has the overview I rely on the most.
SANS only identifies one of the patches, MS13-002/KB 2756145, as being “critical” for regular Windows users – but I note with some distress that Microsoft has already changed the KB article for the patch. SANS says there are no known exploits, so I’m recommending that you avoid this and all the other patches for now.
Make sure you have Windows Automatic Update turned off. Details are on the tab above marked Automatic Update.
Far, far more important is that you get rid of Internet Explorer 8, 7, or 6. Either upgrade to IE 9 (which isn’t an option if you use Windows XP), or switch to Firefox or Chrome. As I explained a few days ago, Microsoft has a Fixit for the security hole in IE 6, 7, or 8. Unfortunately, the Fixit has already been cracked.
If you absolutely must use IE 6, 7, or 8, go ahead and apply the Fixit. But realize there’s a chance you can get hacked in a drive-by attack, where your machine gets taken when you just look at an infected web page. You don’t have to do a bloody thing.
I’m moving us up to MS-DEFCON 2: Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don’t do it.