• Black Tuesday update

    There’s been a lot of hubub about last Tuesday’s Microsoft patches.

    The best piece of advice: DON’T use Internet Explorer – it’s been compromised once again, and apparently the exploit is widely distributed.

    Tellingly, the only Black Tuesday patch to win ISC Storm Center‘s “Patch Now” status is the IE patch.

    I see some advice from antivirus companies to install the other patches, but I don’t buy it. The .NET exploit might be a problem, but I haven’t heard of any active attacks on .NET – and patching .NET is always so much fun.

    Keep your powder dry. I’m leaving us at MS-DEFCON 2: Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don’t do it.