It’s an odd, and fascinating day in the realm of Microsoft security. As we noted last week, today is the day for users of various Microsoft products to get their update game on, with some 8 new security bulletins going live to correct a total of 23 flaws.
On the heels of the news, computer security firm Kaspersky is distributing stern words to PC users that we have decided to pass along: “[Among the patched applications today,] both IE and Silverlight are two software clients that are heavily used […]. It would be surprising to not see related exploits added to packs and widely used in attack attempts over the coming months. Please patch immediately.”
This is what you get when you talk to people who deal with this sort of thing all day long. Happily, for the normal, computer-using chap, zero-day flaws are not as bad as all that, at least according to Microsoft. Today in its most recent Security Intelligence Report, the company downplayed the threat of such zero-day problems, calling them the result of poor updating. As summarized by ITNews:
“The company said only 1 percent of exploits targeted newly discovered threats, meaning that administrators should focus on social-engineering scams and keeping software up to date to avoid as many threats as possible, rather than stress over zero-days.”
That actually makes that case that Kaspersky is pushing, that users keep up to date, but it is interesting to note how recycled such threats are. According to the Microsoft copy, some 90% of vulnerability exploration dealt with problems that had been patched, and with the patch available, to a vendor for over a year.
You can read more on today’s Patch Tuesday here. If you want to get the code yourself, head to Microsoft Update.