Regular readers will notice that I've never shied away from writing about Microsoft's Patch Tuesday here, despite the presence of the Data Security blog on IT Bussiness Edge. The crux of the issue is this: Small and medium businesses are far less likely to be paying attention to Patch Tuesdays, as opposed to a full-fledged IT department in the enterprise.
In a recent report, security researchers agree on one thing: that hackers will be quick to jump onto at least one of the 15 vulnerabilities that Microsoft patched as part of November's Patch Tuesday. To summarize, the bug involves a serious error in the way the Windows kernel deals with a certain type of font. This font is used in the applications that make up Microsoft's Office productivity software suite as well as software such as Internet Explorer. As you can imagine, the creation of an exploit will have far-ranging implications.
In fact, Microsoft itself gave the flaw an "exploitability ranking" of 1, meaning that the Redmond-based software giant expects a working exploit to appear in the next 30 days. However, security researchers are more pessimistic, and have voiced their expectations that working exploits will appear even sooner. The scenario for an unpatched computer is dire, noted Jason Miller, the security and data team manager for patch management vendor Shavlik Technologies. Underscoring the severity of the issue, Miller told Computerworld:
Users can be infected simply by browsing to a [malicious] site.
The only solution really is to apply the related MS09-065 update from Microsoft. This typically can be applied automatically via Windows Update. For a quick and free way to determine whether your Window Update patches are up to date though, you can take a look at Secunia's Online Software Inspector.
In a nutshell, the pace at which exploits increasingly are churned out shows how much Patch Tuesdays matter to small and medium businesses. Like it or not, it is of paramount importance that even SMBs respond - and fast, to ensure that patches are successfully installed every Patch Tuesday.