Since late last week information security researchers like me have been tracking the technical media for a new and extremely serious flaw in Windows 2000, XP and Vista.
This bug is what is known as a “zero-day vulnerability” which means that it was discovered and publicly announced in the wild before the vendor (in this case Microsoft) had time to write a patch to fix the bug.
Some of the ways an exploit can be installed without your knowledge is either via email or visiting a fake website (called “drive-by browsing” sort of like the “drive-by shootings” that gangs do to each other).
Microsoft did in fact announce today that they will be releasing an emergency security update tomorrow, Tuesday April 3rd, to fix this issue.
What this means for you is that you need to do two things:
- Ensure that your Windows machine is setup to automatically download this patch tomorrow (on Windows XP Service Pack 2, click on Control Panel, then Security Center, then Automatic Updates. Make sure the “Automatic (Recommended)” option is selected.)
- Do *NOT* and I MEAN DO NOT read any email from people you do not recognize or visit any website that you do not normally visit until *AFTER* you install this security patch tomorrow.
If you are technical you can read more details at these various Security Intelligence sites:
Roland