It’s the second Tuesday of November, which means it’s time to update all your Windows computers. This month’s announcement lists eight bulletins, affecting Windows, Office, and Internet Explorer.
Another new exploit has been discovered by security researchers, this one affecting Internet Explorer. The exploit uses two as-yet unpatched vulnerabilities in IE 7 through 10.
Microsoft is obviously concentrating its development efforts on Windows 8, but they haven’t totally forgotten that much of the world still runs Windows 7. Windows XP users are out of luck, but Windows 7 users can now install Internet Explorer 11, which was previously only available for Windows 8.
Tuesday, November 12 will see a modest batch of updates from Microsoft. There will be eight bulletins in total, with five Critical updates addressing vulnerabilities in Windows and Internet Explorer, and three Important updates addressing vulnerabilities in Windows and Office.
Microsoft has issued a security advisory to users of Office on Windows Vista. A newly-discovered vulnerability in Microsoft Office versions 2003 through 2010, when running on Windows Vista, is already being exploited by nefarious hackers.
If you are using Office 2003 to 2010 on Windows Vista, you should take steps to protect yourself until Microsoft releases a patch for this vulnerability:
This vulnerability also affects Office 2003 through 2010 running on Windows Server 2008, but you shouldn’t be running desktop applications on server software anyway, right?
I don’t have a smartphone. I’ve fiddled with them, and I use one for app development. But the mobile device I actually use for day-to-day phone communication is an ancient Nokia 2610b.Hey, don’t laugh – it works.
I’ve never had any issues with call quality, or any other problems with this phone. It lets me download media from arbitrary web locations and use any sound file as a ring or other tone. It’s sturdy; I literally use it as a beer bottle opener. Of course it doesn’t have a full keyboard, and the buttons are tiny, but I’m no rapid-fire texter anyway. The display is very basic, but it works for me.
I’ve been tempted on many occasions to buy a smartphone. The coolness factor alone has almost triumphed, but so far I’ve resisted its lure. Sure, smartphones can do lots of cool stuff, and I have no doubt that if I owned one, I’d spend a lot of time playing with it. But in the end, the only features I would really use are the phone, contacts, text messages (including alerts from Google Calendar), and occasionally the timer and alarm.
Until today, I thought I might end up using the 2610b until it died (which is unlikely), the battery stopped holding a charge (original battery is still going strong), or somehow it was no longer supported by my carrier (also unlikely).
What changed my mind? Microsoft released a mobile version of Remote Desktop. That’s the software I use to remotely control the Windows PCs I administer. I use it to administer the media computer downstairs, and the server next to me. I use it to manage client computers in this and other cities. And I use it to access my main PC when I’m elsewhere. It’s indispensable. And now it runs on Android and iPhone devices.
This changes everything: now I have a valid reason to buy a smartphone. But I’ll continue to resist as long as I can.
Windows 8 Service Pack 1 Windows 8.1 is now available. If you’re not already running Windows 8, you can purchase 8.1 from the Windows Store. If you are using Windows 8, you should start seeing prompts in the Windows Store to upgrade to 8.1 (a free download).
In the past, when a Windows Service Pack became available, savvy users tended to stay away until the inevitable problems were resolved. I don’t see any particular reason to charge blindly into Windows 8.1 either. My advice is to wait for at least two weeks and monitor this and other tech blogs for reports from early adopters.
Ars Technica and The Verge have additional information:
Patches from Microsoft and Adobe were announced today, along with a new version of Flash.
Eight bulletins from Microsoft fix security vulnerabilities in Windows, Internet Explorer, .NET, Office, Windows Server and Silverlight.
The Microsoft Security Research Center as usual provides a more friendly overview of this month’s patches, while the SANS Internet Storm Center provides a wealth of technical details.
Next Tuesday, October 8, will see patches from Microsoft (for Internet Explorer, Windows, .NET, Office and Silverlight) and Adobe (for Reader/Acrobat).
Given that the vast majority of Windows systems are configured to download and install updates automatically, it’s critical for Microsoft to ensure the quality of those updates. One seriously bad update could cripple millions of Windows computers.
boot13