So here it is, the second Tuesday of March and we all know what that means. Yep Microsoft Patch Tuesday! So lets ee what good old Microsoft has patched up for us this month.
The only Critical is a Windows Kernel update, which is patching a hole that, “could allow an attacker to take complete control of your computer if you view a website, email, or document that contains an evil graphic or picture,” according to Eric Schultze of Shavlik Technologies.
Now we all know that a hole in the kernel is bad, and the way this is made to sound this hole can be even worse than other kernel hole, but still I would recommend installing the patch in a test environment first if possible, or at least on a non-mission critical machine. Something about making changes to the Kernel always make me a little leary.
Then there is a series of 4 patches for DNS. Not surprisingly these are for lesser used holes along the Kaminsky DNS attack lines. Definitely get these installed especially with some of the odd ways some viruses seem to be showing up from spoofed DNS.
Finally a patch related to SSL spoofing. Again important, but like the DNS patches, not listed as critical.
Personally, all the patches seem to adress some very serious issues. How SSL and DNS spoofing are not thought of as critical for patching is beyond my comprehension though. At least Microsoft did patch them. Now where is the Excel patch for a major hole in that program?
Mike