With the regular security updates released by Microsoft to patch their software, consumers could be excused for thinking that this is due to product faults or flaws. However, the savvier of us will be aware that there are many out there who seek to exploit software code for financial gain or through malicious intent.
This leaves Microsoft in the difficult position of wanting to please customers by ensuring vulnerabilities are reduced as much as possible and not inconveniencing them with barrages of changes to their software.
So, beginning way back with Windows 98, Microsoft began issuing updates for their operating systems. The modern ‘Microsoft Update’ is a streamlined process which keeps track of which updates are installed on an Operating System and also other installed Microsoft applications. Where an update is missing, this will be listed with either a ‘critical, important, moderate and low’ level vulnerability.
It is typically the case that users would see an alert on the desktop notifying them of these updates being made available on the 2nd Tuesday of every month – known as ‘Patch Tuesday’. (Over here in the UK, the updates are mostly seen to be available on the second Wednesday due to time differences). Equally, this can be configured to automatically download and install updates at a scheduled time. The default settings for updates to be applied are 0300 and will install critical and security updates only.
This update process can be further managed by a remote solution (such as Windows Server Update Services) which will allow an administrator to approve or reject certain updates from being deployed to multiple servers – thus allowing vetting of updates prior to deployment (though this practice should be carefully controlled as lack of approval will result in a vulnerability being present for longer than is necessary).
This ‘Patch Tuesday’ – for February 2010 – sees the release of 13 updates which apply to the following Microsoft Operating Systems and you can find out more on the implications of the updates to your systems here.
- Microsoft Windows 2000 Service Pack 4
- Windows XP Service Pack 2 and Windows XP Service Pack 3
- Windows XP Professional x64 Edition Service Pack 2
- Windows Server 2003 Service Pack 2
- Windows Server 2003 x64 Edition Service Pack 2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2
- Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2
- Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
- Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2
- Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems
The great value in these updates provided by the software giant is to protect their software against these threats and hence protecting the businesses which rely upon them to function.