In case you thought that April was looking a little quiet, another vulnerability has just been found in Windows, and it’s currently thought to be critical. Whilst Microsoft has been on it pretty sharpish, there are things that you need to do to protect yourself if you’re a Windows customer.
The vulnerability – which is currently lacking a cool name, sadly – is called MS15-034 and indexed as CVE-2015-1635, if you’re into that kinda thing, and is basically a vulnerability in IIS (Internet Information Services).
What you need to know is that it’s very critical, and could be used for remote code execution – which is where an attacker can get into your computer and make changes from wherever they are – or as a simple DDoS (distributed denial of service) tool, which is where attackers flood a site with traffic in order to knock them offline.
If you’re a UKFast customer, this patch is already on UKFast update servers and will apply automatically from Friday, but because of the critical nature of the situation we recommend doing your own updates as soon as you can as a precaution.
You can update your system using these simple steps:
How to install Windows updates on server 2008 R2
Click ‘start’ and select control panel
(If the control panel is different to the above, ensure “view by: small Icons” is selected in the top right corner)
Click “Windows Update”
Click “Check for updates” – this will then check for any missing updates
Once complete click “install updates” – the server may then need a restart to apply updates.
How to install Windows updates on server 2012
Click ‘Start’ and select control panel
(If you can’t see the control panel button, click the start button and type “control” – the control panel button should then appear)
Click “Windows Update” then “Check for updates”
Once complete click “install updates” – the server may then need a restart to apply updates.
Click “restart now” to confirm updates.
