Do you use Windows Essentials? If so, let the Windows Automatic Updater do its job, but no hurry.
Along with their nine other Patch Day bulletins, Microsoft released a less significant software update for Windows Essentials; a suite of free and optional productivity applications for Windows. Essentials consists of a menagerie of applications, including basic photo gallery, blogging, email, instant messenger, and movie editing software. Many of the applications are cloud-based.
In any case, according to one of today’s bulletins, Windows Essentials suffers from a relatively minor information disclosure vulnerability. If an attacker can get a Windows Live Writer (the blogging app) user to click a specially crafted link, he can leverage this flaw to overwrite some of that user’s files. Certainly not a good thing, but also not the worst flaw in the world.
I personally doubt many business user leverage the Essentials suite, so I don’t think this particular issue poses a huge risk to our readers. That said, if you do use the Windows Essentials Live Writer program, then you certainly wouldn’t want to lose content based on this sort of attack. So I would definitely apply Microsoft’s patch, though there’s no rush. You can find more details about the update in the “Affected and Non-Affected Software” section of Microsoft’s bulletin. — Corey Nachreiner, CISSP (@SecAdept)
Me and my colleagues prefer different tools for different needs (from different vendors). From the end of 199X I’ve preferred to take Microsoft as “Operation System Vendor”. And honestly – this is an axiom (which I can’t find controverted evidence) for me, though I’ve worked with ISA Server, System Center family and so on…
I mean, that they are MUCH MORE “Operation System Vendor”, THAN Security vendor for me personally… 🙂
I mean, that they are MUCH MORE “Operation System Vendor”, THAN Security vendor for me personally… 🙂