Microsoft released a patch yesterday that should be installed promptly on all Windows computers. Most of you will find that it was installed automatically on Monday night. If your computer restarted last night, you’re almost certainly fine – but be alert in case the Windows update icon is trying to get your attention from the lower right corner of your screen! If you want to make sure it was installed, look in the update history on your computer for KB2286198, the reference number for Microsoft’s security bulletin.
The patch fixes a particularly nasty vulnerability, yet another way that the bad guys could take control of your computer and force it to do evil deeds just by luring you to a poisoned web page or convincing you to click on the wrong thing. Microsoft normally issues all its patches on a regular schedule, every second Tuesday of each month, but it released this one “out of band”, when it was ready, because it was particularly threatening and is being actively exploited by fast-spreading viruses in the wild. Here’s an article about the emergency patch, and here are a few more details.
If you are running Windows XP and you have been reasonably diligent, then you installed Service Pack 3 more than two years ago. It is worth noting that Microsoft recently dropped its extended support for Windows XP Service Pack 2 and therefore did not deliver this security patch for those systems. Again, this doesn’t affect those of you running Windows XP Service Pack 3 (look in Control Panel / System if you’re curious). If you have an ancient system, however, or you have avoided service packs for religious reasons, you are at significant risk. (If you’re running a Windows 2000 computer, simply assume it will be taken down at any time. There is no reasonable way to keep it safe if it has an Internet connection.)
Be careful out there! Always follow the rules for safe computing!