Wednesday, November 14, 2007

Windows update offers defence against DNS spoofing

Microsoft released a critical patch involving IE7 and an important patch to guard against DNS (Domain Name System) spoofing on Tuesday - The Register

A new Microsoft patch is currently out. Please note that downloading this patch is vital, since this IE7 update protects your computer against attacks and other vulnerability. Obviously, the latest Microsoft patch is an important one. It is already available on Windows Update as I write. How do you decide if a Microsoft patch is a must-have or a may-have, though?

Veteran browser security researcher Michal Zalewski is reporting an "entrapment" vulnerability in Internet Explorer 7. Lucky for some of you, this issue only affects customers on Windows XP with Internet Explorer 7 installed. The major focus on this Internet Explorer update has been security and particularly the phishing filter. To date, Microsoft has released fixes for 19 security flaws in several of its products, including Internet Explorer 7, Office 2007 and Exchange 2007. Windows XP users who also run Internet Explorer 7 are notoriously at risk to such vulnerabilities.

Patching systems with the latest software update is important. Attack code follows patch updates, but hackers tend to not bother with difficult to hack victims.

Information about this vulnerability and patch is located at the Windows Update website. Instructions to download this MicroSoft patch is also located there. Common wisdom is that the Microsoft patch is essential for all XP users, but that some precautions are required beyond what the update provides.