Internet Security Systems - AlertCon(TM)

Why you must run Windows Update after every component installation

Posted by Chris Valasek on June 10, 2008 at 3:39 PM EDT.

Unfortunately, there are many people out there who face unnecessary exposure to the remote code execution vulnerability that Microsoft dislosed in WINS today (http://www.microsoft.com/technet/security/bulletin/ms08-034.mspx). Furthermore, it is likely that vulnerable machines will continue to appear on corporate networks for a long time to come.

In a previous update, Microsoft limited the vulnerable WINS feature so that it only listens for traffic from localhost, but many people haven't received that fix because they ran Windows Update before they installed WINS on their machines. Furthermore, people who follow a similar pattern in the future will continue to be exposed, as they won't recieve today's patch fix either.

Windows Update only installs security patches for components that are installed at the time it is run, so if you add a new component (with the Add/Remove Windows Components feature) that component could carry security vulnerabilities with it by default. Those vulnerabilities will not be patched until the next time that Windows Update is run. If you are only running Windows Update monthly, you could face an entire month of exposure. So, please, always remember to run Windows Update immediately after adding any new component.

Comments or opinions expressed on this Weblog are the opinions of the authors alone. They are not necessarily reviewed in advance by anyone but the individual authors, and neither IBM Internet Security Systems nor any other party necessarily agrees with them. The views expressed by outside contributors and links to outside websites do not represent the views of IBM Internet Security Systems, its management or employees. All content on this Weblog has been made available on an “as-is” basis, and IBM Internet Security Systems shall not be liable for any direct or indirect damages arising out of use of this Weblog.