All four of the critical bugs could allow attackers to remotely execute programs on a targeted system, something that in the past has allowed hackers to steal personal information such as passwords or take over machines for the purpose of sending spam.
The patches were released as part of the company’s monthly “patch Tuesday” security update for its major software products. The company had originally planned to deliver 16 updates Tuesday, but two are marked as yet to appear. They include one that was expected to carry a critical rating.
At 14, the number of patches is a monthly record for 2013 and 2014.
They include a problem with Windows Object Linking and Embedding that could allow remote code execution if the user visits a website containing malicious code. If the user is logged in as the administrator, the attacker could gain the ability to install programs and change and delete data. A related patch for Internet Explorer fixes the vulnerability with malicious websites and 16 other problems with the software, said Microsoft.
A security update for the Microsoft Secure Channel software in Windows fixes a problem that leaves Windows Server vulnerable to attack from specially crafted packets. The fourth critical patch fixes a hole in Windows that allows attackers to invoke Microsoft XML Core Services from a malicious website and then remotely execute code on a target system.
A further seven patches are marked as important—the second highest rank.
One vulnerability in Microsoft Office allows for remote execution of code, four additional problems allow attackers to assign themselves higher privileges and two allow bypass of certain security features in Windows.
Is it time to upgrade? This is probably the most frequent question I get from my clients. And for good reason. It’s not always easy to tell if upgrading makes sense. Not even for IT Pros.
The reason is simple: It’s complicated. There are a lot of factors which have to be considered when deciding to upgrade, and there are many questions you should ask yourself when planning for your future IT needs.
The first thing to consider when evaluating an upgrade is Cost. But even cost is more complex than you might think.
How much does it cost now? What is the cost of support/maintenance over the life of the product? How long should I expect it to last?
What about the costs of lost productivity if I DON’T upgrade?
What about less tangible costs related issues:
Besides costs, there are also risks. The risk of failure increases with the age of any product. Older stuff breaks. Bottom line.
Besides risk of failure, there are also security risks, especially when we’re talking about software. Older software & hardware drivers are updated less frequently than current versions. Really old software that is out of support may not be updated at all, which can be a problem due to both security and reliability concerns. Some older software may not work properly on newer operating systems, and can pose a risk of data loss due to crashes. Suffice to say you are taking a big risk by using unsupported products on your network. Bottom Line: If you can afford not to, don’t.
Sometimes the question of upgrading is simpler because you might HAVE to upgrade. Forced upgrades are commonplace, and although you may not actually be “Forced”, once you’ve built your company procedures around a piece of technology, you cant always just switch and stop using it.
After technology has been deployed across your business, change can become expensive. Vendors know this, and they’ve learned that most companies will choose to upgrade rather than change software that everyone in the company uses. But even though the costs to deploy a new solution and provide training are more expensive than the upgrade, if your business depends on numerous programs, the cost of upgrades can quickly become a multi-headed monster…one that feeds itself.
The typical scenario goes something like this:
You have to upgrade to the current version of Quickbooks because their payroll feature is no longer supported on the older versions. The new version of Quickbooks won’t run on Windows XP, so now you have to upgrade all of your Quickbooks workstations to Windows 7. Your time keeping program won’t run on Windows 7, so you now have to upgrade that program too, but of course the new version won’t run on Windows XP, so you the rest of the PCs on your network now need to be updated to Windows 7.
Next, you find out that your older version of Office 2003 is crashing due to incompatibilities with some of the newer software as well, so now you also need to update to Office 2013. File format changes between Office versions mean the Office 2013 upgrade needs to be deployed companywide to keep everyone on the same version.
So you bite the bullet and start upgrading to Windows 7 and Office 2013, in addition to Quickbooks. You buy some new PCs, and upgrade some others hoping to get a few more years out of them. Several $1000s into the upgrade process, someone points out that the older workstations, to which you already upgraded with more RAM and larger drives to allow the OS upgrade, are now being brought to their knees by the resource hungry newer versions of software.
Oh yeah, and two of your printers (you know, the ones you’ve had for years, that print perfectly and that you have 2+ year’s worth of toner for) are no longer supported under Windows 7.
So before you know it you’ve replaced all of the PCs on your network, upgraded all of the major software packages, and replaced a couple of printers that didn’t need replacing. Worse yet, you’ve also just set yourself up to repeat the process about 5-7 years from now.
By the time all is said and done, the whole Upgrade question can get pretty confusing. Figuring out what to upgrade can be a daunting task, and without proper planning the expense and risks only increase.
So what do you do? Here are some guidelines.
So what now?
As you may have heard, support for Windows XP officially ended earlier this year. So, should you update those Windows XP computers now? Or replace them?
Well, I know your old Windows XP pcs have already been replaced/upgraded, right? I’m sure you are NOT wondering how big a risk it might be to put off the upgrade awhile. I mean, if Microsoft says you need to buy 20 new PCs this year, you’re just gonna do it, right? You don’t want to piss of the MotherShip in Redmond now, do you?
Well, let’s say you DON’T have an unlimited IT budget…You probably have some tough choices to make.
To help put the question in perspective, ask yourself these questions if you are debating about the XP upgrade:
Ever wish you could remember all of those Windows shortcuts?
Well, here they are all in one place.
Some of these actually date back to well before Windows, the days DOS, of text of green on jet black screens. Sorry. I guess I was waxing a wee bit nostalgic for the bad old days of computing. Anyway, here’s the source link to the Microsoft support article, and all the Windows shortcuts are right here: