Tuesday, October 13, 2009

White Belt Exercise: Patching for Microsoft's Black Tuesday

Today both Microsoft and Adobe released a large number of patches. If you are running any version of Microsoft Windows, you should run your Windows Update or Microsoft Update program. This will allow you to download and install the latest patches from Microsoft.

Today was Microsoft's October Black Tuesday for 2009. They identified and released approximately 15 Critical patches. When a patch is rated Critical, it means you have to install it 'now'.

If you have been practicing your breathing exercises as previously suggested, you will have an idea of what 'now' means. Now is only experienced in the present moment. Your breath is always in the present moment. Follow your breath. Apply the Microsoft patches 'now'.

Just as serious, Adobe is in the process of releasing patches for 29 identified vulnerabilities. If you have any Adobe products installed, and I know you do - because I do not know a single person who has not used Adobe Acrobat Reader, and most people use the Flash plug-ins for their favorite browser; then, you need to go to: http://www.adobe.com/support/security/bulletins/apsb09-15.html

This is a very good example of why you need to 'know yourself' as Sun-Tzu said. In this case 'knowing yourself' is knowing what you have installed on your computer. As you see, you must patch. You may also note that using the automatic patching methods provided by Microsoft does not patch everything you have installed. There is additional effort in order to patch all other software, in this case the Adobe software.

When I say "patch all of your software" - do you know which software I mean?

Do you have a list of every single program you have currently installed on your computer? If not - you must have delegated that responsibility to someone else. You should make certain that person is patching 'all' of your software. If you are complying with a regulation such as HIPAA or SOX, making certain extends to having documented validation. If you are just a lone home computer user - the idea that someone else is responsible for patching your system is probably just fantasy.

As an exercise that will enhance your cyber-jutsu, create a spreadsheet or a database to track every piece of software installed on your computer. As we have said before, all things which are 'extra' must be cut away. If you see there is software on your computer that you do not use - uninstall it. Don't be a pack-rat with software. If you don't use it - you won't remember to patch it.

Complete your list of all installed software, and you will be closer to 'knowing yourself', and your cyber-jutsu will have improved. If you are responsible for many computers, I suggest you use a database such as MySQL which was recently acquired by Sun Microsystems, who in turn recently merged with Oracle.

All Green and Black Belt students should have already found White Belt students to patch their systems for them, or already have done it themselves. To leave a system unpatched is irresponsible - to not know that your system is unpatched is ignorance.

No comments:

Post a Comment