If you just got to work and Windows Update hasn’t been buzzing away in the background, you should probably check on it immediately. Microsoft has published an emergency update for users of all Windows systems from Vista and Server 2003 upwards, addressing a critical security hole.
Even though November’s Patch Tuesday — Microsoft’s usual round of monthly updates addressing operating system (OS) holes — has come and gone, Microsoft is constantly looking for potential exploitation opportunities within its OS framework.
No ad to show here.
The “Out-of-Band” patch addresses a Keberos (a network authentication protocol) flaw which could allow “an attacker to elevate unprivileged domain user account privileges to those of the domain administrator account.” That’s not something anyone really wants.
“By impersonating the domain administrator,” it continues, “the attacker could install programs; view, change or delete data; or create new accounts on any domain-joined system.” That’s definitely not something anyone wants.
Although non-Server versions of Windows (including Vista, 7, 8, 8.1) are not marked as severe, it is recommended that you perform a Windows Update regardless. These systems will have the update provided as a “defense-in-depth basis” or an approach that uses “multiple layers of defense in place to help prevent attackers from compromising the security of a network or system.”
Essentially, Microsoft is slathering your OS in digital bulletproof vests.
Those running versions of the Windows Server Core installations, Windows Server 2003, Windows Server 2008 or Windows Server 2013 should all update immediately.
And if you’re running desktop Windows and haven’t received and installed Microsoft’s Patch Tuesday updates, shame on you.
If you’re not quite sure how, it’s as easy as hitting the start button (or tapping Windows key in Windows 8) and typing “Windows Update” into the search bar. Click the result and you’re good to go.