An Updating We Will Go

Did you get those Windows Updates today? Well, if you have not, it is time to do so.

Today, Microsoft released two bulletins, MS10-030 and MS10-031, both of which are deemed critical updates.

MS10-030 addresses a vulnerability in Outlook Express, Windows Mail, and Windows Live Mail. Users of Windows 2000, XP, Vista, Server 2003 and 2008 all have a combined “critical” rating, which means that an exploited computer would give the hacker complete control of that machine. If you are using Windows 7 or Server 2008 R2, it is deemed an “Important” issue when an infected email client is installed, however neither of these two platforms have one installed in their default settings.

MS10-031 addresses a vulnerability in the way that Microsoft’s Visual Basic for Applications (VBA) searches for Active X Controls. A Remote Code Execution could be allowed if an application opens a specially designed malicious file and then passes that file along to the VBA runtime. This type of exploitation could allow a hacker to gain complete control of a user’s computer.

There is also, of course, an update for the MS Malicious Software Removal Tool definition file index. As always, you should always run a complete scan of your computer, using the MRT after the update concludes.

I have stated this in the past, but you should always do a backup before doing any updates for the operating system. You just never know when something will go wrong. Malware, or a bad download of the update could render a computer not bootable after the update is installed. Although rare, it has occurred. It is always “better to be safe than sorry”.

One last note, anyone who is still using Windows 2000 or Windows XP SP2 should consider updating to a newer operating system in the near future. As of July 13, 2010, Microsoft will not be supporting these two systems any longer, meaning that no more updates will be available.