If you are still using IE 7 (start thinking FireFox), as your Internet browser in Windows XP or Vista, then you need to download and apply the MS09-002 patch from Microsoft, immediately.
This patch, released on February 11, 2009, protects against 2 critical vulnerabilities which according to Microsoft “could allow remote code execution if a user views a specially crafted web page using Internet Explorer”.
We have always recommended, on this site, that users ensure that Windows Automatic Update is enabled as a major step in maximizing operating system security. If you have updates enabled, this patch will be downloaded routinely.
If Windows Automatic Update is not enabled on your system, then you should logon to the update site and download and apply this patch immediately.
This critical patch was only one of four, released by Microsoft, on what has become known as “Patch Tuesday”. Microsoft’s Exchange Server, SQL Server, and Visio have also had patches released to shore up vulnerabilities.
This latest vulnerability in IE confirms, once again, the value in doing so.
According to Microsoft “users whose accounts are configured to have fewer user rights on the system, could be less impacted than users who operate with administrative user rights”.
If you are looking for hard data on the benefit of running as a standard user, then checkout these stats from a recent study conducted by BeyondTrust, an enterprise level software developer, which showed:
- 69% of all published vulnerabilities of any severity could be mitigated by running as a standard user.
- 92% of Microsoft critical vulnerabilities were mitigated
- 94% of Microsoft Office vulnerabilities were mitigated
- 89% of Internet Explorer vulnerabilities were mitigated
- 53% of Microsoft Windows vulnerabilities were mitigated
So, if you have not made it a practice to run as a standard user while surfing the Internet, I have only one question for you – what are you waiting for?