ALERT! Off Schedule Windows Update

Windows UpdateImage via WikipediaAffects All Windows, Even Vista

If you don’t do anything else on December 17th, GO TO WINDOWS UPDATE OR MICROSOFT UPDATE and get your pc patched.

A new exploit trojan which can install itself on your computer without you knowing has been admitted by Microsoft. The potential exists on ALL VERSIONS OF WINDOWS, AND ALL VERSIONS OF INTERNET EXPLORER.

From Microsoft Technet:

Microsoft Security Bulletin Advance Notification issued: December 16, 2008
Microsoft Security Bulletins to be issued: December 17, 2008

This is an advance notification of an out-of-band security bulletin that Microsoft is intending to release on December 17, 2008.

This bulletin advance notification will be replaced with the revised December bulletin summary on December 17, 2008. The revised bulletin summary will include the out-of-band security bulletin as well as the security bulletins already released on December 9, 2008.

For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification.

To receive automatic notifications whenever Microsoft Security Bulletins are issued, subscribe to Microsoft Technical Security Notifications.

Microsoft is hosting two webcasts to address customer questions on these bulletins: on December 17, 2008, at 1:00 PM Pacific Time (US & Canada) and December 18, 2008, at 11:00 AM Pacific Time. Register now for the December 17 webcast and the December 18 webcast. Afterwards, these webcasts are available on-demand. For more information, see Microsoft Security Bulletin Summaries and Webcasts.

This trojan is ALREADY ON THE WEB and people ARE BEING INFECTED. Usually, Microsoft has an idea where possible exploits could occur, but this time they were caught unawares until it was too late.

Don’t think that Vista is going to protect you. Don’t think that your firewall will protect you. Don’t think that any anti-virus program will protect you. GET THE UPDATE. It’s the only way to protect your system.

From CNET:

The risk is believed to be widespread, given that IE 7 is the latest version of Microsoft’s browser and is bundled with XP service pack 3 and also Vista, said Dave Marcus, director of security research and communications for McAfee’s Avert Labs.

The AZN Trojan, which has been making the rounds since the first week of December, has the potential of infecting users’ system with a Trojan horse, or “downloaders” that can download other forms of malware onto a user’s system.

Microsoft announced it will release a security patch Wednesday via its automatic update system to patch users computers.

Users can potentially get infected two ways, Marcus said. One is to visit a malicious Web site that already has the malware installed on the site, or visit a legitimate site, in which the attacker has inserted the malicious script to run in the background, leaving visitors unaware their systems have been compromised.

“A lot of Web sites are pushing out this exploit,” Marcus noted. Some of the infected sites include Web sites that offer free wallpaper for mobile phones to sites that feature property to product-related sites.

Microsoft is encouraging users to update their systems once the patch is released Wednesday at 10 a.m. PDT.

(EDIT 7:10 7:20am 7:45am 8:01am Eastern)The patch is still not up on the Microsoft site. Keep checking their site until it’s available!

Here are the links, if you need them:

Windows Update

Microsoft Update


The update patch will be available after 7am Eastern time. If it’s already after 7am, GET OFF WORDOUT AND GO THERE NOW!

Two things to remember:
1. You need to use Internet Explorer when going to Windows/Microsoft Update.
2. Restart your pc immediately after the update is installed.

I am Jon, and you can bet, if it’s after 7am I am patched. (unless the patch is unavailable until later! See EDIT above.)