My first Microsoft security bulletin Web cast

Tuesday's "out-of-band" update forces IT guys to reorder patch priorities

Although I've covered Microsoft for several years, Tuesday was my first opportunity to participate in the hallowed ritual of watching a Microsoft security Web cast. Here are a couple of observations.

Co-hosting the roughly 50-minute program were Microsoft's Adrian Stone, senior security program manager lead, and Jerry Bryant, general manager of response communications, doing their best to banter as though anchors of ESPN's SportsCenter if SportsCenter were shot on a $49.95 Web camera. But, of course, the 300-plus viewers weren't there for the production values but for important information about critical "out-of-band" security update MS10-018.

MS10-018, as we've reported, is a set of patches to fix vulnerabilities in Microsoft software, particularly versions 6 and 7 of Internet Explorer, that were targeted by a zero-day exploit that was spreading so quickly, Microsoft felt compelled to issue this update out-of-band, meaning this was too important to wait till the next "Patch Tuesday."

As Bryant and Stone explained, this exploit started out slowly in early March, launching targeted "drive-by" attacks on a small number of users through malicious Web sites. But once the attacks escalated, Microsoft got more worried.

"With issues like this, once they go public and then you start to see a transition to more of a public, broad swat at attacking anybody who drives by the Web site, that's when we started to see that it was transitioning into that realm," said Stone. "So we accelerated the testing as quickly as we possibly could [on the patches]."

While trying my best to follow the Web cast, I was having technology issues of my own. I lost my connection three times during the program and had to scramble back through several screens to find where to reconnect. Comically, it happened when one of the hosts was restating the URL of a Microsoft blog that detailed the geographies from which the attacks emanated. "And the URL is..." and then the connection was lost. It was like watching a TV murder mystery when the detective says "...and the killer is..." and your cable goes out.

While all this was going on, I was pestered by pop-up messages telling me "An update to Microsoft Live Meeting is available. Would you like to install it now?" Uh, no, not while I'm trying to watch a Web cast. (Memo to myself: Constantly dropping the connection and being invited to install an update may be related.)

I took particular interest in the geographic origins of the attacks because it's an issue I've written about before. As the Microsoft Malware Protection Blog notes, 80 percent of the attacks at issue in this exploit were launched from China, 11 percent from Korea, 5 percent from the U.S. and 4 percent from elsewhere. At the RSA Conference 2010 in San Francisco, a panel of cybersecurity experts advised taking action against criminal, if not state-sanctioned, cyberattackers from China, as well as Russia. And, has been reported widely, recent attacks against Google and other companies' computer networks, were traced to China.

My other takeaway from the Web cast was the diligence it takes system administrators to keep up with security patches. They have to prioritize which patches to install first depending on the configuration of their network. Of course, when Microsoft hosts an "out-of-band" security update they're telling techies they might want to install this update first and then go back to the others.

I understand that, for instance, updating to IE 8 from IE 6, can be a considerable undertaking. One reader of a previous post on ending Microsoft support for IE 6 replied: "I still have PCs running Windows 2000. They are running well and running reliably, so I really have no reason to spend time and money to upgrade them. The problem with eliminating support for IE6 is that none of the newer Microsoft browsers will install on Windows 2000."

Point well taken, but so is this observation by Adrian Stone on yesterday's urgent Web cast. For users of IE 8 on Windows 7, the latest browser on the latest OS, "The attack that is currently being leveraged does not actually impact you. It's pretty much a nonevent at this stage."

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2010 IDG Communications, Inc.