I often get asked, “do I need to worry about this update?”. I figured it was asked enough that I should just post the answer as this is what our Blog is for! This question arises typically after a customer receives an email alerting them to the latest vulnerability and telling them to make sure they have their Windows up-to-date.
To answer this question quickly and basically, YES, as a standard rule of thumb you should keep your Windows operating system and Internet Explorer up-to-date with the latest updates provided by Microsoft.
If you want my detailed answer keep reading. On average, there are about 3-4 “critical” security vulnerabilities found in Microsoft products each month. A “Critical” update typically indicates that your computer could be easily compromised under the right circumstances and the update to fix it should be installed ASAP. It’s important to note the phrase “under the right circumstances”. For those who are connected at home behind a private router or wireless access point, you’re most likely not considered one of those at risk. If you connect to a public wi-fi or are connected directly to the Internet with no firewall/router then you are more at risk. For the standard users I would say update as soon as possible.
For businesses or those who need reliability over quick security, continue reading.
Our company generally balances patching quickly with patching quality. On rare occasions the update can cause system performance or instability issues which are more problematic to the end-user than the potential for a security risk. If you look at the whole idea of how the vulnerability patch and fix system works you’ll see that there is no method to know how long a vulnerability has been known or even used on the Internet. Once Microsoft finds out about it they create a patch to fix it. So even though a new vulnerability is made known and Microsoft releases a patch, there is no way to know if it has been known by someone for over a year or just a few weeks. Having this understanding puts perspective to the “urgency” of installing these patches.
All this to say it is important to weigh the need for security with the need for stability. Waiting about 1 week usually is long enough to let everyone else test out the patch in order for you to know if it is stable enough for your production use.
Learn more about our products and services by visiting our website http://www.mcsmetro.com
Daniel Multop
IT/IS Specialist & Owner of Multiple Computer Solutions, Inc.
News & Information 