Microsoft’s SRU day: Second Tuesday of every month

  • The Microsoft Security Response Centre (MSRC) provides monthly updates via the Security Update Guide, addressing vulnerabilities in Microsoft products and services.
  • Microsoft categorises vulnerabilities as Low, Moderate, Important, or Critical based on potential impact, guiding users to prioritize patching accordingly for effective risk mitigation.
  • ystem administrators can configure Windows Update for automatic installation of critical updates, ensuring timely protection. This involves installing patches, verifying success, and managing

OUR TAKE
Windows system vulnerabilities can cause users’ devices to be attacked by hackers. In order to ensure the security of the device, Microsoft’s security response is very timely and can effectively prevent risks.

-Sissy Li, BTW reporter

Microsoft plays a pivotal role in ensuring the security of its products and services through regular security updates. Coordinated by the Microsoft Security Response Centre (MSRC), these updates are crucial for addressing vulnerabilities and safeguarding systems against emerging threats. This article explores Microsoft’s security update process, its risk rating system, and implementation steps for effective security management.

Also read: Microsoft to train Philippine women in AI, cybersecurity

Also read: Microsoft invests A$5B to fuel Australian cybersecurity, tech

What are microsoft security updates?

The Microsoft Security Response Centre (MSRC) is responsible for investigating all security vulnerability reports that affect Microsoft products and services, and provides information here as part of its ongoing efforts to help you manage security risks and protect your systems. Microsoft updates the Security Update Guide every month, and recommends that users read it carefully and install it according to the guidelines. Microsoft usually releases updates on the second Tuesday of each month (known as Patch Tuesday), but it will provide updates as long as new updates are urgently needed to prevent newly discovered or popular vulnerabilities. System administrators can configure Windows Update to automatically install critical updates for Microsoft Windows as long as the computer has an Internet connection.

Microsoft security update rating system

It is rare that an attacker exploits a previously known vulnerability. Instead, they exploit vulnerabilities that have patches but have not yet been applied. Therefore, they recommend that users prioritise patching vulnerabilities, and these recommendations are listed in the security update guide. However, not all vulnerabilities are equally serious. To help users understand the risk of each vulnerability, Microsoft has released a risk rating system to evaluate vulnerabilities. This system evaluates based on the worst-case scenario when the vulnerability is theoretically exploited.

The system is divided into four levels:

1. Low: The characteristics of the affected component can mitigate the impact of the vulnerability. Users can decide whether to perform security updates at their own discretion.

2. Moderate: The impact of the vulnerability is largely mitigated by authentication requirements or only applicable to non-default configuration factors. Users should consider performing security updates.

3. Important: The vulnerability may be exploited to cause user data damage, data leakage, etc. Users should perform security updates as soon as possible.

4. Critical: The vulnerability may allow code to be executed without user interaction. This includes malware and some unavoidable situations, that is, code execution without prompts. This may mean that web pages and emails have been viewed. Users should perform security updates immediately.

How to do microsoft security updates?

1. Install Microsoft Windows Security Updates.

2. Upload the KB file to the Digital Vault server machine.

3. Navigate to Services Management.

4. Install the Windows patch for the relevant Operating System.

5. Verify the KB installed successfully on the server.

Microsoft issued an emergency update notice

In 2021, Microsoft issued an emergency notice to users to inform them to update their security systems immediately. A security vulnerability called PrintNightmare affects issues related to the print background processing service in the Windows system. The vulnerability allows multiple users to access a printer. Microsoft reminds users that hackers will use this vulnerability to install programs, view and delete data, and even create a new user account with full usage permissions. This allows hackers to have enough control over the user’s computer to cause serious damage.

Sissy-Li

Sissy Li

Sissy Li, a news reporter at BTW media dedicated in Fintech and Blockchain. She graduated from Macau University of Technology and Science. Send tips to s.li@btw.media.

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *