We all know that Microsoft Windows Security Updates mainly patch the Windows Operating System and various Microsoft software i.e. Microsoft Office, but there are more serious problems for other 3rd-party software developers. You couldn’t have failed to notice the Windows Security Update earlier this month – it was the biggest in Microsoft’s history! How end-users deal with the ever increasing volume of Windows Security Updates is also of prime concern within the security industry. There is no obvious solution to this problem at the moment.
Some security updates also cause system related problems i.e BSOD, CPU/RAM drain or some hardware failure – so it’s important end-users are educated into understanding the reason for software security updates. It’s also VERY important that software security update problems be identified quickly (by the companies that distribute them – this isn’t just Microsoft but all software developers) to avoid for example, operating system boot problems.
One main concern in the security community though, are the obvious exploit threats from vulnerable Windows DLLs (which are also delivered as part of software updates). There are thousands of applications that are vulnerable to DLL exploits and more often than not end-users appear to be being left in the dark when it comes to preventing the DLL threat. Most end-users do not know about or care about DLLs – but software developers and hackers do!
Programmers use the DLL (Dynamic Link Library) to free up access memory (RAM). The DLLs only run when needed so you can see the system/software performance advantages. There are though security concerns. Any place where the attacker can put both the files to be opened by an application and a malicious DLL can be used to attack an operating system. Scary stuff indeed!
Safe surfing folks!