Keeping Windows software up-to-date
New bugs and vulnerabilities are constantly being found in Windows and in Windows applications. All too many of these problems can lead to your PC being broken into over the network. It is important that you keep the software on your PC current with respect to patches. It is especially important that you do this if you are running network-accessible services such as IIS or SQL server, since new vulnerabilities are frequently discovered for them. (Off-site links on this page will open in a new browser window.)
Note:Starting in March, 2004, SCS Facilities will be automatically deploying patches to most PCs in the SCS Windows Domain.
Windows UpdateWindows Update is Microsoft's service for updating desktop operating system software. It is recommended that everyone regularly run Windows Update on their PC to keep their operating system up-to-date. To run Windows Update, select it under the Start menu (it may also be under the Start|Programs menu) or go to the site http://windowsupdate.microsoft.com. At the minimum, you should install all critical updates.
Some caveats about Windows Update:
- Some of the most recent security advisories may not immediately make their way into Windows Update. See the Microsoft Hotfix & Security Bulletin Service for the most current list of Microsoft security advisories.
- You will need to be logged in as Administrator or in the Administrator group to run Windows Update. Also, your browser has to allow Active X controls from the Windows Update site to be run.
- It does not cover updates for many Microsoft application and server products (see the section on updating application and server software for more details), nor does it check for software cofiguration issues such as security settings and sharing.
There have been very few cases reported in SCS of problems caused by running Windows Update. However, if you do run into problems with your PC after running it, or if you have problems running Windows Update, contact firstname.lastname@example.org or call the SCS Help Desk (x8-4231; M-F, 9-5).
Windows Update covers the following software:
- Microsoft desktop operating systems (Windows 98, ME, NT 4.0 and XP).
- Internet Explorer
- Internet Information Server (IIS) 4.0 and 5.0.
It does not cover other applications, nor does it cover security updates specific to other Microsoft server products.
Updates for Microsoft Office products can be found at Microsoft Office product updates page. Note that you should not use this service if your Office products have been installed from a server (which is the case for most Facilitized PCs).
If you are running SQL server on your PC, or on a PC that you administer, it is recommended that you run the Microsoft Baseline Security Analyzer. The MBSA will not only check for available hotfixes for SQL server(and also for some other software), but also identify some common SQL configuration and password vulnerabilities. You may also wish to look at www.sqlsecurity.com for more information on securing SQL server.
If you are an administrator for a group of PCs, or administer a server, you should regularly check the Microsoft Technet security page for the latest security news and security bulletins, and you may also wish to subscribe to the Microsoft security notification service.
See our documentation on running Windows services for additional information on securing Windows services such as IIS and MS SQL server.