Don't forget to update when installing Windows 7

When talking to some colleagues about the installation of Windows 7 RTM (Final Platen Edition), I specifically pointed out that I need to run Windows system update after installing the system. Several system administrators looked at me and felt very funny, and Say they don't think this is necessary.

Run Windows Update

When choosing to install a new operating system, the last thing to do is to check for updates. Of course, I have used A few months of Windows 7 release candidate, Microsoft has to install a fix every month on the patch update Tuesday. There are too many vulnerabilities that can be exploited by the bad guys.

So, doing this for The installation of the Windows 7 RTM version is very meaningful. After checking the update time after each installation, I will be reminded that the following (2 critical and 4 important) patches need to be installed:

Ø MS09-54: This security update resolves three privately reported vulnerabilities and a publicly disclosed flaw in Internet Explorer. These vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.

Ø MS09-055: This security update resolves a privately reported vulnerability that is currently being exploited by multiple ActiveX controls. If a user views a specially crafted webpage using Internet Explorer that instantiates an ActiveX control, it is easier to use the Microsoft Active Template Library. Vulnerability in ActiveX Controls Compiled by Attacked Versions Could Allow Remote Code Execution.

Ø MS09-056: This security update resolves two publicly disclosed vulnerabilities in Microsoft Windows. If an attacker gains access to end users The certificate used for authentication is accessed, and these vulnerabilities could allow spoofing.

Ø MS09-058: This security update resolves many privately reported vulnerabilities in the Windows kernel. If an attacker logs in and runs Customized applications, the most serious of the vulnerabilities could allow elevation of privilege.

Ø MS09-059: This security update resolves a privately reported vulnerability in Microsoft Windows. If an attacker sends during NTLM authentication a maliciously crafted packet, this vulnerability can Allow denial of service.

Ø MS09-061: This security update addresses three privately reported vulnerabilities in the Framework and Microsoft Silverlight. These vulnerabilities may be allowed in customers if they use a web browser to view specially crafted web pages. Remote execution of code on the end system.

In our conversation, an assistant thought that the update was done automatically. I didn't see this, so I was happy to manually check the Windows update. Compared to and malicious The software is fighting in a new operating system, running a manual update seems to be an easier choice.

Don't forget UAC, its functionality has changed

In Windows 7, Microsoft changed How User Account Control (UAC) works. In this regard, I plan to explain it in other articles. Depending on your point of view, UAC in Windows 7 gives users more opportunities to choose, or fall into Difficulties.

If you need to change user account control settings, select a user account, go to the Control Panel and you will see the new options. Here are four settings:

Ø Limit: "Always prompt", equivalent to Vista's default mode.

Ø Secondary security permissions: is the default setting of Windows 7, when non-Windows executables require permission to increase, will prompt User.

Ø Three levels of security: Similar to secondary security. The difference is that the user is prompted on the desktop instead of the secure desktop.

Ø Minimum security permissions : Under this setting, all the protection functions provided by UAC are turned off.

As a security advocate, I have to mention that Microsoft has indeed changed UAC. Many security-conscious people prefer "always prompt" "Settings. Therefore, they need to adjust the settings. Other users hate UAC and will immediately turn them off. At least, everyone is now clean.

Last thinking

I understand the software after the delay Reasons should be posted as soon as possible. But why not run the update process automatically after the installation is complete or at least prompt the user to check for updates.

About the update process, my friends are still discussing. What is your opinion? After installing Windows 7, will it be updated automatically?

"Discovering vulnerabilities is good news, not bad news. This means we can do something to improve security. This does not mean Has been screwed up." Roger Johnston.