Windows 7 O'Clock installation don't forget to update

When I spoke with some colleagues about the installation of Windows 7 RTM (Final Press edition), I specifically noted that Windows system updates needed to be run after the system was installed. Several system administrators looked at me and felt very funny, and said they didn't think it was necessary.


Run Windows Update


the last thing to do is check for updates when you choose to install a new operating system. Of course, I've been using Windows 7 Release candidate for months, and in every monthly patch update, Microsoft will install the hotfix in Tuesday. There are too many loopholes that can be exploited by bad people.


Therefore, doing so is very meaningful for the installation of the Windows 7 RTM version. When I check for updates after each installation, I am alerted to the following (2 critical and 4 important) patches that need to be installed:


øms09-54: This security update resolves three secret reported vulnerabilities and a publicly disclosed flaw in Internet Explorer. If a user uses Internet Explorer to view a specially crafted Web page, these vulnerabilities could allow remote code execution.


øms09-055: This security update resolves a secret reported vulnerability that is publicly available for multiple ActiveX controls that are currently being exploited. If a user views a specially crafted Web page with an Internet Explorer that instantiates an ActiveX control, the vulnerability to ActiveX controls compiled with the Microsoft Activity Template Library Vulnerable version may allow remote code execution.


øms09-056: This security update resolves two publicly disclosed vulnerabilities in Microsoft Windows. These vulnerabilities could allow spoofing if an attacker obtains access to a certificate that the end-user uses for authentication.


øms09-058: This security update resolves many of the hidden vulnerabilities reported in the Windows kernel. If an attacker logs on to the system and runs a specially crafted application, the most serious vulnerability could allow elevation of privilege.


øms09-059: This security update resolves a secret-reported vulnerability in Microsoft Windows. If an attacker sends a maliciously crafted packet during the NTLM authentication process, this vulnerability could allow a denial of service.


øms09-061: This security update resolves three privately reported vulnerabilities in the framework and Microsoft Sliverlight. If a user uses a Web browser to view a specially crafted Web page, these vulnerabilities could allow remote code execution on the client system.


in our conversation, an assistant thought the update was automatic. I didn't see this, so I'm glad I checked the Windows Update manually. Running a manual update seems a much easier option than fighting with malware in a new operating system.


Don't forget UAC, its functionality changes


in Windows 7, Microsoft has changed the way that user Account Control (UAC) functions work. In this regard, I plan to dedicate it to other articles. Depending on your point of view, UAC in Windows 7 can give users more options or get into trouble.


If you need to change your user Account Control settings, select a user account, and enter Control Panel, you will find new options. Here are four settings:


ø Highest Security Privilege: Always prompt, equivalent to vista default mode.


ø Secondary security permissions: is the default setting for Windows 7 that prompts the user when a non-Windows executable requires permission elevation.


ø Level Three security permissions: similar to subordinate security permissions. The difference is that you are prompted on the user's desktop, not a secure desktop.


ø Minimum security permissions: Under this setting, all the protection features provided by UAC are turned off.


as a security advocate, I have to say that Microsoft did change UAC. Many people with security awareness prefer the "Always prompt" setting. Therefore, they need to adjust the settings. Other users hate UAC and will immediately turn it off. At least, everyone is clean now.


the last thought


I understand why software should be released as soon as possible after a delay. But why not run the update process automatically after the installation completes, or at least prompt the user to check for updates? (material)


I'm still talking to my friends about the update process. What's your opinion? Will it be automatically updated after Windows 7 is installed?


"Discovering vulnerabilities is good news, not bad news. That means we can do something to improve security. That doesn't mean you've been screwed." Roger Johnston.