Return of the Blue Screen of Death
On August 18, 2014, Microsoft issued a recall on its latest security patch, dubbed MS14-045. The patch was released to fix a total of thirty-seven known security flaws with the OS and the Internet Explorer web browser. Unfortunately, some users are reporting getting the “Blue Screen of Death” after applying the patch.
What It Means For You
Microsoft has since taken down the links that enable people to download and apply the patch, and it has been pulled from the auto-update roster while the issues are being investigated. Unfortunately, as these are known security flaws, what it means is that until the patch is repaired and replaced, your systems are vulnerable to hacks that exploit these flaws.
It gets even worse. The impacted user base is literally every currently supported version of Windows, which is unfortunately, the better part of the planet. This is one of the times when the vast size of the Windows user base really works against it. A series of security flaws that are being advertised as left open, impacting such a huge portion of users worldwide is about as bad as it can possibly get.
2014 Is A Nightmare Year For Security
2014 has been an extremely bad year for companies where large scale hacking attacks are concerned. There have been a number of very high profile breaches that have involved millions, and sometimes tens of millions of user accounts. Ebay, Target, even more or less the entire state of Montana have all been victims, and the year is not over yet. News of this delay in addressing known security flaws is only going to make matters worse for the remainder of the year.
Given the sheer size and scale of the impact, you can bet that the engineers at Microsoft will be working around the clock to resolve this issue, but unfortunately, there’s really nothing you as an individual user can do. If you don’t uninstall the patch, then you run the risk of crashing your entire system. If you do uninstall the patch, then you’re opening the door to hacking attacks that exploit these known vulnerabilities, and given the reality of Microsoft’s announcement, you can bet that hacking attacks involving those particular security flaws will be on the increase until the revised patch is put in place.
So, What Can You Do?
The bottom line for your company is this. Inform your employees to be on their guard until the revised patch is put in place. You’re essentially in a no win situation, but the safest course is to uninstall the patch and try to ride things out until the new one is put in place. There’s going to be risk whichever path you take. There are only two options in the short run, and both of them are fairly bad, it’s just that one of the two is slightly less bad than the other.
Ultimately, it’s the difference between running the risk of a possible hacking attack that, if it occurred could result in some data loss, versus the possibility of a critical server being completely offline via Blue Screen Of Death, which would essentially bring your entire company to a sudden halt. It’s your choice, and not an easy one to make.