Less than 24 hours after Microsoft shipped a dozen bulletins with security fixes for 23 serious software vulnerabilities, the U.S. government's Department of Homeland Security issued a firm notice to Windows users: immediately apply the patches in the MS06-040 bulletin.
In a somewhat unusual move, the DHS warned that the patches cover a remote code execution vulnerability that could be used in a network worm attack similar to Blaster, Slammer of Sasser.
"Windows users are encouraged to avoid delay in applying this security patch. Attempts to exploit vulnerabilities in operating systems routinely occur within 24 hours of the release of a security patch," the agency said in an public advisory.
Why is it the same thing over and over again? If you're running Windows, you absolutely must enable automatic updates. There are just far too many patches to try to keep track of them manually.
What puzzles me is what interest the DHS has in protecting the end-user PCs of millions of average people. Sure, an advisory to all DHS and government employees would be routine, but a public advisory? They need to find better ways of spending their time. If they decide to start "reminding" everyone to update their Windows machines every time a new vulnerability is found, they'll not have the resources left to track the turrrists.