If you are the owner of Windows XP or Windows Server 2003 you are at risk of a pretty significant hack – at least for the time being.
It’s an attack on the “Windows Help Center”. The bad news about this attack is that some unwitting, or perhaps witting, genius at Google published how someone can execute the attack without considering the risk he was exposing all XP users to. The fellow’s name is Tavis Ormondy, a Google security researcher. Come on Tavis – use some common sense and do the right thing. As a result of his error in judgement systems in Europe are experiencing a significant peak in hacks. The U.S. may be next.
So, right now, as of today, if you are using Windows XP or running a Windows Server 2003 for your business you are at risk. If you visit a web site that is exploiting the security hole your machine could be in big trouble – which is why I’m writing this article – to get the word out.
The vulnerability exists in the Windows “Help Center”. Yes – the same one that provides automated updates. I won’t bore you with the details but you can download a temporary fix that will protect you from attack but it is not a permanent fix. My understanding is that the download will also disable some help center functionality. But I recommend you do it as soon as possible. You can download the fix at http://www.microsoft.com/technet/security/bulletin/MS10-042.mspx.
This is probably a pretty good time to upgrade to Windows 7 if you’ve been thinking about it. My understanding is that a permanent fix could be as long as 2 months away – due to testing and all of the other stuff involved in a release.
Here is an informative Computer World article on the subject: http://www.computerworld.com/s/article/9178084/Hackers_exploit_Windows_XP_zero_day_Microsoft_confirms
I recently told the story of a hospital administrator who just took charge of a troubled hospital. While examining the types of services they provided to their patients (customers) she noticed that a large number were coming into the ER but were not being admitted – many were children with colds, bumps, bruises, etc. Yet this was creating very long wait times and tying up resources for more serious issues. She set the goal of a nurse meeting every patient within 60 seconds of their arrival and planned to achieve it within 18 months.
It took 12 months for her to achieve the goal of seeing every ER patient within 60 seconds of arrival but the results were astounding. Resources were freed. Waiting lines disappeared. And most unexpectedly all the other operations within the hospital had dramatic improvement because they were now focused on providing rapid services to patients. This one simple goal revolutionized the hospital and it became a model for other hospitals.
I told this story to the a state mortgage operation of a national financial company. I then asked them to make a list of all of their customers, since every business usually has more than one type of customer. They listed the borrower, broker, realtor, appraiser, title company, closing agent, etc. I then asked, “What one thing could you do that would result in your being able to satisfy every one of these customers?” (This is the key question for establishing goals). After some discussion they concluded that if they could process a loan from the time of application to closing in 30 days everyone would be thrilled and would set them apart from the competition.
I asked if they could develop a plan to make that happen? They examined it and concluded it was possible to do it in 30 days – but there were some challenges. I said if the plan says you can do it, then you should be able to make it happen. The plan also revealed the problem areas so that they were able to focus on those processes that would prevent them from reaching the goals.
One of the major benefits of having simple, yet dramatic, goals is that everyone in the organization can understand them and get behind them. It unifies your team. I write about this in my book which you can get a free copy of the eBook version at http://www.ftiglobal.com/fti/contact_us.asp.
P.S. – An important point… notice that the team developed the goal. This is important for buy-in. It wasn’t mandated from the ivory tower.