Bugs and fixes: grab an essential fix for IE

With critical updates from Adobe, Foxit, and Mozilla joining a bevy of essential patches for Internet Explorer and Office, the fixes are running hot this summer.

After an ebb of only one patch in Microsoft's previous regular cycle, the flow resumed in force as Microsoft plugged 31 vulnerabilities. The most important update fixes flaws that could allow an attacker to take over your PC or steal data if you view a poisoned Web page. Collectively, the patches are critical for IE 5 on Windows 2000, IE 6 on Windows XP, and IE 7 on Windows XP and Vista. It's bad news for IE 8 as well, on both XP and Vista. IE 8 on the latest Windows 7 release candidate isn't affected. Run Windows Update to pick up the patch.

Office Fixes

Two other patches close holes that could allow tainted Word or Excel files to trigger an attack. Office 2000 is most vulnerable, as the hole could permit an attacker to run any command. The flaws are rated important for Office XP, 2003, and 2007, as well as for Office for Mac (2004 and 2008). Run Windows Update to get the fix.

A similar fix for Microsoft Works files and converters is critical for Office 2000, important for Office XP, 2003, and 2007, and important for Microsoft Works 8.5 and 9.

Windows 2000 users should nab a critical patch for three bugs in Windows Print Spooler that Internet attackers could hit if the PC isn't protected by a firewall. A successful attack could take over a Windows 2000 PC, but the threat is a bit less dangerous (rated moderate or important) for other versions of Windows.

A number of other Microsoft patches correct less-important holes; none of them would allow attackers to have their way with your PC. That said, make sure you have them all by running Windows Update.

Shockwave, Reader Updates

Adobe shored up its Shockwave Player with a must-have fix. Without it, if you have Shockwave 11.5.0.596 or earlier, visiting a site with a rigged Adobe Director file could allow a "remote code execution" that puts an attacker in command of your PC. Adobe recommends manually uninstalling the older version and installing the latest Shockwave Player. That isn't exactly convenient, but it beats the heck out of a malware infection.

You'll have a somewhat easier time snagging updates for Adobe's beleaguered Reader and Acrobat. The critical Reader and Acrobat update, to 9.1.2 (or to 8.1.6 or 7.1.3 for older versions), closes holes that could permit a takeover if you open a poisoned PDF file. Click Help, Check for updates to make sure you have the latest version, which is available for Windows, Macintosh, and Unix.

Foxy Upgrades

Users of the Foxit Reader PDF app don't get a free pass, either. To avoid triggering an attack when opening a malicious file, it needs fixes for the 3.0 base program and the JPEG2000/JBIG2 Decoder add-on (if present). Click Help, About Foxit Reader; if you don't have at least version 3.0 build 1817, download the latest Foxit version. Run Help, Check for updates to see if you have the latest JBIG2 add-on. (The update check unfortunately doesn't update older Foxit base software, but it will nab add-on updates.)

Finally, Mozilla released Firefox 3.5 at the end of June. If you haven't installed that browser yet, at least get the latest version 3.0 update. The fix addresses four critical bugs in JavaScript handling. Of those, two also affect the Thunderbird e-mail app and three affect the SeaMonkey suite; click Help, Check for Updates to see if you have at least Firefox 3.0.11, Thunderbird 2.0.0.22, or SeaMonkey 1.1.17.

Tags security

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Erik Larkin

PC World (US online)

Comments

Comments are now closed.

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?