Bugs and Fixes: Security Woes for Windows, McAfee, Firefox

Critical updates plug OS and browser holes; an antivirus update crashes PCs.

The bugs keep marching in, with Microsoft, McAfee, and Mozilla all having to deal with serious security-related software problems in the past month.

Another Windows Fix

According to Microsoft, "two privately reported vulnerabilities in Windows Authenticode Verification...could allow remote code execution." In other words, an attacker could take control of your PC by exploiting either of those flaws. The intruder could gain administrator rights, with the ability to add, change, or delete practically any file.

Microsoft has issued an update that addresses the vulnerabilities by performing additional verification operations. This update is critical to all supported versions of Windows, including 98, XP, Vista, and 7, as well as Server 2003, 2008, 2008 R2, 2003, 2000, and 2000 Professional.

If you have automatic updates enabled (recommended), you'll get this update and others instantly. If you do not have automatic updating turned on, Microsoft suggests downloading critical updates manually; go to the Control Panel, click the Windows Update icon, and then select Check for Updates. You can learn more about this patch, and download it manually, at Microsoft TechNet.

McAfee Update Makes Windows PCs Crash

McAfee released an update in mid-April that unfortunately caused Windows PCs to fail spectacularly. The update improperly identified a Windows component known as svchost.exe as a virus, which caused McAfee's software to delete it.

The error was so severe that 8000 of the 25,000 computers at the University of Michigan Health System and Medical School crashed, along with thousands of computers around the world.

Put simply, svchost.exe is a process that hosts other services used by various programs on your PC (read Microsoft's explanation for more-technical details). If you look in Windows Task Manager, you may see quite a few svchost.exe processes running (under "Image Name"), and as you can imagine, attacking all of them could be catastrophic for any system.

The problematic update mostly affected users running Windows XP Service Pack 3. If it affected you, pick up McAfee's SuperDAT Remediation Tool to restore svchost.exe.

Firefox Flaw Corrected

A hole in the Mozilla Firefox Web browser has blossomed into a major flaw. A week after releasing Firefox 3.6.2, Mozilla released version 3.6.3 to address a critical security issue that could allow remote attackers to run commands of their choice.

To fix the bug, download Firefox 3.6.3, or click Help, Check for Updates, Get the New Version in the Firefox toolbar. Mozilla says the bug does not affect versions 3.5 or earlier.

If you still want to obtain and use add-ons that are not compatible with version 3.6, don't worry: Mozilla says that it will issue a patch for Firefox 3.5 in an upcoming release in case another method of exploiting this security hole exists.

Join the PC World newsletter!

Error: Please check your email address.

Tags mcafeesecurityMicrosoftMozilla Firefox 3.7

Struggling for Christmas presents this year? Check out our Christmas Gift Guide for some top tech suggestions and more.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

James Mulroy

PC World (US online)

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?