IE 7 proves buggy already

Internet Explorer 7 (IE 7) for Windows XP is finally out. Because it tries to fix or prevent many of the numerous security flaws that hit IE 6, it's arguably the largest bug fix we've seen in quite a while. For that reason alone, I recommend installing the update.

But IE 7 is not a panacea, in part because it still ties in to Windows for some of its work and can therefore pass along threats from buggy parts of the operating system (or other programs). We've seen a number of these types of problems recently, and now three more have been reported.

Less than a day after IE 7's release, Danish security firm Secunia said it had found a proof-of-concept, non-critical bug affecting IE 7. If you browse a malicious site while logged in to another site, an attacker could steal data you have on the logged-in site. Microsoft says the bug actually resides in Outlook Express, but IE 7 can be used as the attack vector, just like IE 6.

You're likewise vulnerable to a nasty, critical Windows bug involving XML, which is commonly used for Web sites and many document types, regardless of whether you use IE 6 or 7. Both versions hand off XML processing to Windows proper, where the bug originates. You could be infected with a drive-by download from a malicious Web site if an attacker directs a bunch of garbage data through IE to the newly discovered Windows weak spot. At press time no attacks had yet used this bug, but all currently supported versions of Windows could be hit. If you didn't receive the patch in Automatic Updates, head to www.microsoft.com/technet/security/Bulletin/ms06-061.mspx.

The new IE does offer more protection than version 6 for another pass-through critical Windows glitch -- one that has already proven to be a popular hacker target. This flaw hits the Windows Shell, which displays the Windows user interface. Attackers can employ an ActiveX control to reach the bug via IE (with yet another buffer overflow error) and thereby take over your system. As with the XML bug, all supported versions of Windows are affected.

IE 7 provides additional protection in this case because it displays an opt-in pop-up that requires your approval before running new ActiveX controls. The pop-up won't specifically tell you you're under attack, and if you just click OK as many people are now conditioned to do with many browser notices, you'll get nailed. But it's more protection than you'll get with IE 6, which on an unpatched system will download a malicious payload without warning if you browse a booby-trapped site. Get the fix from www.microsoft.com/technet/security/bulletin/ms06-057.mspx or via Automatic Updates.

Video iPods may come with Windows worm

A small number of video iPods picked up an unwelcome tag-along during manufacturing: a Windows worm. The malware doesn't harm the iPod, but once the device hooks up to a PC, the worm can silently wiggle its way into the system -- and from there to any linked external storage device, like a thumb drive.

Less than 1 per cent of video iPods shipped between September 12 and mid-October carry the worm, but if it infects a PC it can give an attacker full remote control. As a fix, Apple posted links to free trials of popular antivirus apps for cleaning affected computers, and says to use iTunes 7 to wipe and restore an iPod. Apple's bulletin is at www.apple.com/support/windowsvirus.


In Brief

New Office holes
Hackers are using a new batch of critical Office 2000 flaws to bite credulous openers of suspicious e-mail attachments. The holes are less dangerous, but still present, in Office 2003. Keep Office updated through Automatic Updates, or grab the patches at www.microsoft.com/technet/security/bulletin/ms06-oct.mspx.

More battery heat
Sony is recalling some 3.5-million laptop batteries worldwide, including those used in its VAIO notebooks, as well as those in models from Fujitsu, Gateway and Toshiba, because of a minute (but real) risk of overheating and fire. For a full list of recalled models and links to makers' recall sites, visit www.cpsc.gov/cpscpub/prerel/prhtml07/07011.html.


Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Show Comments

Cool Tech

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Breitling Superocean Heritage Chronographe 44

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?