Security alert

The surge in critical updates that Microsoft has been issuing shows no sign of weakening. The company just shipped 12 bug patches - nine of them critical - affecting everything from Windows to Internet Explorer to Office apps. And unfortunately, things have not gone smoothly.

In keeping with what is now a regrettably familiar pattern, hackers launched a zero-day attack on a hole that one of the fixes addressed, before the patch could be released. This exploit was designed to target the Windows "Server service", which handles file and printer sharing in Windows 2000 Service Pack 4 through Windows Server 2003 as well as in Windows XP SP1 and SP2.

Because the Server service typically runs on PCs that are waiting for connections, clever crackers figured out how to send bogus commands over the Internet to infect vulnerable machines. The attack uses a buffer overflow strategy and can take over your PC without your having to surf the Web, read e-mail, or click anything. It proved scary enough to spur the US Department of Homeland Security to release an alert of its own asking everyone to install the relevant patch as quickly as possible - something it has never done before.

Fortunately, you can lessen your risk by activating a firewall, which blocks unknown incoming Internet connections. Windows XP SP2 has its firewall on by default, as do most broadband routers. This is still a dangerous hole, though, so be sure to obtain and install this patch through Automatic Updates. Alternatively, you can get it - along with additional information - from www.microsoft.com/technet/security/bulletin/ms06-040.mspx.

A broken IE fix

Shortly after releasing a cumulative update for Internet Explorer 6.0 SP1 that patched six critical holes, Microsoft discovered a problem. The new patch introduced a bug that crashed IE under certain circumstances - such as when running CRM (customer relationship management) applications like PeopleSoft and Siebel. At about the same time, eEye Digital Security, a security research firm, discovered that an attacker could take advantage of the crashes to commandeer a computer running Windows 2000 SP4 or XP SP1 (though not SP2). Two weeks later, Redmond released an updated patch.

Grab the fixed fix, which includes the cumulative updates of the previous patch, over Automatic Updates or by visiting www.microsoft.com/technet/security/bulletin/ms06-042.mspx.

This latest batch of critical Microsoft patches corrects a number of additional security holes in Windows dial-up connections, Outlook Express HTML e-mail, and more. Also included are two more patches for Microsoft Office. To get the complete rundown, see www.microsoft.com/technet/security/bulletin/ms06-aug.mspx.

When Microsoft releases Internet Explorer 7 for Windows XP this quarter, the company will mark the new browser as a "high-priority" update using Automatic Updates because of new security features such as better ActiveX handling. But according to the company, you can decide whether to install it when prompted to do so by an initial welcome screen. For more details, go to http://blogs.msdn.com/ie/archive/2006/07/26/678149.aspx.

Word 2000 Flaw

Hackers recently sent out poisoned e-mail attachments to hit a critical Word 2000 security hole before a patch was available. As usual, you should be extremely suspicious of unsolicited attachments. Microsoft will distribute the patch, once it's ready, via Automatic Updates. For more information and for a link to a free workaround that involves using Word Viewer 2003, browse to www.microsoft.com/technet/security/advisory/925059.mspx.


In Brief

Spysweeper update draws complaints

Although many online reviews rate it highly, some users of Webroot's Spysweeper 5.0 complain that the new version slows down their PC. Webroot's Support Q&A says that such problems may be due to 5.0's need for more RAM. To improve performance, the company recommends installing version 5.0.7, build 1608, and turning off the Keylogger Shield. Get the update and more info at http://support.webroot.com/ics/support/default.asp?deptID=776&Banner=en-us. As a worst-case solution, Webroot recommends rolling back to version 4.5.


Join the newsletter!

Or
Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Stuart J. Johnston

PC World (US online)
Show Comments

Essentials

James Cook University - Master of Data Science Online Course

Learn more >

Mobile

Sansai 6-Outlet Power Board + 4-Port USB Charging Station

Learn more >

Exec

Budget

Back To Business Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?