Security alert

The surge in critical updates that Microsoft has been issuing shows no sign of weakening. The company just shipped 12 bug patches - nine of them critical - affecting everything from Windows to Internet Explorer to Office apps. And unfortunately, things have not gone smoothly.

In keeping with what is now a regrettably familiar pattern, hackers launched a zero-day attack on a hole that one of the fixes addressed, before the patch could be released. This exploit was designed to target the Windows "Server service", which handles file and printer sharing in Windows 2000 Service Pack 4 through Windows Server 2003 as well as in Windows XP SP1 and SP2.

Because the Server service typically runs on PCs that are waiting for connections, clever crackers figured out how to send bogus commands over the Internet to infect vulnerable machines. The attack uses a buffer overflow strategy and can take over your PC without your having to surf the Web, read e-mail, or click anything. It proved scary enough to spur the US Department of Homeland Security to release an alert of its own asking everyone to install the relevant patch as quickly as possible - something it has never done before.

Fortunately, you can lessen your risk by activating a firewall, which blocks unknown incoming Internet connections. Windows XP SP2 has its firewall on by default, as do most broadband routers. This is still a dangerous hole, though, so be sure to obtain and install this patch through Automatic Updates. Alternatively, you can get it - along with additional information - from

A broken IE fix

Shortly after releasing a cumulative update for Internet Explorer 6.0 SP1 that patched six critical holes, Microsoft discovered a problem. The new patch introduced a bug that crashed IE under certain circumstances - such as when running CRM (customer relationship management) applications like PeopleSoft and Siebel. At about the same time, eEye Digital Security, a security research firm, discovered that an attacker could take advantage of the crashes to commandeer a computer running Windows 2000 SP4 or XP SP1 (though not SP2). Two weeks later, Redmond released an updated patch.

Grab the fixed fix, which includes the cumulative updates of the previous patch, over Automatic Updates or by visiting

This latest batch of critical Microsoft patches corrects a number of additional security holes in Windows dial-up connections, Outlook Express HTML e-mail, and more. Also included are two more patches for Microsoft Office. To get the complete rundown, see

When Microsoft releases Internet Explorer 7 for Windows XP this quarter, the company will mark the new browser as a "high-priority" update using Automatic Updates because of new security features such as better ActiveX handling. But according to the company, you can decide whether to install it when prompted to do so by an initial welcome screen. For more details, go to

Word 2000 Flaw

Hackers recently sent out poisoned e-mail attachments to hit a critical Word 2000 security hole before a patch was available. As usual, you should be extremely suspicious of unsolicited attachments. Microsoft will distribute the patch, once it's ready, via Automatic Updates. For more information and for a link to a free workaround that involves using Word Viewer 2003, browse to

In Brief

Spysweeper update draws complaints

Although many online reviews rate it highly, some users of Webroot's Spysweeper 5.0 complain that the new version slows down their PC. Webroot's Support Q&A says that such problems may be due to 5.0's need for more RAM. To improve performance, the company recommends installing version 5.0.7, build 1608, and turning off the Keylogger Shield. Get the update and more info at As a worst-case solution, Webroot recommends rolling back to version 4.5.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Stuart J. Johnston

PC World (US online)
Show Comments

Cool Tech

Breitling Superocean Heritage Chronographe 44

Learn more >

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?