Security alert

The surge in critical updates that Microsoft has been issuing shows no sign of weakening. The company just shipped 12 bug patches - nine of them critical - affecting everything from Windows to Internet Explorer to Office apps. And unfortunately, things have not gone smoothly.

In keeping with what is now a regrettably familiar pattern, hackers launched a zero-day attack on a hole that one of the fixes addressed, before the patch could be released. This exploit was designed to target the Windows "Server service", which handles file and printer sharing in Windows 2000 Service Pack 4 through Windows Server 2003 as well as in Windows XP SP1 and SP2.

Because the Server service typically runs on PCs that are waiting for connections, clever crackers figured out how to send bogus commands over the Internet to infect vulnerable machines. The attack uses a buffer overflow strategy and can take over your PC without your having to surf the Web, read e-mail, or click anything. It proved scary enough to spur the US Department of Homeland Security to release an alert of its own asking everyone to install the relevant patch as quickly as possible - something it has never done before.

Fortunately, you can lessen your risk by activating a firewall, which blocks unknown incoming Internet connections. Windows XP SP2 has its firewall on by default, as do most broadband routers. This is still a dangerous hole, though, so be sure to obtain and install this patch through Automatic Updates. Alternatively, you can get it - along with additional information - from

A broken IE fix

Shortly after releasing a cumulative update for Internet Explorer 6.0 SP1 that patched six critical holes, Microsoft discovered a problem. The new patch introduced a bug that crashed IE under certain circumstances - such as when running CRM (customer relationship management) applications like PeopleSoft and Siebel. At about the same time, eEye Digital Security, a security research firm, discovered that an attacker could take advantage of the crashes to commandeer a computer running Windows 2000 SP4 or XP SP1 (though not SP2). Two weeks later, Redmond released an updated patch.

Grab the fixed fix, which includes the cumulative updates of the previous patch, over Automatic Updates or by visiting

This latest batch of critical Microsoft patches corrects a number of additional security holes in Windows dial-up connections, Outlook Express HTML e-mail, and more. Also included are two more patches for Microsoft Office. To get the complete rundown, see

When Microsoft releases Internet Explorer 7 for Windows XP this quarter, the company will mark the new browser as a "high-priority" update using Automatic Updates because of new security features such as better ActiveX handling. But according to the company, you can decide whether to install it when prompted to do so by an initial welcome screen. For more details, go to

Word 2000 Flaw

Hackers recently sent out poisoned e-mail attachments to hit a critical Word 2000 security hole before a patch was available. As usual, you should be extremely suspicious of unsolicited attachments. Microsoft will distribute the patch, once it's ready, via Automatic Updates. For more information and for a link to a free workaround that involves using Word Viewer 2003, browse to

In Brief

Spysweeper update draws complaints

Although many online reviews rate it highly, some users of Webroot's Spysweeper 5.0 complain that the new version slows down their PC. Webroot's Support Q&A says that such problems may be due to 5.0's need for more RAM. To improve performance, the company recommends installing version 5.0.7, build 1608, and turning off the Keylogger Shield. Get the update and more info at As a worst-case solution, Webroot recommends rolling back to version 4.5.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Stuart J. Johnston

PC World (US online)
Show Comments

Cool Tech

Toys for Boys

Family Friendly

Stocking Stuffer

SmartLens - Clip on Phone Camera Lens Set of 3

Learn more >

Christmas Gift Guide

Click for more ›

Brand Post

Bitdefender 2019

This Holiday Season, protect yourself and your loved ones with the best. Buy now for Holiday Savings!

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill


I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?