Bugs and fixes: zero-day patch for Internet Explorer 6 or 7

A critical bug in IE; plus patches for Office, Java, Shockwave, and Mac OS X.

A dangerous vulnerability in Internet Explorer 6 and 7 became publicly known before a fix was available, raising the specter of a high-risk zero-day attack. The bug involves the way IE handles Cascading Style Sheets (CSS) objects, and could let an attacker run any command on a targeted Windows XP, Vista, Server 2003, or Server 2008 PC. Bad guys have already posted sample attack code online. IE 8 is not affected. For more information, see Microsoft Security Advisory 977981. Meanwhile, a bug in the way Windows handles Embedded OpenType could allow a baddie to take over vulnerable Windows XP, 2000, or Server 2003 computers via malicious Websites or poisoned Office documents. The bug can't harm Vista or Server 2008, and doesn't affect Windows 7. Read Microsoft Security Bulletin MS09-065 for details.

Office File Flaws

Two other patches repair Office flaws in Excel and Word affecting Office XP and 2003, and Office 2004 and 2008 for Mac. The Excel bug endangers Office 2007, Office Excel Viewer 2003, and the Office Excel Viewer Service Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats. The Word flaw also affects Open XML File Format Converter for Mac, Office Word Viewer 2003, and Office Word Viewer. Microsoft rates the flaws as im­­portant; see Microsoft Security Bulletin MS09-067 (Ex­­cel) and Microsoft Security Bulletin MS09-068 (Word).Microsoft has also released two critical fixes for business networks. One closes a hole in the Web Services on Devices application programming interface; it's critical for Vista and Server 2008 (see Microsoft Security Bulletin MS09-063). The second flaw affects only Windows 2000 systems running License Logging Server (see Microsoft Security Bulletin MS09-064).

Java and Opera Bump Up

Sun's Java Runtime Environment (JRE) and Java Development Kit (JDK) Update 17 closes a number of holes, including a serious flaw that allows attacks via Web pages. Java will check monthly to see whether updates are available, but you can check manually, too: Open Control Panel and double-click the Java icon. On the Update tab, click Update now. After updating, you may need to remove old Java versions manually with Add or Remove Programs. For details, or to download the latest Java, head to Sun's Java SE Downloads page.

Version 10.10 of Opera's Web browser fixes numerous bugs, including one that might let malicious JavaScript on a Web page launch an attack. Click Help, Check for updates to confirm that you have the latest version of Opera; if not, you can download Opera 10.10 from PCWorld's Downloads Library.

Fix Shockwave and Mac OS X

An attack on critical vulnerabilities in Shockwave Player versions prior to 11.5.1.601 could "run malicious code on an affected system," Adobe says. Check your Shockwave version at Adobe's special testing page, and get the latest iteration (Shockwave 11.5.2.602) from our Downloads pages.

Finally, the Mac OS X 10.6.2 update corrects various problems involving PDF files, H.264 movies, TIFF images, and other things. Get it via Software Update, and read more at About Security Update 2009-006.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags Microsoft Windowssecurity patch

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Erik Larkin

PC World (US online)
Show Comments

Father’s Day Gift Guide

Brand Post

PC World Evaluation Team Review - MSI GT75 TITAN

"I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it."

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?