With more people finally switching to Windows Vista, the operating system is fast becoming a target for security researchers and--surprise!--hackers.
Though Vista is generally more secure than earlier versions of Windows, hackers are increasingly finding ways through, or around, its defenses. Indeed, this is the first time since the operating system debuted last year that virtually every hole discussed in this column affects Vista in one way or another.
Exhibit A: Microsoft released three "critical" patches in December to fix security holes that affect earlier versions of Windows, including XP Service Pack 2, but they can also bite if you're running Vista.
One patch addresses four holes in Internet Explorer 6 and 7. (This "cumulative update" incorporates all previous patches, just in case you've slipped behind in your patching duties.) One of the flaws, in the way IE handles Dynamic HTML, was under attack when Microsoft shipped the patch.
The other two patches correct problems in Windows' processing of certain multimedia files. One fixes a vulnerability in DirectX, while the other closes a hole that the operating system has in its treatment of some audio and video files.
Whenever Microsoft labels a bug "critical," the vulnerability has the potential to leave you at criminals' mercy.
HP 'Quick Launch' Threat
More than 80 models of HP laptops have a security glitch in the included HP software for letting you configure quick-launch buttons. The flaw could allow an attacker to take complete control of your PC, if you are tricked into visiting the bad guy's Web site first. With proof-of-concept code out on the Web, HP released an update that disables the quick-launch software, called Info Center. Until the company issues a more complete fix, you can't use the buttons, but at least you'll be protected. If your laptop has HP Info Center, you must manually download and install the update.
Office 2007 Service Pack
The first service pack for Office 2007 is out, and it includes previous security patches, performance updates, and most hotfixes for Office 2007, as well as specific fixes for other annoyances. For instance, SP1 includes a patch meant to improve the performance of Outlook when you're working with large message folders. You should see fewer unexplained crashes as well.
Adobe Patches Flash
Adobe patched a passel of holes in its Flash Player. All of the player's supported platforms--Mac, Linux, Windows (yes, Vista too)--are vulnerable. Getting stung is as easy as visiting a site with a booby-trapped banner ad or clicking on an SWF (Shockwave Flash) file. Adobe is urging upgrades to the newest (patched) version, 9.0.115.0.
Bugged?
Found a hardware or software bug? Send us an e-mail on it to bugs@pcworld.com.
No comments:
Post a Comment