Mozilla has ended support for version 2 of the Firefox browser, so if you haven’t upgraded already, it’s time to get version 3.5.3 (or 3.0.14, if the 3.5 release isn’t compatible with your system).
Now that browsers are the principal entry point for malware, ensuring that you have the latest release is more important than ever.
Internet Explorer 8 includes a security feature that shuts down misbehaving applications before they can harm your system.
This capability, known as Data Execution Prevention (DEP), runs by default when IE 8 is installed on XP SP3 and Vista SP1 or later, but it may not always be clear to you why DEP has put the brakes on one of your PC’s applications.
Three separate browser vulnerabilities make you susceptible to drive-by exploits from otherwise-trustworthy Web sites.
These threats affect you even if you never use Windows Media Player or Internet Explorer, so you should definitely apply this week’s Windows patches.
Microsoft has begun presenting Internet Explorer 8 as an available update to PCs that previously hid IE 8 from the update list.
If you’ve previously declined and hidden IE 8 in one of Microsoft’s update services, you’ll need to do so again to prevent the browser from being part of the download list.
When you apply a security update for one of the programs on your PC, beware of uninvited software that wants to come along for the ride.
Vendors are more and more often going over the line, piggy-backing unsolicited commercial products and services onto crucial security patches.
The Active Template Library (ATL) glitch in Microsoft’s Visual Studio, which was the subject of last month’s out-of-cycle update, requires yet more application patching this week.
Outlook Express, Windows Media Player, and various ActiveX controls are all vulnerable to the ATL security hole.
Two emergency updates released by Microsoft this week correct flaws in Internet Explorer and potentially dozens of third-party programs.
One of the patches is intended primarily for use by application developers, but how far the threat to apps extends — and how many end users will be affected — is not yet clear.
Every moment your computer is on, a nearly undocumented Microsoft file — WindowsUpdate.log — maintains a record of your system’s patching activity.
Making sense of the information in this update log can be a challenge, but I’ll show you how you can use it to learn the inside story of your PC’s update history.
If you previously applied a killbit for an ActiveX flaw in IE, rest easy — there’s no need to undo the killbit prior to installing the full patch that Microsoft’s released.
XP systems with the killbit installed will not be offered the patch automatically, but you can download and install the update manually without having to make any other changes, if you like.
If you applied last week’s workaround for an IE ActiveX vulnerability, you’ll have to undo that change to apply the cumulative update of ActiveX killbits Microsoft released this week.
Anyone who applied the Fix-it workaround won’t see the cumulative patch among the updates being offered to XP systems because the workaround removed the affected Registry keys.