Systems running Windows 2000, Windows XP, or Windows Server 2003 are at risk of infection via fonts used on malicious Web sites.
No attacks exploiting this vulnerability have been recorded yet, but I expect them to begin soon — so apply this patch right away.
Two Microsoft add-ons for the Mozilla Firefox browser — .NET Framework Assistant and Windows Presentation Foundation — were temporarily blocked this week by Firefox staff because of vulnerabilities announced by the Redmond company on Oct. 13.
Firefox experts may allow the use of both add-ons by the time you read this, but for safety’s sake, users of all browsers should apply the Microsoft patch immediately.
All versions of Windows XP and Vista have been found to be susceptible to infected image files in software and on Web sites, Microsoft announced on Patch Tuesday.
The fix Microsoft released this week for XP and Vista is also needed by the .NET Framework, MS Office versions from XP to 2007, Works 8.5, and Forefront Client Security.
The ads served by Bing and Google along with your search results are linking more and more often to sites trying to infect your machine.
Neither Bing nor Google effectively prescreens these bogus advertisers, so it’s up to us to detect and avoid them.
Mozilla has ended support for version 2 of the Firefox browser, so if you haven’t upgraded already, it’s time to get version 3.5.3 (or 3.0.14, if the 3.5 release isn’t compatible with your system).
Now that browsers are the principal entry point for malware, ensuring that you have the latest release is more important than ever.
Internet Explorer 8 includes a security feature that shuts down misbehaving applications before they can harm your system.
This capability, known as Data Execution Prevention (DEP), runs by default when IE 8 is installed on XP SP3 and Vista SP1 or later, but it may not always be clear to you why DEP has put the brakes on one of your PC’s applications.
Three separate browser vulnerabilities make you susceptible to drive-by exploits from otherwise-trustworthy Web sites.
These threats affect you even if you never use Windows Media Player or Internet Explorer, so you should definitely apply this week’s Windows patches.
Microsoft has begun presenting Internet Explorer 8 as an available update to PCs that previously hid IE 8 from the update list.
If you’ve previously declined and hidden IE 8 in one of Microsoft’s update services, you’ll need to do so again to prevent the browser from being part of the download list.
When you apply a security update for one of the programs on your PC, beware of uninvited software that wants to come along for the ride.
Vendors are more and more often going over the line, piggy-backing unsolicited commercial products and services onto crucial security patches.
The Active Template Library (ATL) glitch in Microsoft’s Visual Studio, which was the subject of last month’s out-of-cycle update, requires yet more application patching this week.
Outlook Express, Windows Media Player, and various ActiveX controls are all vulnerable to the ATL security hole.