The Active Template Library (ATL) glitch in Microsoft’s Visual Studio, which was the subject of last month’s out-of-cycle update, requires yet more application patching this week.
Outlook Express, Windows Media Player, and various ActiveX controls are all vulnerable to the ATL security hole.
Two emergency updates released by Microsoft this week correct flaws in Internet Explorer and potentially dozens of third-party programs.
One of the patches is intended primarily for use by application developers, but how far the threat to apps extends — and how many end users will be affected — is not yet clear.
Every moment your computer is on, a nearly undocumented Microsoft file — WindowsUpdate.log — maintains a record of your system’s patching activity.
Making sense of the information in this update log can be a challenge, but I’ll show you how you can use it to learn the inside story of your PC’s update history.
If you previously applied a killbit for an ActiveX flaw in IE, rest easy — there’s no need to undo the killbit prior to installing the full patch that Microsoft’s released.
XP systems with the killbit installed will not be offered the patch automatically, but you can download and install the update manually without having to make any other changes, if you like.
If you applied last week’s workaround for an IE ActiveX vulnerability, you’ll have to undo that change to apply the cumulative update of ActiveX killbits Microsoft released this week.
Anyone who applied the Fix-it workaround won’t see the cumulative patch among the updates being offered to XP systems because the workaround removed the affected Registry keys.
A malware attack masquerading as a video file targets Windows XP and Server 2003 users who visit infected sites.
Microsoft has issued a workaround for the exploit and made it available on the company’s support site, although it’s uncertain when a patch for the vulnerability will be available.
All Windows users need to be aware that Microsoft never links to downloads in its e-mail messages, but always requires a visit to a security bulletin landing page to download a patch.
If you receive an e-mail containing a link promising to upgrade Microsoft Outlook or Outlook Express, you should simply delete the message to avoid being nailed by a Trojan horse.
Any service pack can be problematic, but Vista Service Pack 2 (SP2) provides some extra-special challenges.
Vista SP1 offered clear benefits, including better performance, but with Vista’s second service pack you may just want to hold out for Windows 7’s release later this year.
Security updates for all versions of Internet Explorer have been released this week, although Microsoft rates as “Critical” only the patches for IE 8 (on all versions of Windows) and IE 7 (Vista SP2).
Version 8 of Microsoft’s browser is now being included in automatic Windows updates for all users, so be sure to uncheck the IE 8 option if for any reason you wish to postpone upgrading from IE 7 to IE 8.
The hacker scripts try to infect site visitors and then attempt to use their compromised PCs to spread the infection to yet other sites.