If you applied last week’s workaround for an IE ActiveX vulnerability, you’ll have to undo that change to apply the cumulative update of ActiveX killbits Microsoft released this week.
Anyone who applied the Fix-it workaround won’t see the cumulative patch among the updates being offered to XP systems because the workaround removed the affected Registry keys.
A malware attack masquerading as a video file targets Windows XP and Server 2003 users who visit infected sites.
Microsoft has issued a workaround for the exploit and made it available on the company’s support site, although it’s uncertain when a patch for the vulnerability will be available.
All Windows users need to be aware that Microsoft never links to downloads in its e-mail messages, but always requires a visit to a security bulletin landing page to download a patch.
If you receive an e-mail containing a link promising to upgrade Microsoft Outlook or Outlook Express, you should simply delete the message to avoid being nailed by a Trojan horse.
Any service pack can be problematic, but Vista Service Pack 2 (SP2) provides some extra-special challenges.
Vista SP1 offered clear benefits, including better performance, but with Vista’s second service pack you may just want to hold out for Windows 7’s release later this year.
Security updates for all versions of Internet Explorer have been released this week, although Microsoft rates as “Critical” only the patches for IE 8 (on all versions of Windows) and IE 7 (Vista SP2).
Version 8 of Microsoft’s browser is now being included in automatic Windows updates for all users, so be sure to uncheck the IE 8 option if for any reason you wish to postpone upgrading from IE 7 to IE 8.
You may already have been offered version 8 of Microsoft’s Internet Explorer browser via Windows’ built-in Automatic Updates routine, but you should be aware that some Web sites don’t work with the new release.
In my testing, IE 8’s security and compatibility settings cause problems with some sites, and XP users must first uninstall SP3 in order to remove the latest build of IE.
Previous Office service packs could be undone only by uninstalling the entire suite and then reinstalling it.
Office 2007 Service Pack 2 changes this and adds PDF and OpenDocument support, but I still urge you to wait before installing the update.
Two separate updates for all IE versions prevent carpet-bombing attacks that are already targeting the browser.
One of the IE patches blocks remote-code execution on XP and Vista PCs that also have Apple’s Safari browser installed.
Windows may be the primary target of today’s malware authors, but it’s far from the only one.
Keeping your applications and media players up-to-date is as important as applying the latest patches for your operating system.