Two Microsoft add-ons for the Mozilla Firefox browser — .NET Framework Assistant and Windows Presentation Foundation — were temporarily blocked this week by Firefox staff because of vulnerabilities announced by the Redmond company on Oct. 13.
Firefox experts may allow the use of both add-ons by the time you read this, but for safety’s sake, users of all browsers should apply the Microsoft patch immediately.
All versions of Windows XP and Vista have been found to be susceptible to infected image files in software and on Web sites, Microsoft announced on Patch Tuesday.
The fix Microsoft released this week for XP and Vista is also needed by the .NET Framework, MS Office versions from XP to 2007, Works 8.5, and Forefront Client Security.
Mozilla has ended support for version 2 of the Firefox browser, so if you haven’t upgraded already, it’s time to get version 3.5.3 (or 3.0.14, if the 3.5 release isn’t compatible with your system).
Now that browsers are the principal entry point for malware, ensuring that you have the latest release is more important than ever.
Three separate browser vulnerabilities make you susceptible to drive-by exploits from otherwise-trustworthy Web sites.
These threats affect you even if you never use Windows Media Player or Internet Explorer, so you should definitely apply this week’s Windows patches.
Microsoft has begun presenting Internet Explorer 8 as an available update to PCs that previously hid IE 8 from the update list.
If you’ve previously declined and hidden IE 8 in one of Microsoft’s update services, you’ll need to do so again to prevent the browser from being part of the download list.
The Active Template Library (ATL) glitch in Microsoft’s Visual Studio, which was the subject of last month’s out-of-cycle update, requires yet more application patching this week.
Outlook Express, Windows Media Player, and various ActiveX controls are all vulnerable to the ATL security hole.
If you previously applied a killbit for an ActiveX flaw in IE, rest easy — there’s no need to undo the killbit prior to installing the full patch that Microsoft’s released.
XP systems with the killbit installed will not be offered the patch automatically, but you can download and install the update manually without having to make any other changes, if you like.
If you applied last week’s workaround for an IE ActiveX vulnerability, you’ll have to undo that change to apply the cumulative update of ActiveX killbits Microsoft released this week.
Anyone who applied the Fix-it workaround won’t see the cumulative patch among the updates being offered to XP systems because the workaround removed the affected Registry keys.
A malware attack masquerading as a video file targets Windows XP and Server 2003 users who visit infected sites.
Microsoft has issued a workaround for the exploit and made it available on the company’s support site, although it’s uncertain when a patch for the vulnerability will be available.
All Windows users need to be aware that Microsoft never links to downloads in its e-mail messages, but always requires a visit to a security bulletin landing page to download a patch.
If you receive an e-mail containing a link promising to upgrade Microsoft Outlook or Outlook Express, you should simply delete the message to avoid being nailed by a Trojan horse.