| By Susan Bradley |
In what looks to be an early trick-or-treat, Microsoft released a breathtaking number of updates.
Included in this broad collection of fixes is a critical update for Internet Explorer and other patches that put the brakes on some scary malware.
Internet Explorer gets 10 critical patches
Keeping IE safe seems to require an extraordinary number of resources. MS Security Bulletin MS10-071 credits eight researchers — from companies such as Google, IBM, TippingPoint, and others — for reporting the IE vulnerabilities addressed in this massive, critical patch. Take note: hackers are already using many of these exploits to attack PCs.
This update affects anyone with a current version of Windows and Internet Explorer. If you’re running IE7, the update may offer to install IE8 (the most current version; IE9 is still in beta). You might want to stick with IE7 if you have an older PC.
► What to do: Even if you don’t use IE for your browser, you should accept this patch. If you’re installing updates manually, find the appropriate version of patch KB 2360131 for your OS in Security Bulletin MS10-017 and install it as soon as possible. It’s likely that attacks using these exploits will increase in the coming days.
Microsoft Security Essentials gets an update
I wouldn’t have offered an engine update to Microsoft Security Essentials on top of an enormous patch release, but Microsoft did just that. You can find the latest version at its download site.
Microsoft also changed the end-user license agreement so that small businesses can install MSE on up to 10 PCs. (It can’t be used for businesses running an enterprise version of Windows or on PCs owned by governments and academic institutions.)
Vista and Win7 at risk from Media Player attacks
Conventional wisdom says that Windows XP machines are more at risk than Win7 systems — but not always. This patch, which fixes a vulnerability in the Windows Media Player Network Sharing Service, is rated critical for Windows 7 and important for Vista — for once, Windows XP users are in the clear.