| By Susan Bradley |
This month’s patches include a cumulative update for IE that plugs two holes allowing remote-code execution of malware.
Don’t wait to download and install this patch, which will likely be exploited by virus authors very soon.
Protect IE against drive-by Web infections
There’s an unusual Internet Explorer patch among this month’s updates from Microsoft. Patching IE isn’t unusual, but patching only the newer versions 7 and 8 is. To download and install the patch for IE 7, visit the Microsoft Update site. If you use IE 8, browse to Microsoft Help and Support article 961260 and scroll down the page to find the update download. IE 6 users don’t need this patch.
The cumulative security update addresses two vulnerabilities that allow bad guys to plant malware on a site that downloads automatically when the page opens in your browser. I expect we’ll soon see this used in Web-based attacks, so if you use IE 7 or 8 while logged in a Windows administrator account — as many people do — you need to install this patch as soon as possible.
When I tested the patch, I didn’t have to do any additional tweaking to ensure that it worked with firewalls. If you encounter problems with the update, my standard guidance applies: before uninstalling the patch, try disabling and then re-enabling your antivirus software and review your firewall settings to ensure they aren’t blocking your browser.
You’ll find more information about the update in this Microsoft TechNet article.
Time to kill off a few more ActiveX bits
If you download software from various vendor sites, you have likely received an ActiveX control for Akamai’s Download Manager program. The patch described in Microsoft Security Advisory 960715 disables this ActiveX control. The action was taken at the request of Akamai. When you return to an Akamai download location, you’ll be prompted to install the new ActiveX controls, as described in Akamai’s advisory. Installing the ActiveX kill-bit patch allows you to deactivate the bit without having to visit a site that uses the Akamai download app.