| By Susan Bradley |
Internet Explorer brings us a digital Valentine in the form of a security update.
Install it on all the PCs you love. An unusual nonsecurity patch might mean we can kiss off malware that automatically runs on flash drives, too.
Big February fix for Internet Explorer
February’s Patch Tuesday includes an important cumulative update for Internet Explorer. It patches four exploits, some already in the wild, as reported in an interesting Microsoft Malware Protection Center blog.
An unpatched IE is vulnerable to attack when it loads Cascading Style Sheets into memory. That makes KB 2482017 a critical patch for all client PCs with IE versions 6, 7, or 8 installed.
► What to do: My tests have revealed no problems with this patch. Given that PCs have already been attacked using the targeted exploits, I recommend installing KB 2482017 as soon as it’s offered. For more information and patch downloads, see MS11-003.
A fix for the malicious-thumbnails threat
I noted this Windows Graphics Rendering Engine bug in the Jan. 13 Patch Watch as one of several unpatched threats. At that time, Microsoft’s only solution was a Fixit. Microsoft is now back with a more permanent patch — one that is critical for all current versions of Windows and Windows Server.
Currently, only proof-of-concept attacks exist for this vulnerability, which is based on malicious thumbnail images. Though these attacks are only theoretical, put this patch on a fast track — especially given our increasing use of network-shared files and cloud-based file-sharing sites.