Still on Windows XP? Me too. So we’ll both want to be sure to install Windows XP Service Pack 3 (SP3), which should be available from Microsoft by the time you read this.
SP3 will come via Automatic Updates, and like most service packs, it focuses on must-have bug fixes. Unlike SP2, which included big changes with the Windows Security Center, this third pack adds new functionality only for enterprise networks.
You might remember that XP SP1 was an installation nightmare for quite a few people. Good thing Microsoft does too. So, as it did two months ago when it released Vista SP1, Redmond is providing free technical support for XP Home users (or call 866/234-6020) to help you get XP SP3 installed and running. And if you’re not using Automatic Updates, look for SP3 at the Microsoft Download Center.
Summer Brings Out the Bugs
Meanwhile, summer is here, and the bugs are out in full force. Microsoft, Apple, and Adobe all have a long list of creepy crawlies to stomp out.
Microsoft recently released four critical security patches–two for Windows and two for IE–that together fix five nasty holes. All could hand over control of your PC to a misanthropic hacker.
Four of these holes affect virtually every currently supported version of Windows, including Windows 2000 SP4 through Vista with SP1 installed, as well as IE 6 and 7. What’s more, hackers already have proof-of-concept code, often an attack precursor, up online.
Like most attacks these days, all you need to do is click open a rogue file attachment–the security firm SecurityTracker says it would be an HTML file with an unregistered MIME type–or view a booby-trapped Web page to get nailed. So if you haven’t already received the patches via auto updates, you can garner more details and links to manually download them.
Flash and QuickTime Holes
Adobe’s Flash Player has its own share of bug tussles this month. Flash Player 9.0.124.0 (the latest version) fixes seven bad security holes, any one of which could hand over your data or open the door to a ‘bot’ infection. An attacker would strike when you view a malicious Flash media (.swf) file, which could happen if you simply visit a site. Get more information and links to the downloads.
Not to be outdone, Apple has a bushel of fixes that close 12 security glitches (10 of them critical) in QuickTime. The holes entail the usual risk of losing control of your PC if you break the “be careful where you click” rule and open a poisoned file attachment or click a link to visit a Web page with malicious code.
Security researcher Secunia rates the QuickTime patches as “highly critical”–one step below its “abandon all hope, ye who enter here,” worst-case rating.
Apple’s patch updates the media player to the fixed version 7.4.5, and is available for Mac OS X as well as Windows operating systems. Find the download and more information. http://support.apple.com/kb/HT1222
Together, these Flash and QuickTime bugs showcase why it’s important to click yes on those annoying ‘update available’ pop-ups to get security patches for all your software. Yes, it’s aggravating when Apple abuses the process by pushing out new software (Safari) along with updates. But remember this: Adobe estimates that Flash sits on something like 95 percent of all PCs in use today. That makes it a nice, juicy target for hackers.
Comment: [email protected]