From the Washington Post Security Fix Blog
Microsoft Corp. today pushed out software updates to plug at least 11 separate security holes in its Windows operating system and other software.
Windows users can grab the updates via the Microsoft Update Web site, through Automatic Updates, or download individual patches from the Microsoft Download Center.
Four of the vulnerabilities earned a "critical" rating from Redmond, its most severe. Microsoft labels flaws "critical" if they can be exploited remotely with little if any help from the user.
Updates are available for most versions of Windows 2000, Windows XP, Windows Server 2003, and Microsoft Office.
Four of the flaws reside in Office, from Office 2000 all the way up to the latest -- Office 2007. Office patches also are available through Microsoft Update, unless you're an Office 2000 user, in which case you'll need to pay a visit to the Office Update site to complete this month's patch cycle. Office 2000 users also may need to have their Office installation CD handy to finish the installation.
One interesting vulnerability patched today stems from a problem with the firewall built into Windows Vista PCs. From the advisory, there is an "information disclosure vulnerability in Windows Vista that could allow a remote anonymous attacker to send inbound network traffic to the affected system. It would be possible for the attacker to gain information about the system over the network." Microsoft notes that an attacker would still need to know a valid user name and password for the targeted Vista system to access any programs or other resources on the machine.
Companies often take anywhere from a few days to a few weeks to deploy patches, allowing time to test the updates to be sure that they do not break existing software applications. But home users should not delay in applying these updates. If you've heeded my oft-uttered advice to run your system under a limited user account, you will need to log in using an administrator account to install patches.
Recent Posts
- Microsoft Fixes 19 Windows Security Flaws
- Critical Update for Adobe Flash Player
- Take the online privacy quiz
- Microsoft Plugs Three Windows Security Holes
- Tricky Windows Worm Wallops Millions
- Caveat Emptor: Watch Out for Phantom Stores
- Firefox 2 Users Will Get No More Security Updates
- Update for Java Software
- Warning: Financial crisis is a goldmine for online criminals
- Criminals use fake virus warnings
HelpDesk
Microsoft Plugs 15 Security Holes
From the Washington Post Security Fix Blog
Microsoft issued free software updates today to fix at least 15 separate security flaws in its Windows operating system and other software. Windows users can grab the patches by visiting Microsoft Update or by turning on Automatic Updates.
Nine of the 15 flaws earned Microsoft's "critical" rating, its most severe. Critical vulnerabilities are those that are so serious they generally don't require any action on the part of the user to exploit, aside from maybe convincing the user to visit a malicious (or hacked) Web site, or open a specially-crafted e-mail.
Most of the critical vulnerabilities fixed in June's patch batch are addressed in a security roll-up for just about every version of Microsoft's Internet Explorer Web browser, including IE7 and IE7 on Windows Vista. The culprit, again, is a weaknesses with ActiveX controls in the browser that could allow nasty Web sites to seize total control over a user's machine or to silently install software. One of the updates fixes a security hole that criminals already know how to exploit. Microsoft reports that the blueprints for attacking this flaw were posted online.
Another patch bundle is a cumulative update for Outlook Express and Windows Mail that plugs four separate security holes in those programs.
This is a nasty group of vulnerabilities, people. If you are using Windows, you should not delay in downloading and installing these updates.
Before You Call the Helpdesk
Here are a few things we recommend you do before calling the helpdesk. By taking advantage of these tips, your call can be quick and easy and we can get you back on your way as soon as we can.
- You don’t have to be online to call
There are many troubleshooting techniques we can do without your computer being connected to the Internet. You may need to connect at some point to make sure your problem is resolved, but usually that is at the end of the call. It is helpful if you can call from a line other than the one connected to the computer. That way we can test some things with you on the phone. - Write down or memorize the error message you are getting
Your computer rarely ever just says “error”. Chances are there is some written message or a number connected with the error. By knowing this when you call, our staff can head down the right direction to resolve your issue. - Know if anything on your PC has changed recently
Did you just install a new modem or some new software? Let us know. It might be the quick answer. - Is the problem affecting web site browsing, e-mail or both?
There is a big difference between not being able to get online and not being able to check your email. You do need to connect to check your mail, but if you can’t connect, let our technician know that first, rather than say “I can’t get my email”. - Know your version of Windows
There are different steps we need to take to check your settings and resolve your problem depending on what version of Windows or Mac you are running. - Know the last name, username or email associated with your account
The first thing our technician is trained to do is to pull up your account in our database. This ensures your account is active and gives the tech an idea of what services you have. By providing the exact name on file, you and the tech can quickly get to the task of resolving your issue. - Have your Windows CD(s) handy
In cases where you are changing your configuration, sometimes Windows will pop-up and ask for a CD. If you know where this is in advance, you can save a lot of time on your call. - Have your machine turned on and ready, and be at the machine when you call
Our helpdesk is available seven days a week, 24 hours a day. Don’t call from work when your issue is with your home computer. Try and have a phone with you next to the computer so you don’t have to run back and forth to the phone in the kitchen. Turn your machine on and be logged into your desktop. - Try to shut-down and restart your machine before you call
This simple tip will solve a lot of Internet related problems. If you have a few minutes before you call, try it. Don’t simply reboot, actually do “Shut Down” , power it off and restart. This resets all the hardware in your machine and give Windows a chance for a fresh clean start. - Limit your calls to Internet and email-related matters
You can always make an after-hours payment at the helpdesk as well. However our staff isn’t trained to figure out the configuration of your printer or why you keep getting a windows blue screen error. They will probably direct you to a local computer technician.
Our goal is to provide you with an accurate and quick resolution to your problem with a minimum wait time in the queue. If everyone follows these tips, we can keep our hold times low and still be able to spend all the time we need with you to resolve your issue.
Microsoft Windows Security Patches for May
From the Washington Post Security Fix Blog
"Microsoft today issued software updates to plug at least 19 separate security holes in its Windows operating system and other software, including two vulnerabilities that criminals are actively exploiting to take control of Windows PCs. Windows users can install the free updates through the Microsoft Update Web site or via Automatic Updates.
Users who have Office 2000 installed will need to visit Microsoft's Office Update site in order to download the Office patches released today. Depending on which installation option you choose, Office 2000 users may also be asked to insert the original Office installation CD during the process.
It would hardly be Patch Tuesday without security updates for Microsoft's Internet Explorer Web browser, and today's patch batch does not disappoint, fixing six critical IE flaws. The IE bundle also corrects vulnerabilities found in IE5 through IE7, as well as IE7 as installed on Windows Vista systems."
Where Computers Go When They Die
From the new blog from Wall Street Journal Technology Columnist Walt Mossberg:
“Getting rid of an old PC is a predicament that people face when their systems slow down or break down. Here's how to recycle your old computer while making sure that your private data isn't exposed.”
Read the entire post here: Where Computers Go When They Die [The Mossberg Solution]
Intro to Protecting Your Computer From Viruses
From the Consumerist Blog comes this post with an introduction to protecting your computer from viruses.
First Step does protect your email from viruses, but there are many other ways to get viruses, including downloading programs from the Internet and opening files from a floppy or CD-ROM.
New Firefox Version Fixes Flaw
From the Washington Post Security Fix Blog
"If you use Mozilla's Firefox Web browser to surf the Internet, you probably have received a notice that a new version of the browser has been installed. The update brings Firefox to version 2.0.0.3 or version 1.5.0.11, and fixes a single security flaw.
If you haven't received the update alert, you may be using an unsupported and insecure version of Firefox. To determine which version you're running, go to "Help," and "About Mozilla Firefox." If you have an outdated version, take a moment to download the latest version."
Windows Updates: April 2007
Microsoft security updates for April 2007
Microsoft's April 2007 security bulletin includes updates to Microsoft Windows.
Recent Comments