Stymie Malicious Media, Network Attacks

Fix media-file flaws on PCs and Macs, and block Vista network attacks.

ESSENTIAL OS fixes are big this month. And fans of free software need to update their Firefox and OpenOffice copies. Apple’s QuickTime 7.6.4 update revises the program’s handling of .fpx, .mov, and .mp4 files on Windows XP, Vista, or 7, or Mac OS X (not Snow Leopard). In QuickTime, click Help¨Update Existing Software to ensure that you have version 7.6.4 (for details, see find.pcworld.com/63917). Microsoft’s patch plugs a security hole in the way Windows 2000, XP, Server 2003, Vista, and Server 2008 (but not Windows 7) process .asf or .mp3 media files. Microsoft’s bulletin (find.pcworld.com/ 63918) lists many vulnerable combinations of Windows Media Format Runtime and OS versions; run Windows Update to confirm you have the fix.


Network Flaws
Windows Vista and Server 2008 are vulnerable to several network-based security flaws. One, an SMBv2 file-sharing hole could let a remote attacker take over a machine. Microsoft hasn’t yet released a patch, but at find.pcworld.com/63919 the company has posted a “Fix It” for disabling SMBv2. File sharing should work, but it may be slow.
Microsoft did patch a flaw that malicious TCP/IP packets sent across a network might exploit. On Vista and Server 2008, that could mean a full takeover; on Windows 2000, Server 2003, and XP, a system crash is likelier. Microsoft won’t release a patch for Windows 2000 (see find. pcworld.com/63920) or XP (which by de - fault doesn’t accept the perilous packets). A network problem in the Wireless LAN AutoConfig Service (find.pcworld.com/63921) could let remote attackers “own” vulnerable Vista or Server 2008 systems. PCs that lack wireless cards or run other Windows versions are safe. A firewall will help block such Web-based assaults. Two more Microsoft patches correct critical flaws that might let code hidden on a Web page run commands on a vulnerable PC. One, in the JScript Scripting Engine (find.pcworld.com/63922), affects Windows 2000, XP, Server 2003, Vista, and Server 2008. The other involves the DHTML Editing Component ActiveX control (find.pcworld.com/63923), and is critical for Windows XP and 2000 only. Windows Update has both fixes, as usual.


Fixes for Free Software
If you use the OpenOffice productivity suite, update to version 3.1.1 or later to avoid a critical problem in how OpenOffice handles Microsoft Word documents. If you open a tainted .doc file, an attacker could take over your PC. Click Help¨Check for Updates to see whether you have the latest version (read more at find.pcworld.com/63924). Firefox versions 3.5.3 and 3.0.14 correct three critical flaws. Click Help¨Check for Updates, and see Mozilla’s Firefox 3.0 (find.pcworld.com/63925) and 3.5 (find. pcworld.com/63926) security advisories. Firefox 3.0 and 3.5 include a security feature that warns you to update Flash if your version is vulnerable; they also provide a link to the Flash download site. If you use Mac OS X versions 10.4 through 10.5.8, fire up Software Update to pick up Security Update 2009-005, which fixes image file, PDF file, or Web site holes (see find.pcworld.com/63929).

Source of Information : PC World December 2009

0 comments:

Subscribe to Computing Tech

Enter your email address:

Delivered by FeedBurner

Add to Technorati Favorites Top Blogs