Security Tango - Keep Your Computer Clean

Microsoft's Monthly Visitor- June 2007
Wed 13 Jun 2007 6:37 PM

Microsoft's latest update/patch/fix/whatever includes something for everyone. There are six patches just for Internet Explorer (only one of which has been publicly disclosed). Microsoft said that all but one of them could allow system hijacking if a user were to visit a malicious Web page. One of the flaws allows spoofing, and also requires a malicious Web page visit. These IE fixes are critical for those of you running XP with Service Pack 2, the Professional x64 Edition, or the x64 Edition with Service Pack 2. Actually, these flaws affect every version of Windows to some degree or another, so updating would be strongly recommended in this instance.

You Vista users (and you know who you are) shouldn't be sitting there all smug 'n' stuff - you've got your own share of problems. There are four vulnerabilities in Windows Mail in Vista (actually, these are basically Internet Explorer problems, too). Three of these flaws could publish information about you without your knowledge, and the fourth could let someone hijack your machine via the Internet. Again, using accounts correctly - never running as Administrator, but as a regular user - helps against some of these flaws. But not all of them.

There are other flaws as well. I know we've seen problems with Microsoft updates in the past, and many of you like to wait to update until the third or fourth day, to let the pioneers get the arrows in their backs and, more importantly, report them. But there are a couple of problems with that approach. First, every installation of Windows is slightly different from any other; this uniqueness makes it impossible to accurately predict if you'll have a problem or not with a particular update. Second, not doing the updates and yet continuing to go online is just one more form of Russian Roulette. Many exploits for these flaws are already out there - some have been out for months - so not updating means that you're pretty vulnerable out there.

Visio also has come patches this time around. Two that were reported privately to Microsoft, and a whole bunch more that they found while they were investigating those two. And there's a patch for Vista itself which, of course, you won't get if you're running XP.

Back to the blog

All blog contents are published under

, including

The Ask Nick!™ The Ask Nick!™ Security Security Tango™ Tango™ Sponsored by Sponsored by

Tango Links: Home Let's Dance! Good Passwords Nick's Blog Get the CD Definitions Security News Blame, Credits, etc. Windows Links: *Anti-Virus:* McAfee Security Symantec (Norton) CA's eTrust Grisoft's AVG avast! Panda Software *Anti-Malware:* SuperAntiSpyware Malwarebytes *Firewalls:* ZoneAlarm McAfee Firewall Norton Firewall	Microsoft's Monthly Visitor- June 2007 Wed 13 Jun 2007 6:37 PM Microsoft's latest update/patch/fix/whatever includes something for everyone. There are six patches just for Internet Explorer (only one of which has been publicly disclosed). Microsoft said that all but one of them could allow system hijacking if a user were to visit a malicious Web page. One of the flaws allows spoofing, and also requires a malicious Web page visit. These IE fixes are critical for those of you running XP with Service Pack 2, the Professional x64 Edition, or the x64 Edition with Service Pack 2. Actually, these flaws affect every version of Windows to some degree or another, so updating would be strongly recommended in this instance. You Vista users (and you know who you are) shouldn't be sitting there all smug 'n' stuff - you've got your own share of problems. There are four vulnerabilities in Windows Mail in Vista (actually, these are basically Internet Explorer problems, too). Three of these flaws could publish information about you without your knowledge, and the fourth could let someone hijack your machine via the Internet. Again, using accounts correctly - never running as Administrator, but as a regular user - helps against some of these flaws. But not all of them. There are other flaws as well. I know we've seen problems with Microsoft updates in the past, and many of you like to wait to update until the third or fourth day, to let the pioneers get the arrows in their backs and, more importantly, report them. But there are a couple of problems with that approach. First, every installation of Windows is slightly different from any other; this uniqueness makes it impossible to accurately predict if you'll have a problem or not with a particular update. Second, not doing the updates and yet continuing to go online is just one more form of Russian Roulette. Many exploits for these flaws are already out there - some have been out for months - so not updating means that you're pretty vulnerable out there. Visio also has come patches this time around. Two that were reported privately to Microsoft, and a whole bunch more that they found while they were investigating those two. And there's a patch for Vista itself which, of course, you won't get if you're running XP. Back to the blog All blog contents are published under , including
Text, "Security Tango," and logo Copyright © 2010 Nick Francesco Hosting provided by CLSS Enterprises, the greatest host on Earth This page has been accessed 352,252* times.*