Cameras
Camcorders
Cell Phones
Components
Desktops
HDTV
Home Theater
GPS
Laptops
Monitors
MP3 Players
Networking &
Printers
Storage
WiFi Finder
Locate wireless services by a specific address, city, state, country, airport, or zip code.
Blogs
- Contributing Editor Stuart J. Johnston advises you on how to fix the latest problems affecting your operating system, your browser, your other software, and your hardware.
Subscribe to this blog
Bugs and Fixes
Thank you, Microsoft. Some months I worry that I won't have much to write about. But the bug factory in Redmond almost assures me of permanent employment.
This month, Microsoft released its most recent cumulative patch for Internet Explorer versions 6.0, 5.5, and 5.01. The patch fixes six newly discovered holes, and it includes all previous security patches. But the patch had been out for less than a day before bug trackers discovered a problem.
Danish bug catcher Thor Larholm and Israeli researchers at GreyMagic Software say the fix for one of the worst bugs works only with IE 6--not with versions 5.5 or 5.01. The bad bug is called a cross-site scripting vulnerability. A hacker could craft a Web page or send an HTML e-mail message that ran as if it were in IE's Local Computer zone. Typically, this zone has lower security settings than IE's Internet zone.
If the Web link or e-mail contained nefarious code, and if you had IE's security set to the lowest setting, the devious code could take over your PC.
Microsoft claims the patch blocks all attacks, but the bug experts say that it stops such attacks only on IE 6. "We have an investigation under way and will respond appropriately," says Christopher Budd, a program manager with Microsoft's Security Response Center. That answer is Microsoft-ese for "We will issue more patches if necessary." No word yet on when or whether Microsoft will do so.
Aside from the fix for cross-scripting, the cumulative patch contains two others that Microsoft calls "critical." One flaw would allow someone to read (but not change or delete) the files on your PC. Another hole would let a malefactor send you a special cookie, either through a Web page that you click or via an HTML e-mail that you open; this evil cookie could read the contents of other cookies.
Your system is protected from e-mail attack through all three holes if you've installed the Outlook E-Mail Security Update or if you're running Outlook 2002 with the "Read as plain text" option enabled.
Jump to Microsoft's Security Bulletin for a link to the cumulative patch. While you're on this Web page, click the Technical Details link for the Outlook update download and for more details about the update.
Microsoft promises that all of these fixes will be included in the upcoming Service Pack 1 for IE 6.0, but the company hasn't said when the service pack will be available.
- Page 1 of 3
- Next »
Top Selling Laptops
Save on Printing Costs
- Great year-end deals
for small business! -
Get 24/7 live remote AT&T Tech Support 360* service along with select Lenovo* PCs (with Intel® Core™ 2 Duo processors) and save up to 200!
-
HP EliteBook* 6930p Notebook with Intel® vPro™ technology and a free HP Basic Docking Station - $641 instant savings!
- *Other names and brands may be claimed as the property of others. ©2009 Intel Corporation. Intel, the Intel logo, vPro and Core trademarks of Intel Corporation in the United States and other countries. All rights reserved.
Dell Laptop Deals
-
Save Hundreds on Dell's Most Popular Laptop Models Inspiron, Studio and Studio XPS Models all at Steep Discounts!
Focus on Personal Productivitysponsored by Microsoft
- Personal Finance 2.0 These free and fee-based Web services not only aggregate data from your online bank accounts, they give you tools for managing your money.
- High-Tech Travel Tips Plenty of stories provide advice for elite mobile professionals. But what about you, the unproductive traveler?
-
People who read this also read:
Best Prices on Desktops
Edge Z30 Midsize Desktop - CustomizablePrice: $1099.00
iMac All-In-One Desktop - CustomizablePrice: $1149.99
Compaq Presario CQ5210F Mini-Tower DesktopPrice: $369.99
Inspiron Zino HD Mini Desktop - CustomizablePrice: $229.00
Touchsmart 300-1020 All-In-One DesktopPrice: $899.00
Inspiron 546 Mini-Tower Desktop - CustomizablePrice: $269.00
All PC World Blogs
- Six Reasons to Not Like Google's Nexus One Google's new Nexus One smartphone will not be an iPhone killer. It may not even be a Droid killer, but it may be Google's first serious and most public misstep.
- Microsoft Tablet to Beat Apple to the Punch? Apple's long-rumored tablet, expected later this month, is not the only new slate-style computer we're likely to see soon.
- Kingston Announces 30GB SSD “Boot Drive” Aggressive pricing for SSDNow V Series drive at February launch
- PDF Converter GDoc Creator Does Its Job For Free Convert Office files to Adobe's popular PDF format with free program gDoc Creator.
- 15 Minutes to a Secure Business Get the Secure in 15 toolkit starting with the "15 Minutes Month-at-a-Glance" calendar. McAfee will send you additional tools and tricks to stay protected around the clock.
- A Buyer's Guide to Data Protection Implementing data protection products and processes can be daunting. Make the right decisions by exploring what is available and what makes sense for your organization. Use this simple guide to evaluate different vendor offerings.
