Illustration: James O'BrienLast night I watched an old Stephen King sci-fi thriller called Maximum Overdrive. It was very campy and very bad. The premise: A cometary radiation storm causes all machines--from Mack trucks to the milk-shake maker at the local diner--to come alive and rebel against humans. In the digital universe, PCs are vulnerable to their own kind of external threat: worms designed by hackers to deliberately turn your system against you. Your protection: Patch, patch, and patch your PC.
Microsoft has released critical patches for newly discovered vulnerabilities in Internet Explorer and Windows. One hole involves the way that IE displays Portable Network Graphics files and affects IE 5.01 through 6 Service Pack 1 running on Windows 98 through XP Service Pack 2. (Although PNG is not a widely used graphics file format on the Web, it could be used to launch an attack program.) Things might appear fine in IE--no pop-up errors and no problems viewing sites--until your PC starts deleting files and doing other things, seemingly on its own.
To trigger an attack, you would have to click a link that leads to a cracker's Web site or open an HTML e-mail message that contains a flawed PNG file; these actions allow the attacker's site to send IE too much data at once, creating a buffer overflow error. That leaves a hole in your system through which a damaging program could enter. So avoid the risk by getting the patch here.
Windows Help Files Gone Awry
Microsoft has fixed a glitch in how Windows processes files in the HTML Help system. You don't have to launch a Help file to set off an attack; the malicious code will do it for you. The trigger could be disguised as a bogus banner ad, for example, or a booby-trapped button. The point is to get you to click a link that uses the Help exploit to break into Windows.
A successful assault would let an attack program wreak havoc on a PC. Systems running Windows 98 through XP SP2 are vulnerable. Download the fix here. Fortunately, this and the PNG hole apparently have not yet spawned an attack on anyone's machine.
Microsoft's pilot early-warning service, called Security Advisories (click here to subscribe), has released an important alert and an update. First, Microsoft warned about, and 12 days later patched, a hole in IE that could cause the browser to crash, letting culprits break in. (There have already been attacks, according to the company.) So protect your computer and download the patch.
In the advisory, Microsoft also issued Update Rollup 1 for Windows 2000 Service Pack 4, containing patches released between June 2003 and April 2005.
If you use Adobe Creative Suite 1, Photoshop CS, or Premiere Pro 1.5, and you unintentionally disable your firewall (for example, by accidentally unchecking a box in your network configuration settings), you could be hit by a cyberassault. The problem lies in the app's license management technology. The programs will continue to work; but without the updated license mechanism, your PC is at risk. Bad guys prowling for an unpatched system could slide into yours through this hole. Locate the update here.
A hole in Opera 7.x and 8 could let a cracker launch a pop-up that looks as if it is from a site you're visiting, when in fact it's from the hijacker's site. If you enter the data it asks for (such as a credit card number), you could fall victim to a phishing scam. Get version 8.01 here.
Found A hardware or software bug? Tell us about it via e-mail at bugs@pcworld.com.
Stuart J. Johnston is a contributing editor for PC World.
Ad Choices