Office Fix Delayed
After these two strikes, the third swing-and-a-miss came when a problem with Microsoft Update prevented some Office 2007 users from receiving important patches. Microsoft fixed the problem quickly, but the Update snafu caused some people to wait an extra week to receive the patches.
Two of the seven fixed bugs are rated as important for Office 2007. All of them are critical for Office 2000 Service Pack 3, and important for other supported Office versions. Any of these flaws could be hit if you open an e-mailed or downloaded rogue document, and one of the holes is under active attack. So if you are not using Automatic Updates, get the fixes at Microsoft Security Bulletin MS07-025, Security Bulletin MS07-024, and Security Bulletin MS07-023.
These glitches might tempt you to avoid the hassle and stop updating your programs, but remember: A malware infection is much worse.
In Brief
Here are three more fixes to download if you use these products.
Symantec Risk: An ActiveX control added by Norton Personal Firewall 2004 and Norton Internet Security 2004 contains a serious flaw that could permit a takeover of your PC if you use Internet Explorer to open a malicious Web site. For the security fix, either run Symantec LiveUpdate, or pick it up from Symantec Security Response.
Trillian IRC Hole: A risk in Version 3 of the chat client leaves you vulnerable to an attack if you highlight a specially crafted hyperlink sent as part of a message in an IRC chat session. Version 3.1.5.1 closes the hole; download it from Trillian Blogs.
Winamp Fix: Version 5.35 of the media player fixes a flaw that arises if you use the program to open a poisoned MPEG-4 (.mp4) audio or video file downloaded from the Web or received as an e-mail attachment. Get the update from the Winamp site.
Found A hardware or software bug? Send us an e-mail on it to bugs@pcworld.com.
Stuart J. Johnston is a contributing editor for PC World.
Ad Choices