Maximum PC security update RSS Feed

Microsoft Releases Out-of-Band Security Patch for Internet Explorer

Bart Salisbury — Tue, 19 Jan 2010 16:57:40 -0600

Last week’s cyber attacks, that targeted Google and several other large U.S. companies, has certainly gotten Microsoft’s attention. The attack was orchestrated, in part, through a zero-day flaw in Internet Explorer (IE). The flaw seems to be obscure, and restricted to IE 6 and IE 7, but that hasn’t stopped Microsoft from releasing an out-of-cycle patch for IE.

Microsoft has acknowledgde the flaw, and says the “vulnerability exists as an invalid pointer reference within Internet Explorer. It is possible under certain conditions for the invalid pointer to be accessed after an object is deleted. In a specially-crafted attack, in attempting to access a freed object, Internet Explorer can be caused to allow remote code execution.”

Microsoft, in an announcement posted today, says the confusion surrounding this particular attack has compelled Microsoft to act now. Microsoft’s primary advice: upgrade to IE 8, which is not affected by this flaw. If you don’t plan to upgrade, then updates for earlier versions will be made available, with specific timing of the updates to be announced tomorrow. In the meantime, Microsoft suggests using the workarounds and mitigations provided in Security Advisory 979352.

Image Credit: Microsoft

Recent Microsoft Patches Causing System Crashes

Bart Salisbury — Mon, 30 Nov 2009 16:56:39 -0600

Stop me if you’ve heard this one before: a security patch issued by Microsoft on November 10 is causing some PCs to crash. Not a simple blue screen of death, mind you, but a black screen of death. Operating systems affected include Windows 7, Vista, and XP; probably so that no Windows user will be denied this blessed experience.

Jeremy Kirk, of the IDG News Services, reports the problem to be linked to Microsoft’s monkeying about with the Access Control List (ACL). The ACL is a list of permissions for the logged-in user. It interacts with registry keys to create visible desktop features, like the sidebar.

The patch changes some of those registry keys, which messes with certain installed applications. These applications are unaware of the registry changes, don’t run properly, and, in a fit of pique, bring the PC to a crashing halt. According to Mel Morris, the CEO of Prevx, a United Kingdom security firm: “If you’ve got this problem, it’s masively debilitating.” Prevx, at its web site, offers a fix for the problem.

Image Credit: Anakin101/Wikipedia Commons

Google Patches Chrome Security Vulnerabilities

Pulkit Chandna — Wed, 10 Sep 2008 19:11:23 -0500

Several security vulnerabilities were reported in Google’s Chrome web browser after its beta version was launched earlier this month with much ado. Google has quickly responded with a security update that fixes four vulnerabilities. The update addresses two buffer overflow vulnerabilities, both rated critical by Google, and two other minor bugs. However, the carpet-bombing threat, first brought to light by security researcher Aviv Raff, still looms.

MS07-069 Windows XP Woes Solved (and We Suggested It First!)

Mark Soper — Thu, 20 Dec 2007 11:12:33 -0600

MS07-069's No Joy - But MS Has the Solution

Microsoft's MS07-069 cumulative security update for Internet Explorer hasn't been the most welcome update this holiday season. As our own Paul Lilly reported, lots of Windows XP SP2 users have no longer been able to connect to the Internet with IE after this update (brought to you by the same Windows Update that gave you Windows Desktop Search 3.01!). We suggested a workaround yesterday, but there's now a definitive solution that requires just a little registry magic.

For Browsing Benefits, Dial KB946627

Microsoft Knowledge Base article 946627 provides the details, which involve creating a new registry key and DWORD value in Windows XP SP2's registry. Here's a hint: save yourself some typing (or mistyping) by copying and pasting the the subkey during the registry editing process. The best news: you're back in business immediately, with no reboot required.

Great Minds Think Alike!

As it turns out, Microsoft's solution in KB article 946627 is the same registry fix detailed as part two of the solution in KB article 942367, which we suggested as a solution yesterday. So, if you already performed the steps we suggested, relax - you've already fixed the problem!

Put This In Our Stockings, Steve and Bill, Please!

Here's a wish for every Windows user this Christmastime: Microsoft, please, please, please test these security updates more thoroughly before they go out. It's absurd to make users need to whip out Regedit to fix problems of this type.