Windows XP support is entering its final stages. This coming Tuesday will see the release of some of the last security patches for the operating system which, despite its advanced age, still commands a sizable share of the PC market and simply refuses to die.
We can't stop playing Skyrim. Well, except for when it forces us to stop -- for instance, with a show-stopping crash or, er, a physics-defying dragon. Bethesda's already patched its massively single-player RPG opus once (to mixed results), but it's not sheathing its bug-smashing mallet any time soon. That said -- much as we appreciate patch notes like “Fixed occasional issue where a guest would arrive to the player’s wedding dead” -- small tweaks to Bethesda's enormous game are hardly the only things we have to look forward to.
We have a feeling that someone sarcastically uttered the phrase “What could possibly go wrong?” before pressing Dead Island's big, red “launch on Steam” button, because how else could things have gone this wrong? Dead Island released in a fittingly festering state, ridden with wriggly, sometimes game-breaking bugs. After a bit of digging, intrepid Steam forum-goers discovered the culprit: a bit of game code that read “Xbox Live Submission Project Version.” Whoops.
The said vulnerability, which can be used by an attacker to take control of the affected system, also affects Flash Player 10.1.85.3 (and earlier), but the hole in Flash has already been plugged with the release of version 10.1.102.64 earlier this month. Besides CVE-2010-3654, the updates also addressees a “potential issue” (CVE-2010-4091) in certain versions of Reader.
“Note that these updates represent an out-of-cycle release. The next quarterly security updates for Adobe Reader and Acrobat are scheduled for February 8, 2011,” said Adobe in the advisory.
We suppose that – on some level – Fallout: New Vegas' ticking time bomb-like tendency to blow up in your face at the slightest provocation is fitting, given the subject matter. However, that doesn't make it any less annoying to have your ninth 26-hour marathon session derailed by a full-stop crash or a quest that requires you to speak with someone who's somehow managed to teleport into the core of the earth. Fortunately, Bethesda's announced that New Vegas' days as a glitchy, uninhabitable wasteland are numbered. Soon, it'll just be a normal uninhabitable wasteland.
“We’re currently running final testing and certification on a comprehensive patch for all three platforms (PC, Xbox 360 and PlayStation 3), so we’ll have something available in the coming weeks. When we have more details, we’ll let you know,” the publisher wrote on its official blog.
“In the meantime, an incremental update for PC should be going up by early next week that will fix the save corruption issues and problems with companions, as well as improve performance for NVIDIA users and resolve some issues reported with Havok.”
So hooray and stuff. Still though, next time you make a game, Obsidian, do you think you could, you know, finish it? Perferably before you release it? This isn't the first time this has happened, after all, but we'd definitely like it to be the last.
If you’re a Windows user and you haven’t done your updates for this patch Tuesday, put it on your to-do list. The Redmond software giant has pushed out updates that patch several major security holes in Internet Explorer, one of which already has a code exploit in the wild. The fixes address problems that could allow remote attackers to gain control of a system running previously installed malware found on the internet.
Security firm Tipping Point disclosed three of the IE vulnerabilities this past summer through their Zero Day Initiative. "Vulnerabilities in IE are generally pretty serious because all you have to do is go to a web page or get referred to one that has malicious code on it,” said Tipping Point’s Jason Avery. Patches today also covered several holes in Office and Integrated Windows Authentication and Indeo Codec in XP and Server 2003. So get updating everyone.
Microsoft's security team is having a busy month when that traditionally hasn't been the case in November. As such, IT departments need to prepare for six security updates next week to fix flaws in both Windows and Office.
"Six is the lucky number this month," said Andrew Storms, director of security operations at nCircle Network Security. "Really, anything less than 13 is a lucky number."
That's only half as many that were issued last month, which set the record for the most updates ever since Microsoft starting shipping the monthly patches six years ago. But next week's updates, which will patch 15 separate vulnerabilities, also sets a record for November, a month that's traditionally been pretty low-key.
On the bright side, none of next Tuesday's updates affect Microsoft's recently released Windows 7 operating system.
Security flaws in Adobe reader and Acrobat are nothing new, but in a recent round of updates, Adobe has patched 29 vulnerabilities at once. The updates also included a new software updater that should, once activated, deliver patches in a more effective way.
This will be a welcome change for anyone that’s had to use the current updater. It only checks for updates to Adobe software weekly, and given the frequency of exploits in their products, it isn’t enough. Some updates would even mysteriously vanish from the updater, leaving users vulnerable. This should all change with the new version.
The other vulnerabilities addressed in the set of patches revolved mostly around remote code execution attacks. One of which was already in use around the internet. Adobe warned Mac and Unix users that the same vulnerabilities exist on their platforms as well. The internet is a dangerous place.
Microsoft has ended support for Office 2000, which was launched a decade ago. The productivity suite had been in its extended support period since July 1, 2004, which elapsed on Tuesday. If your heart still beats for Office 2000 for some reason, you can find all the patches that were released for Office 2000, during its 10-year support lifecycle, on the Download Center.
Microsoft is gearing up to enter a new era with its upcoming Office 2010 productivity suite. The company launched a limited-by-invitation technical preview of Office 2010 on Monday. It has also announced it plans to offer a web-based version of the application suite called Office Online.
This holiday weekend many of you will be kicking back with a cold one, firing up the grill, spectating your local fireworks display, and perhaps catching up on a videogame or two when the festivities all come to an end. But while you're busy unwinding, hackers continue to look for ways to distribute malicious code and exploit vulnerabilities. Don't let what's supposed to be a relaxing weekend turn into a hair-pulling experience because you were caught off guard.
Update to Opera 9.5.1
Opera Software unveiled version 9.5 of its flagship browser less than a month ago, and the first major update is now available. Patching Opera to version 9.5.1 addresses several bugs and stability issues, and at least one "highly critical" vulnerability that could be used to execute arbitrary code. And it's not just Windows users that should install the update, but Mac OS X and Linux lovers too. Areas addressed in the update include:
Display and Scripting
View the 9.5.1 changelog for a detailed list of changes, and then hit the jump to see why you should be extra cautious about using the VLC Media Player.