NEWS

Microsoft, McAfee, Firefox Fix Security Loopholes

May 23, 2010 6:43 PM

James Mulroy

Internet_Security_1.jpeg

The bugs keep marching in, with Microsoft, McAfee, and Mozilla all having to deal with serious security-related software problems in the past month.

Another Windows Fix

According to Microsoft, "two privately reported vulnerabilities in Windows Authenticode Verification...could allow remote code execution." In other words, an attacker could take control of your PC by exploiting either of those flaws. The intruder could gain administrator rights, with the ability to add, change, or delete practically any file.

Microsoft has issued an update that addresses the vulnerabilities by performing additional verification operations. This update is critical to all supported versions of Windows, including 98, XP, Vista, and 7, as well as Server 2003, 2008, 2008 R2, 2003, 2000, and 2000 Professional.

If you have automatic updates enabled (recommended), you'll get this update and others instantly. If you do not have automatic updating turned on, Microsoft suggests downloading critical updates manually; go to the Control Panel, click the Windows Update icon, and then select Check for Updates. You can learn more about this patch, and download it manually, at Microsoft TechNet.

McAfee Update Makes Windows PCs Crash

McAfee released an update in mid-April that unfortunately caused Windows PCs to fail spectacularly. The update improperly identified a Windows component known as svchost.exe as a virus, which caused McAfee's software to delete it.

The error was so severe that 8000 of the 25,000 computers at the University of Michigan Health System and Medical School crashed, along with thousands of computers around the world.

Put simply, svchost.exe is a process that hosts other services used by various programs on your PC (read Microsoft's explanation for more-technical details). If you look in Windows Task Manager, you may see quite a few svchost.exe processes running (under "Image Name"), and as you can imagine, attacking all of them could be catastrophic for any system.

The problematic update mostly affected users running Windows XP Service Pack 3. If it affected you, pick up McAfee's SuperDAT Remediation Tool to restore svchost.exe.

Firefox Flaw Corrected

A hole in the Mozilla Firefox Web browser has blossomed into a major flaw. A week after releasing Firefox 3.6.2, Mozilla released version 3.6.3 to address a critical security issue that could allow remote attackers to run commands of their choice.

To fix the bug, download Firefox 3.6.3, or click Help, Check for Updates, Get the New Version in the Firefox toolbar. Mozilla says the bug does not affect versions 3.5 or earlier.

If you still want to obtain and use add-ons that are not compatible with version 3.6, don't worry: Mozilla says that it will issue a patch for Firefox 3.5 in an upcoming release in case another method of exploiting this security hole exists.

 

ALSO READ

Netflix raises fees, watches membership rise in second quarter

Netflix's quarterly numbers are in, and they're looking good. The streaming video service's paid subscriber base grew to a shade under 48 million users during the second quarter. And Netflix says it's topped the 50 million mark for total membership.

Meet We Heart It, the teen social network that brands are watching

Social networks that appeal to women are written off as silly time-wasters (see: Pinterest), and ones that appeal to young girls are taken even less seriously. That's how 7-year-old We Heart It has flown under the radar for all this time, despite amassing millions of users and several high-profile advertisers.

Qplay streaming service to shut down July 25

Sometimes, something that seems like a good idea just doesn't catch on. Streaming video service Qplay is the latest such example: The company announced Saturday that it would close up shop on July 25th.

By the numbers: How Kindle Unlimited compares to other ebook subscriptions

At first blush, Amazon's new Kindle Unlimited book service sounds like a great deal. For $10 a month, U.S. residents get unlimited access to 600,000 ebooks (and 2,000-plus audiobooks), all readable using Amazon's Kindle app. In addition to Amazon's own devices, the Kindle app works on iPhones, iPads, Android devices, and Windows Phones.

Downsizing Microsoft to spin off Nokia's MixRadio music service

As Microsoft looks to slim down with layoffs and restructuring, Nokia is spinning MixRadio into a separate steaming music company.

Expert Opinion

staff-picks-instaweather-100355967-orig_500.png

Our favorite iOS Apps, July edition

As we do every month, Macworld staffers got together to chat about the best apps they've been using recently. Here are some that have recently captured our imaginations (and perhaps a spot on our homescreens), whether they're tiny apps from budding developers or the top-grossing apps that everyone is using. Our hope is that, while you might recognize some of these apps, others you might never have encountered. All of them, we think, are worth a look.

nadella_3_build_2014-100259277-orig_500.jpg

Microsoft's productivity drive could kill software as we know it

On Thursday, Satya Nadella charted a new course for Microsoft, focused on interconnectivity and productivity--one where, conceivably, the company's standard-setting Office applications and other products and services could slowly blur into different modes of working with the same data.

ddr4_corsair2-100313933-orig_500.png

All about DDR4, the next-gen memory coming soon for PCs and mobile devices

New CPU and GPU architectures roil the market pretty much every year--sometimes more than once a year. Yet in spite of the impact that system memory can have on a PC's performance, the industry has relied on the same basic memory architecture for what seems like an eternity--in tech time, at least.

wwdc14_homekit_honeywell-100308020-orig_500.png

Apple's HomeKit hub may already be in your house

At Apple's recent Worldwide Developers Conference, the company announced--among a great many other things--HomeKit, a suite of tools for controlling such devices in your home as thermostats, furnaces and air conditioners, smart appliances, lights, cameras, garage-door openers, and security systems. Apple will provide a platform that these devices will be asked to conform to. Do so, and you can control them all from your iOS device.

Editors Pick

fadell-nest-100254262-orig_500.jpg

Apple doesn't need its own gadgets to dominate the smart home

If you believe the weekend rumors, Apple will announce a connected-home platform next week at WWDC. But before you get too excited about an iThermostat and an iFridge and an iCamera watching you sleep, consider this: If Apple does get into the home-automation market, that doesn't necessarily mean it'll make smart-home gadgets of its own.

surface2_8-100066518-orig_500.jpg

10 things we want to see in Microsoft's Surface Mini

If Microsoft indeed intends to release a shrunk-down Surface Mini this month, as an invite for a "small" Surface event suggests, merely downsizing the tablet's design to fit an 8-inch frame ain't going to cut it. Sure, the Surface Pro 2 and Surface 2 are beautiful pieces of kit, but they're made for big-screen productivity--the Surface Pro is essentially an Ultrabook without a keyboard. That experience won't translate well to a smaller form factor, better suited for content consumption than content creation.

new-lumia_8-100048944-orig_500.jpg

With this phone, I thee wed: How the Nokia-Microsoft union changes everything

There's no getting cold feet now. On Friday, Microsoft's acquisition of Nokia's device business will be official, after months of delays and regulatory hurdles. The remnants of Nokia will get a whopping $7.2 billion. In return, Microsoft will get 32,000 new employees, a legion of Lumias, and oh yeah, those funky Android-based Nokia X phones.

Latest Product Reviews

mediabeam-opener-100356471-orig_500.jpg

MediaBeam: This ultra-cheap streaming stick isn't worth the money

Just what the world needs: another HDMI dongle to compete with Google's Chromecast and Roku's Streaming Stick. Like those popular devices, Ematic's MediaBeam plugs directly into one of your HDTV's HDMI ports in order to stream content.

gearliverainbow-100356115-orig_500.jpg

Samsung Gear Live: It's the world's best smartwatch, but probably not for long

The Gear Live is the best smartwatch I've ever used--but that's not a remarkable achievement considering all the crappy-to-middling efforts we've seen from Samsung, Sony and Qualcomm. If I were being generous, I'd say Samsung finally landed on a simple, wrist-friendly interface that does away with messy nested menus and convoluted features like voice calling.

oneplusone_9211-100356012-orig_500.jpg

OnePlus One: You're in control with this ultra-affordable phone

There's a utopian idea behind the OnePlus One: Offer a phone powered by the latest hardware and featuring a wealth of carrier options without any carrier restrictions. If that doesn't grab you, the price tag might--it's $300 for an off-contract 16GB model, about half of what you'd pay for phones boasting similar specs. But does the phone deliver a premium experience?

app-factoryscreensnapz001-100355394-orig_500.png

App Factory 1.2: Turn your script into a stand-alone app

Editor's note: The following review is part of Macworld's GemFest 2014. Every day (except weekends) from July until September, the Macworld staff will use the Mac Gems blog to briefly cover a standout free, low-cost, or great-value program. You can view a list of this year's apps, updated daily, on our handy GemFest chart, and you can visit the Mac Gems homepage for past Mac Gems reviews.