NEWS

Microsoft, McAfee, Firefox Fix Security Loopholes

May 23, 2010 6:43 PM

James Mulroy

Internet_Security_1.jpeg

The bugs keep marching in, with Microsoft, McAfee, and Mozilla all having to deal with serious security-related software problems in the past month.

Another Windows Fix

According to Microsoft, "two privately reported vulnerabilities in Windows Authenticode Verification...could allow remote code execution." In other words, an attacker could take control of your PC by exploiting either of those flaws. The intruder could gain administrator rights, with the ability to add, change, or delete practically any file.

Microsoft has issued an update that addresses the vulnerabilities by performing additional verification operations. This update is critical to all supported versions of Windows, including 98, XP, Vista, and 7, as well as Server 2003, 2008, 2008 R2, 2003, 2000, and 2000 Professional.

If you have automatic updates enabled (recommended), you'll get this update and others instantly. If you do not have automatic updating turned on, Microsoft suggests downloading critical updates manually; go to the Control Panel, click the Windows Update icon, and then select Check for Updates. You can learn more about this patch, and download it manually, at Microsoft TechNet.

McAfee Update Makes Windows PCs Crash

McAfee released an update in mid-April that unfortunately caused Windows PCs to fail spectacularly. The update improperly identified a Windows component known as svchost.exe as a virus, which caused McAfee's software to delete it.

The error was so severe that 8000 of the 25,000 computers at the University of Michigan Health System and Medical School crashed, along with thousands of computers around the world.

Put simply, svchost.exe is a process that hosts other services used by various programs on your PC (read Microsoft's explanation for more-technical details). If you look in Windows Task Manager, you may see quite a few svchost.exe processes running (under "Image Name"), and as you can imagine, attacking all of them could be catastrophic for any system.

The problematic update mostly affected users running Windows XP Service Pack 3. If it affected you, pick up McAfee's SuperDAT Remediation Tool to restore svchost.exe.

Firefox Flaw Corrected

A hole in the Mozilla Firefox Web browser has blossomed into a major flaw. A week after releasing Firefox 3.6.2, Mozilla released version 3.6.3 to address a critical security issue that could allow remote attackers to run commands of their choice.

To fix the bug, download Firefox 3.6.3, or click Help, Check for Updates, Get the New Version in the Firefox toolbar. Mozilla says the bug does not affect versions 3.5 or earlier.

If you still want to obtain and use add-ons that are not compatible with version 3.6, don't worry: Mozilla says that it will issue a patch for Firefox 3.5 in an upcoming release in case another method of exploiting this security hole exists.

 

ALSO READ

Apple Pay nets a discount from banks, Walmart says 'no thanks'

If phones are going to replace wallets, everyone has to get on board. Banks, stores, phone manufacturers, and you, the customer, are all needed to take mobile payments mainstream. That's why Apple Pay has a shot at succeeding where Google Wallet failed: Apple created an NFC-equipped phone and made your wallet seem like a horrific albatross that is literally ruining your life. But before all that, the company nailed down banks and retailers. Well, not all retailers.

ESPN still pondering standalone streaming service, but not the one you want

Current ESPN channels won't be part of any Netflix-style subscription model

Amazon plans to move UK HQ from Slough to London

Yet to decide which London office will be new HQ

Visa to work with Apple on bringing Apple Pay to Europe

Launches in US next month on new iPhone 6 and iPhone 6 Plus

Microsoft's working to make Xbox games stream right to your browser, report claims

If a new report is to be believed, Microsoft is working on PC-based streaming of Xbox games.

Expert Opinion

instamatic-100357662-orig_500.jpg

Don't worry, be snappy: Stop complaining about your digital camera

When one has done something long enough (and, for the sake of this particular argument, let's say living can be reasonably counted among them) there's a tendency to take the long view--we have some notion of where we've been as well as how things are now. Recent complaints about the state of Apple and photography have compelled me to take a journey down the historical highway in the hope of gaining some perspective on just where we stand in regard to taking and making images with our cameras.

screen-shot-2014-07-17-at-17.29.11-100358369-orig_500.png

Why you should care about CloudKit

If you've lived through the last couple iterations of OS X and iOS, you've probably had the opportunity to develop a special love/hate relationship with iCloud. Apple's cloud service suite is made up of many different parts and systems, and while it's great when it works, it also has a history of being prone to hard-to-diagnose outages and, for developers, obscure error messages.

macosx-publicbeta-100357625-orig_500.png

With Yosemite public beta, Apple's more open than ever

Just a few years after a big leadership transition, Apple announced not only a brand new operating system but said they would be offering a public beta to interested customers. Sound familiar? The year was 2000 and the OS in question was the very first version of OS X. Now, 14 years later, Apple's once again inviting users to come and check out the Mac's latest and greatest operating system before its impending release.

wwdc14_homekit_honeywell-100308020-orig_500.png

Apple's HomeKit hub may already be in your house

At Apple's recent Worldwide Developers Conference, the company announced--among a great many other things--HomeKit, a suite of tools for controlling such devices in your home as thermostats, furnaces and air conditioners, smart appliances, lights, cameras, garage-door openers, and security systems. Apple will provide a platform that these devices will be asked to conform to. Do so, and you can control them all from your iOS device.

Editors Pick

justin_tv-100367814-orig_500.jpg

Justin.tv goes off the air

With all signs pointing to a Google purchase of Twitch, the company behind Justin.tv has shut down the live video service.

my_verizon_mobile-100367793-orig_500.png

Verizon fires back at FCC over data throttling

The FCC called out Verizon for its plans to throttle customers with unlimited data plans who use the most data, so the carrier responded.

wasteland2_1-100366521-orig_500.jpg

Wasteland 2 preview: When deeply branching gameplay meets pistol-packing post-apocalyptic priests

After a successful Kickstarter run, Wasteland 2 is almost ready for release

unionstreet_yelp-100366548-orig_500.png

Business faces backlash after threatening $500 fines for negative Yelp reviews

Businesses who don't know how to manage their social media presence should remember that the Internet can be vicious.

Latest Product Reviews

networkradar-100361188-orig_500.png

Network Radar: Mac app checks your network health

Apple's own Network Utility is pretty handy for basic network troubleshooting, but if you need to go above and beyond what it offers, Daniel Diener's $20 Network Radar (Mac App Store link) is a powerful step up.

asana-home-screen-iphone-100365003-orig_500.jpg

Asana: a full-featured task manager for iOS devices

The new mobile app for Asana's popular task management service lets iPhone and iPad users run their collaborative undertakings on the go.

macbook-pro-group2-100365552-orig_500.jpg

MacBook Pro (Mid 2014): Minor update offers slightly better CPU performance

Last week, Apple updated its Retina MacBook Pro line, and while the new models are identical on the outside to their 13- and 15-inch predecessors, released late last year, the "Mid 2014" models feature processors that are just a little bit faster. As modest as these internal improvements are, they do provide more performance bang for the buck.

contexts_prefs-100360658-large_500.png

Contexts: Make your OS X windows more manageable

Contexts 1.4 supplements--and can even replace--OS X's window management tools, and it does so in a way that is legitimately useful, especially if you rely on keyboard shortcuts to navigate your Mac.

ipad-portable-recording-studio-fig_8_mix_page_auria-100365044-orig_500.png

Keep it Reel: Record, mix, and release a professional recording on your iPad

The iPad has become an incredible tool for musicians who wish to quickly and confidently record and produce live music on their tablet. Recently, I had the opportunity to produce and record a session for Ella Joy Meir, using just my iPad, software, and recording accessories. Last week, I covered when you might want to use an iPad and what you need to get started; now, let's talk about the actual recording and post-production process.