NEWS

Microsoft, McAfee, Firefox Fix Security Loopholes

May 23, 2010 6:43 PM

James Mulroy

Internet_Security_1.jpeg

The bugs keep marching in, with Microsoft, McAfee, and Mozilla all having to deal with serious security-related software problems in the past month.

Another Windows Fix

According to Microsoft, "two privately reported vulnerabilities in Windows Authenticode Verification...could allow remote code execution." In other words, an attacker could take control of your PC by exploiting either of those flaws. The intruder could gain administrator rights, with the ability to add, change, or delete practically any file.

Microsoft has issued an update that addresses the vulnerabilities by performing additional verification operations. This update is critical to all supported versions of Windows, including 98, XP, Vista, and 7, as well as Server 2003, 2008, 2008 R2, 2003, 2000, and 2000 Professional.

If you have automatic updates enabled (recommended), you'll get this update and others instantly. If you do not have automatic updating turned on, Microsoft suggests downloading critical updates manually; go to the Control Panel, click the Windows Update icon, and then select Check for Updates. You can learn more about this patch, and download it manually, at Microsoft TechNet.

McAfee Update Makes Windows PCs Crash

McAfee released an update in mid-April that unfortunately caused Windows PCs to fail spectacularly. The update improperly identified a Windows component known as svchost.exe as a virus, which caused McAfee's software to delete it.

The error was so severe that 8000 of the 25,000 computers at the University of Michigan Health System and Medical School crashed, along with thousands of computers around the world.

Put simply, svchost.exe is a process that hosts other services used by various programs on your PC (read Microsoft's explanation for more-technical details). If you look in Windows Task Manager, you may see quite a few svchost.exe processes running (under "Image Name"), and as you can imagine, attacking all of them could be catastrophic for any system.

The problematic update mostly affected users running Windows XP Service Pack 3. If it affected you, pick up McAfee's SuperDAT Remediation Tool to restore svchost.exe.

Firefox Flaw Corrected

A hole in the Mozilla Firefox Web browser has blossomed into a major flaw. A week after releasing Firefox 3.6.2, Mozilla released version 3.6.3 to address a critical security issue that could allow remote attackers to run commands of their choice.

To fix the bug, download Firefox 3.6.3, or click Help, Check for Updates, Get the New Version in the Firefox toolbar. Mozilla says the bug does not affect versions 3.5 or earlier.

If you still want to obtain and use add-ons that are not compatible with version 3.6, don't worry: Mozilla says that it will issue a patch for Firefox 3.5 in an upcoming release in case another method of exploiting this security hole exists.

 

ALSO READ

Google plans to have your home run Android with Project Brillo and Weave

Google has announced a new Android-based OS that could eventually let you tell your oven to turn on and set the temperature for 350 degrees.

Amazon massively expands free same-day Prime delivery in the U.S.

Amazon is dramatically expanding its same-day delivery service to cover millions of Americans. Called Prime Free Same-Day, the beefed up offering is now available in 14 of the country's major metropolitan areas. The service covers more than one million items in Amazon's store to let you get that GoPro camera or Kindle before bedtime.

TVMC for Kodi makes video piracy uncomfortably easy

Though rarely acknowledged, one of the realities of cutting the pay-TV cord is that piracy can easily fill content gaps. Can't find your favorite show or that movie you've been wanting to see on a legitimate service such as Netflix, HBO Now, or Hulu? There's probably a bootleg stream somewhere, or a torrent you can latch onto.

CBS will 'probably' be part of the new Apple TV service

Fans of CSI, Survivor, and The Good Wife, here's another reason to consider getting the revamped Apple TV service.

Is this for everyone? The growing global connectivity divide in figures

While Western countries have exceeded expectations in ICT growth, the UK is behind Ireland, France and Korea for internet users by population ratio

Expert Opinion

fadell-nest-100254262-orig_500.jpg

Apple doesn't need its own gadgets to dominate the smart home

If you believe the weekend rumors, Apple will announce a connected-home platform next week at WWDC. But before you get too excited about an iThermostat and an iFridge and an iCamera watching you sleep, consider this: If Apple does get into the home-automation market, that doesn't necessarily mean it'll make smart-home gadgets of its own.

Editors Pick

justin_tv-100367814-orig_500.jpg

Justin.tv goes off the air

With all signs pointing to a Google purchase of Twitch, the company behind Justin.tv has shut down the live video service.

my_verizon_mobile-100367793-orig_500.png

Verizon fires back at FCC over data throttling

The FCC called out Verizon for its plans to throttle customers with unlimited data plans who use the most data, so the carrier responded.

unionstreet_yelp-100366548-orig_500.png

Business faces backlash after threatening $500 fines for negative Yelp reviews

Businesses who don't know how to manage their social media presence should remember that the Internet can be vicious.

Latest Product Reviews

key-ingredient-tablet-100566733-orig_500.png

Key Ingredient kitchen tablet review: Yummy recipes can't rescue this crummy tablet

Meatballs. Giant bacon-wrapped meatballs. The Key Ingredient Recipe tablet suggested this fantastic idea to me when I searched for a meatball recipe. It's a good thing the meatballs were tasty, because that's about the only thing this tablet gets right.