Yesterday, Microsoft took the unusual step of releasing two emergency updates, one for a Critical Vulnerability in Internet Explorer and another for Visual Studio. It is rare for Microsoft to deviate from it's monthly patch schedule, which should give you an idea of how important this particular update is. Normally, patches are issued once a month (on the second Tuesday).
Users of Internet Explorer in Windows 2000 and XP are being targeted thanks to a Video Active X exploit in DirectShow that is allowing PCs to become compromised.
Many websites have been hacked with a malicious script that checks for the vulnerability and if you visit the website with Windows 2000 or XP and do not have the vulnerability patched, the site will attempt to re-route you to a malicious site that will silently download and execute a keylogging program.
In addition to this latest exploit is another vulnerability in DirectShow that has not been patched by Microsoft either and affects ALL browsers. Both vulnerabilities are dangerous and considered “drive by downloads“.
Patches for these exploits are not yet available via Windows Update but Microsoft has created Advisories for each and Workaround fixes that can be used in the meantime to mitigate your risk.
Microsoft Windows 7 is currently available for Pre-Order until July 11th (while supplies last). At only $49.99, the Premium Home version is a steal. I wasted no time in pre-ordering my upgrade licenses and will be counting down the days until October 22nd (the expected shipping date). If you don't plan on purchasing a new PC in the near future and your PC currently has Windows Vista or XP, this is your best chance to get a fantastic Operating System at a great price.
Windows 7 RC (Release Candidate) is scheduled for May 5 and the final version of Widows 7 is expected to ship during late summer/early fall.
Users currently using Windows Vista will be able to purchase an upgrade version of Windows 7 and upgrade easily to the latest Operating System.
If you currently use Firefox, you'll want to update to version 3.0.8 (just released by Mozilla). This latest version fixes two critical security issues.
Mozilla continues to impress by issuing updates quickly whenever it becomes aware of vulnerabilities in it's browser.
In addition to the two security vulnerabilities, there were also a few bug fixed.
Yesterday, Microsoft released the final version of Internet Explorer 8. I previously described some notable IE 8 features in the beta version and want to urge those currently using older versions of Internet Explorer to take the plunge and upgrade to Internet Explorer 8.
Security and performance improvements in this latest version are vast when compared to older versions and the upgrade is simple as can be. Just download Internet Explorer 8 and run set-up. Your settings, favorites and cookies are easily transferred and the improvements are well worth the time it takes to download and install.
Adobe is warning about a Critical Vulnerability in Adobe Acrobat and Adobe Reader. Until a patch is issued, be wary of any PDFs posted online or received unexpectedly via email. If a malicious PDF file is opened, the vulnerability will allow malicious files to be silently downloaded onto your system. According to reports, this vulnerability is already being exploited.
Just as it's important to visit Windows Updates on a regular basis or have Automatic Updates enabled, it's also necessary to run the latest versions of software to ensure that your PC is protected. Of particular importance is always running the latest versions of Flash Player, Java, Adobe Reader and QuickTime. They have all experienced vulnerabilities in the past that have allowed PCs to become compromised while running the vulnerable versions.
Windows 7 will be available in two primary editions: Home Premium and Professional. In addition there will be an Ultimate version, but it is not expected to receive as much press as the two primary editions and might only be available as an upgrade through Microsoft.
Current Windows XP Users:
Windows XP users will be able to purchase a discounted upgrade license for Windows 7, but the pricing structure for Windows 7 has not yet been released.