Computer maintenance tips, information, and technology news
Category: <span>PC Security</span>

Category: PC Security

Windows LNK Vulnerability Patched

On Monday, Microsoft issued an Out of Band Security Update for Windows 7, Vista, and Windows XP (SP3) to stop the spread of a vicious new worm taking advantage of a vulnerability in Windows LNK (shortcut) files. The vulnerability is already being used by malware. The update (KB2286198) will automatically install if you have Windows Update enabled. If you don't currently use Automatic Updates, you need to install the patch without delay.

More Adobe Updates!

Adobe is again issuing updates to it's Flash and Reader programs to prevent malware from having the upper hand. While it may seem like a hassle to have to keep updating Flash and Reader, it is important to keep these programs updated because they are becoming the preferred target of Malware trying to make it's way into our computers.

Use Adobe Reader? Disable JavaScript!

A new vulnerability has been found in Adobe Reader and Adobe Acrobat. In order to stay protected until a patch is issued, Adobe recommends that users disable JavaScript in these programs.

Disabling JavaScript is a fast, simple procedure. From within Adobe Reader, go to Edit, choose Preferences, then on the left-side of the window, click JavaScript. Uncheck Enable Acrobat JavaScript, then click OK.

Adobe is expected to issue a patch for this vulnerability during the second week of January. Until then, you can stay protected by disabling JavaScript.

Emergency Microsoft Windows Patches

Yesterday, Microsoft took the unusual step of releasing two emergency updates, one for a Critical Vulnerability in Internet Explorer and another for Visual Studio. It is rare for Microsoft to deviate from it's monthly patch schedule, which should give you an idea of how important this particular update is. Normally, patches are issued once a month (on the second Tuesday).

DirectShow Vulnerabilities

Users of Internet Explorer in Windows 2000 and XP are being targeted thanks to a Video Active X exploit in DirectShow that is allowing PCs to become compromised.

Many websites have been hacked with a malicious script that checks for the vulnerability and if you visit the website with Windows 2000 or XP and do not have the vulnerability patched, the site will attempt to re-route you to a malicious site that will silently download and execute a keylogging program.

In addition to this latest exploit is another vulnerability in DirectShow that has not been patched by Microsoft either and affects ALL browsers. Both vulnerabilities are dangerous and considered “drive by downloads“.

Patches for these exploits are not yet available via Windows Update but Microsoft has created Advisories for each and Workaround fixes that can be used in the meantime to mitigate your risk.

PDF Vulnerability

Adobe is warning about a Critical Vulnerability in Adobe Acrobat and Adobe Reader. Until a patch is issued, be wary of any PDFs posted online or received unexpectedly via email. If a malicious PDF file is opened, the vulnerability will allow malicious files to be silently downloaded onto your system. According to reports, this vulnerability is already being exploited.