Just What Color Is a Security Hole?

Patch critical flaws in a color manager and IE. Plus: Opera, Office fixes.
3 min read
Brought to you by PCWorld

Computer attacks in space are no longer the stuff of science fiction: Recently, laptops on the International Space Station turned out to have computer viruses. NASA believes that the malware--a password stealer that targets online games--may have infected the laptops via a USB thumb drive that one of the astronauts carried aboard. While it wasn't much of a threat, it just goes to show that the little buggers are everywhere.

One flaw in the largely forgotten Windows Image Color Management (ICM) system allows a villain to take over your PC if you view a tainted image displayed on a Web page or embedded in an Office document or e-mail. This is one of 19 holes for which Microsoft issued six "critical" patches; attackers could use them for their malicious creations (no booster rocket required). Though ICM (meant to ensure that colors display correctly on different devices) never caught on, the insecure code still resides in Windows 2000 Service Pack 4 (SP4) through XP SP3 and Windows Server 2003. Vista users are safe.

Luckily for us, Microsoft distributed the patch via Automatic Updates before real-world attacks could erupt.
Browser Busters

Another must-have patch fixes five major holes in Internet Explorer. Both IE 6 and IE 7 are vulnerable on all supported versions of Windows, from Windows 2000 SP4 through Vista SP1. The flaws allow targeting of an affected PC via, as usual, rigged Web pages or poisoned banner ads. Crackers have published proof-of-concept code online for one of these holes, but no known active attacks have struck against any of them. Before that changes, grab the fix from Automatic Updates or from Microsoft's site.

IE isn't the only browser at risk: On the heels of last month's Opera 9.51 update, the company issued another seven serious security fixes in version 9.52, along with a fix for a Gmail display problem.

Opera lacks an auto-update feature, so you'll need to download the new version of the browser.
Office Takes a Hit

Last month I warned you about an unpatched hole in Microsoft's Snapshot Viewer for the Access database, which could allow a crook to nail anyone with a vulnerable version of Office with Access or an Internet Explorer plug-in that displays database reports. Office 2000, 2002 (XP), and 2003 are at risk, but not Office 2007.

Microsoft has since released a patch batch, and it closes similar holes that are rated "critical" for Excel and PowerPoint 2000, along with three other critical flaws in Excel and two PowerPoint bugs.

Yet another Office 2000 patch corrects five security glitches in various filters for importing .eps, .bmp, and .pict graphics files into Office. Grab all the fixes using Automatic Updates, or get the Snapshot patch and the Excel fix from Microsoft's site.


More from Entrepreneur
Our Franchise Advisors will guide you through the entire franchising process, for FREE!
  1. Book a one-on-one session with a Franchise Advisor
  2. Take a survey about your needs & goals
  3. Find your ideal franchise
  4. Learn about that franchise
  5. Meet the franchisor
  6. Receive the best business resources
Entrepreneur Insider members enjoy exclusive access to business resources for just $5/mo:
  • Premium articles, videos, and webinars
  • An ad-free experience
  • A weekly newsletter
  • A 1-year Entrepreneur magazine subscription delivered directly to you
Try a risk-free trial of Entrepreneur’s BIZ PLANNING PLUS powered by LivePlan for 60 days:
  • Get step-by-step guidance for writing your plan
  • Gain inspiration from 500+ sample plans
  • Utilize business and legal templates
  • And much more

Latest on Entrepreneur