Just What Color Is a Security Hole?
Patch critical flaws in a color manager and IE. Plus: Opera, Office fixes.
Computer attacks in space are no longer the stuff of science fiction: Recently, laptops on the International Space Station turned out to have computer viruses. NASA believes that the malware--a password stealer that targets online games--may have infected the laptops via a USB thumb drive that one of the astronauts carried aboard. While it wasn't much of a threat, it just goes to show that the little buggers are everywhere.
One flaw in the largely forgotten Windows Image Color Management (ICM) system allows a villain to take over your PC if you view a tainted image displayed on a Web page or embedded in an Office document or e-mail. This is one of 19 holes for which Microsoft issued six "critical" patches; attackers could use them for their malicious creations (no booster rocket required). Though ICM (meant to ensure that colors display correctly on different devices) never caught on, the insecure code still resides in Windows 2000 Service Pack 4 (SP4) through XP SP3 and Windows Server 2003. Vista users are safe.
Luckily for us, Microsoft distributed the patch via Automatic Updates before real-world attacks could erupt.
Another must-have patch fixes five major holes in Internet Explorer. Both IE 6 and IE 7 are vulnerable on all supported versions of Windows, from Windows 2000 SP4 through Vista SP1. The flaws allow targeting of an affected PC via, as usual, rigged Web pages or poisoned banner ads. Crackers have published proof-of-concept code online for one of these holes, but no known active attacks have struck against any of them. Before that changes, grab the fix from Automatic Updates or from Microsoft's site.
IE isn't the only browser at risk: On the heels of last month's Opera 9.51 update, the company issued another seven serious security fixes in version 9.52, along with a fix for a Gmail display problem.
Opera lacks an auto-update feature, so you'll need to download the new version of the browser.
Office Takes a Hit
Last month I warned you about an unpatched hole in Microsoft's Snapshot Viewer for the Access database, which could allow a crook to nail anyone with a vulnerable version of Office with Access or an Internet Explorer plug-in that displays database reports. Office 2000, 2002 (XP), and 2003 are at risk, but not Office 2007.
Microsoft has since released a patch batch, and it closes similar holes that are rated "critical" for Excel and PowerPoint 2000, along with three other critical flaws in Excel and two PowerPoint bugs.
Yet another Office 2000 patch corrects five security glitches in various filters for importing .eps, .bmp, and .pict graphics files into Office. Grab all the fixes using Automatic Updates, or get the Snapshot patch and the Excel fix from Microsoft's site.
Entrepreneur Editors' Picks
These Co-Founders Are Using 'Quiet Confidence' to Flip the Script on Cutthroat Startup Culture and Make Their Mark on a $46 Billion Industry
My 7-Year-Old Daughter Started Selling Eggs. Here's What She Taught Me About Running a Startup.
Why You Need to Become an Inclusive Leader (and How to Do It)
Career Transitions You Can Make in Your 40s and 50s
Billionaire Naveen Jain Is an Expert at Disrupting Fields He Has No Experience In. His Secret Sauce for Building Multi-Million Dollar Companies? 'You Have to Come as Naive.'
4 Principles to Develop Next-Level Leadership at Your Company
This Filipino American Founder Is Disrupting the Beverage Aisle by Introducing New Flavors to the Crowded Bubbly Water Market