Bugs and Fixes: Patch New Cracks in Microsoft Software
Microsoft has released patches that block critical vulnerabilities in Internet Explorer 6, Windows 2000 through XP Service Pack 1, Word 2000 through 2003, Works Suite 2001 through 2004, and MSN Messenger 6.2. Worst case, these holes could allow a perpetrator to control your PC.
In Internet Explorer, for example, if you click a booby-trapped link on an attacker's site, one of the browser's flaws could let a bad guy send you a rigged Dynamic HTML object such as an animation with synchronized music. The object would deliberately overload IE, causing the audio and animation to get out of sync inside the browser, at which point an attack program would load from the remote site.
Another IE hole involves the way the browser processes some Web addresses. If you click a corrupt link on a cracker's site or in an HTML-format e-mail, the attacker could flood the browser's address buffer (a chunk of computer memory reserved for storing Web addresses) and cause IE to crash. The miscreant could then send a program to take over your PC. To avoid these troubles, click here and download the cumulative IE update, which has fixes for the newly discovered flaws as well as all previous patches for versions 5.01 through 6. Even if you have installed Service Pack 2 for XP, you still need to patch IE.
Microsoft has also fixed a problem in the way Windows 2000 through XP SP1 handle network messages that use the Internet Protocol, the part of the Net that keeps track of e-mail routing and Web addresses. An attacker could send you a rogue IP message to crash your PC or, worse, gain control of your machine. You could be attacked without doing anything; however, most hardware routers on the Internet will not forward malformed IP messages. To be extra safe, download the patch here.
Remember the old advice never to open an e-mail attachment from a questionable source? Microsoft has fixed two holes in the way Word 2000 through 2003 and Works Suite 2001 through 2004 handle opened attachments. If you open a bad attachment, a crafty cracker might send you a poisoned file that permits a remote takeover of your computer. So download the patch here.
Finally, Microsoft has corrected a problem in the way MSN Messenger 6.2 handles certain graphics types such as emoticons and pictures created in the .gif file format. To be affected, you'd have to add the perpetrator to your contacts list. But if you were tricked into doing so, the offender could send you an improperly sized .gif image that would cause MSN Messenger to crash. In the ensuing chaos, the bad guy could send a program to control your PC. If you use version 6.2 of MSN Messenger, get the patch here or upgrade to version 7.
In Brief: WMP 9 Fix--Finally
Back in April, I warned you about potential adware and hack attacks in Windows Media Player 9. Microsoft has plugged the hole and now offers the fix here.
Fix Annoying Problems in Office 2003
When you open a Microsoft Office 2003 document from a Web location, online folder, or Internet security zone, you may see a red X (signifying a broken link) instead of the intended graphic. This happens when the folder where Office 2003 tried to cache the image doesn't exist or when the user doesn't have the necessary security privileges to allow Office to cache the image at all. If this happens to you, get the fix here.
Another Office 2003 issue: The software may stop responding when you try to check a document's Spanish spelling and grammar in apps such as Word, Excel, Outlook, and PowerPoint. Unfortunately, the workaround is to reinstall the entire Office 2003 suite. For details, head over here.
Found a hardware or software bug? Tell us about it via e-mail at email@example.com.