You may have seen some news today about a new vulnerability that can potentially affect Windows Vista. Microsoft will have a patch for the flaw, hopefully before it is exploited. Of course, Microsoft had a patch for the flaw that Conficker exploited, but too many people are not patching anything.
It’s a good idea to use the Automatic Update feature of Windows, but that doesn’t take care of products that Microsoft doesn’t create. A message box came up on my computer today telling me that there was a new version of Apple Quicktime. This time, as is always the case, Apple fails to clearly mention that they patch 3 security vulnerabilities. According to Apple, the vulnerability affects OS X and Windows. It takes some searching to find out what Apple has patched.
Amusingly, because I use NoScript with Firefox, and I do not give Apple.com unconditional trusted status, the web page was certain that my Windows XP computer must be running Leopard or Tiger. Allowing the scripts on the Apple site to run allowed me to get the Windows version of Quicktime.
Do keep all of your software current, and if you use NoScript, remember, some web pages just don’t work right with the scripts blocked. I don’t have a problem with letting scripts on the Apple site run… as long as I know I have a reason to let them.
You might want to check and make sure you have the most current version of Adobe Flash and Adobe reader too. Pay attention to what programs you use over the next few days and ask yourself “Is this the most current version?”
Director of Technical Education
Author ESET Research, We Live Security