Microsoft issued two security patches today to plug important security holes in its Windows operating system and Office software. The software giant also warned that it is aware of hackers exploiting yet another unpatched security flaw in older versions of its Internet Explorer Web browser.
Microsoft said it is investigating public reports that hackers have worked out how to exploit a previously unknown security hole in IE versions 6 and 7 as a vehicle for installing malicious software. Redmond says it is only seeing this flaw being used in “targeted” attacks at this point, but of course these types of pinprick attacks on unpatched vulnerabilities in IE often precede their much wider exploitation by the criminal hacking community.
If you depend on IE for browsing the Web, upgrade to IE8 if possible. Otherwise, consider switching to an alternative browser, particularly something like Firefox with an add-on that blocks scripts by default, such as Noscript or Request Policy. Yes, these add-ons take a bit getting used to, but from where I sit, allowing Javascipt and Flash to load unrestricted as you browse the web is simply unsafe on today’s Internet.
One of the updates Microsoft released today fixes a problem with the Windows Movie Maker application as shipped on Windows XP and Vista. The second patch fixes at least seven vulnerabilities in Microsoft Excel that Microsoft said are present in all supported versions of Microsoft Office, included Mac Office 2004 and 2008.
Updates (including IE8) are available through the Microsoft Update Web site, or via Automatic Update.