Users should update their Windows PCs immediately withMicrosoft's latest patches, which becameavailable yesterday.
The patches fix
problems with ActiveX and require users to reboot their PC.
Changebase, a company which
specialises in application compatibility, tested the patches
yesterday and reported that they should not cause IT departments
any serious compatibility problems.
"With these very low numbers of issues for these nine security
updates, the Changebase AOK team recommends that all these patches
are rapidly deployed to a staging environment and then subsequently
into production," the company said.
IT departments and end-users should update as soon as possible
as the patches fix a number of critical flaws in Microsoft's
ActiveX software plug-in architecture, which could be exploited by
a hacker.
"All of the ActiveX issues patched this month could be easy to
exploit and can impact even the average computer user," said Ben
Greenbaum, senior research manager, Symantec Security Response.
"For example, any user who has Microsoft Office on their machine
could be vulnerable to the Microsoft Office web components
vulnerabilities. Similarly, every user with Windows XP SP3 or Vista
could also be susceptible to one of the remote desktop connection
issues."
In a video discussing the patch update (see below), Symantec
said Microsoft was likely to do more work in coming months to
secure ActiveX.
Anti-virus security supplier McAfee warned that the most serious
vulnerabilities addressed by the fixes could be exploited if a
Windows user simply visits a malicious website or opens a rigged
media file, which are common attack methods. The attacks typically
involve booby-trapped websites and media files that load malicious
code onto a vulnerable computer and make it part of a botnet or
steal the user's private data, McAfee said.