Windows, Firefox, Adobe Reader and Apple QuickTime updated

There have been significant program updates issued for Microsoft Windows, the Firefox browser, Adobe Acrobat and Reader and Apple's QuickTime browser plug-in. All updates were released this week to fix critical vulnerabilities that were reported and were being exploited by hackers and cyber-criminals. These criminal elements hijack legitimate websites and install hidden codes to redirect innocent visitors to hostile websites loaded with exploit attack codes.

Most of the successful attacks exploit vulnerabilities in browsers (usually Internet Exploder), or their installed add-ons and plug-ins. like Apple QuickTime, Adobe Flash and Reader (and other PDF readers) and Sun's Java plug-in. If any of these items are a vulnerable version you may have your computer hijacked by cyber-criminals who will make it a zombie member of their Botnet. This will turn your PC into a spam machine, or it could be used to attack websites or Governments, with whom the hackers have a difference of opinion.

In order to stay safe from the barrage of hack attacks targeting browsers and their plug-ins it is imperative that you keep Windows and its components and all third party add-ons up to date. One way is to always select the option to automatically check for, download and install updates to those programs. If there is no automatic update mechanism for a program you use you should check to see if it has been updated. This could be at the manufacturer's website, or by using the free Secunia Online Software Inspector (requires current version of Java).

The details of this week's updates are below, in my extended comments.

Microsoft had another big Windows Update release on Tuesday, June 9, 2009. 10 major software patches that fix 31 important security vulnerabilities in Windows, Office, and other Microsoft products were released on Patch Tuesday. Eighteen (18) of the vulnerabilities were classified by the company as "critical fixes." The number of patches available varied with whether you have MS Office installed and which versions you have. One of my PCs received 6 updates, plus the updated Malicious Software Removal Tool (MSRT). Most people running legitimate copies of Windows 2000 and newer should receive Automatic Windows Updates, as that is the default option. Others must download them manually, by using the link to Windows Update on your Start Menu, or from the link within Internet Explorer's "Tools" menu item (IE 6 and 7), or the "Safety" menu item in IE 8.

Also on June 9, Adobe released new versions of its Acrobat PDF encoder and PDF Reader software, fixing 13 new vulnerabilities being exploited by malware laden hostile websites. Adobe announced last month that they planned to release their updates on Microsoft Patch Tuesdays, to make it easier for people to remember to look for them on the same day. This is a good idea in my opinion. Sometimes updates require switching user accounts to an Administrator level account, to install program and security updates. Getting most of your important security patches at one time is a real time saver for system admins who manage multiple computers.

Mozilla has released Firefox 3.0.11, on June 12, 2009. This is both a stability and security update. Stability and corruption issues were reported with the internal database, SQLite, which have now been fixed by upgrading to a newer version. Additionally, nine (9) security vulnerabilities were patched, four (4) of which were rated as Critical. Firefox has an automatic updater built in, unless you disabled that option, so you should receive the new version sometime today (6/12/09).

If you turned off automatic checking for Firefox updates you need to update manually. You can do so from the browser by going to the menu item Help > "Check for Updates." You should be notified about version 3.0.11 being available and offered a button to download and install the update. You can also download the latest version from the Firefox product page for English, or from this page for all other supported languages.

Apple has updated its QuickTime browser plug-in for Internet Explorer and Firefox and other browsers that use it to display .mov and other format movies. The new version is 7.6.2. Many websites have audio and video content tailored for QuickTime, leading to a large installed user-base and hackers know this. Exploit codes are always in circulation for any version of QuickTime that is exploitable. If you haven't updated your QuickTime software in a while you probably are vulnerable to these hidden, drive-by exploits. If you have QuickTime installed there are a couple of ways to update it. The easiest is to go to Control Panel and find the icon with a large Q, for QuickTime. If you don't see the Q icon try switching to "Classic" view, where all icons are displayed alphabetically. Open it and click the Update tab. Select the option to check for updates automatically (in the future) then click on the "Update" button. When the update box opens click on "Update Now."

Also, keep a current version of anti-virus and anti-spyware programs on your PCs and keep them updated. Trend Micro's Internet Security suite is very highly recommended and will protect you from web threats by blocking access to infected pages. Also known as PC-cillin, it provides protection against spyware, fake security products, Trojans, Bots and viruses, whether they come from websites, email, or IMs. PC-cillin also has a 2 way firewall and phishing protection and is updated multiple times daily.