Friday, 29 May 2009

Security issue with Windows XP...

Microsoft has announced the discovery of a new vulnerability within all Windows operating systems prior to Windows Vista. This means that Windows Vista, Windows Server 2008 and Windows 7 are NOT affected, but every other version of Windows is affected, (e.g. Windows 2000, Windows XP and Windows Server 2003).

A vulnerability such as this can allow hackers access to your PC, which could then allow them to access all sorts of information. Clearly the important information are things like your bank details, passwords, etc. These vulnerabilities are being discovered all the time, but not many are that important. This one would appear to be important enough for Microsoft to have publicised it.

The vulnerability is within the way video is displayed inside a web browser in Windows. Essentially there are two programmes which do this - Apple's Quick Time or Microsoft's DirectShow. Quick Time isn't affected, but your computer is at risk even if that is installed (as it is on the majority of PCs) as this vulnerability can bypass Quick Time and attack Direct Show anyway.

What to do?

Firstly, don't panic. You will only be at risk if you browse to a web page with a specially crafted video on that web site. The chances are, at the moment, quite small. This isn't to say that such a video won't appear on the more popular video sites at some point in the future, of course.

Microsoft have released a simple fix to the problem, which they seem very proud of. (It would seem better for them to be proud of creating a secure operating system in the first place, but....). Sadly a Microsoft "simple" fix isn't always that simple to follow, mainly because you have to know what you are trying to fix.


However, in this instance you can browse to http://support.microsoft.com/kb/971778 and click the "Fix IT" icon under the "Enable Workaround" button. If things go strangely wrong following the Fix they have helpfully added a "Disable Workaround" button as well!

By clicking the Fix IT icon the actual fix is downloaded to your PC. You have to choose where to download it to and you then need to run the downloaded programme. I told you it was simple!

If you get stuck then you can call one of our Technicians on 0845 8388 545 for clear advice.


____________________________________________________
© Michael Donkin 2009