Recent tests have found a security hole in the Firefox web browser, brought about by a Microsoft plug-in, called the Microsoft Windows Presentation Foundation. This has prompted the Mozilla developers to block the said plug-in, even when Microsoft has already released a bug fix for this. To fortify user security, Mozilla has implemented the Plug-in Check Page, which can be used to scan installed plug-ins and detect vulnerable and outdated ones. Likewise, users can download newer and more secure versions of Firefox, such as the 3.0.15 or 3.5.5 updates. These versions are designed to block attacks from Javascript programs and other malicious programs.

And while Microsoft approves the blocking of its Microsoft Windows Presentation Foundation plug-in, this incident highlights Microsoft’s proneness to web-based security attacks. Historically, the company has been the target of and suffered the most from these attacks.

The patch rush

With this recent run-in with the ever popular Firefox web browser, Microsoft now adds up to eight patches just recently. All these bugs expose computers to web-based attacks and are critical to the system’s security.  This same patch used to fix the Firefox plug-in bug has versions for Internet Explorers 5, 6, 7, and 8, across Microsoft’s different operating systems Windows 2000, Windows XP, Vista, Server 2003 and 2008, and Windows 7. This update has been available from Microsoft’s support site for a while now.
 
Likewise, patches have been made available for attacks through Window’s Graphic Device Interface. Bugs in this system allow attack programs to take control of your computer when a malicious image or website is viewed. The patch has been made available for those running the operating systems Win 2000, XP, Vista, and Server 2003 and 2008.

Bugs have also been found when streaming .asf streaming media files. Fixes have been released specifically for this, through patches for the Windows Media Runtime for Windows 2000, XP, and Server 2003 and 2008.

The already bug-ridden Microsoft Active Template Library gets another round of patches, designed to disable ActiveX controls in Windows 2000 and XP systems. A similar fix is also introduced for Microsoft Office initiated ActiveX controls.

Apparently, if you are running a Microsoft OS, it might be required to have Silverlight installed. Silverlight should ideally protect your system from malicious web pages. However, even for this, a patch has been released to fix an SMB problem for those running Server 2008 and Vista. Those without this critical patch are more prone to web-based attacks.

Yet, on a slightly non-Microsoft bug news, the software provider Adobe has released a critical patch for those running Adobe Reader and Acrobat on Unix, Mac, and Windows computers. This patch is important to almost everyone, regardless of the OS  that you use, and is available on the Adobe website.