Many websites have been hacked with a malicious script that checks for the vulnerability and if you visit the website with Windows 2000 or XP and do not have the vulnerability patched, the site will attempt to re-route you to a malicious site that will silently download and execute a keylogging program.

In addition to this latest exploit is another vulnerability in DirectShow that has not been patched by Microsoft either and affects ALL browsers. Both vulnerabilities are dangerous and considered "drive by downloads".

Patches for these exploits are not yet available via Windows Update but Microsoft has created Advisories for each and Workaround fixes that can be used in the meantime to mitigate your risk.

Download and install the following fixes to stay safe:

1. Vulnerability in Microsoft Video ActiveX control could allow remote code execution.
2. Vulnerability in Microsoft DirectShow could allow remote code execution.

The fixes linked above will prevent the exploits from working on your PC and will keep you safe until Microsoft patches those vulnerabilities in DirectShow. I recommend you apply the fixes immediately. Also, verify that your Anti-Virus is up to date because most Anti-Virus will prevent the exploits from being downloaded onto your PC and will serve as another layer of protection.

To install the fixes, do the following:

• Visit the Advisory Page (see links 1 and 2 above) and choose the Fix it button located on the left side of the page:
  
• Download Fix it to your PC, then install it by double-clicking it. Click the Agree box and then click the Next button:
  
• The Fix is automatically applied and your PC will be protected from the vulnerabilities listed above. Choose Close to exit the dialog.
  

Microsoft is expected to include a patch for the vulnerabilities in the next Windows Update patch-day but in the meantime you can keep your PC safe by using the Fixes from Microsoft linked above.

Note: Windows Vista and Server 2008 are NOT vulnerable to these exploits.

Take a closer look at Firefox's features and you'll see many improvements and welcome new additions in this newest version.

The updated version can be easily installed by checking for updates via the Help menu:

If you currently don't use Firefox, download the latest version from Mozilla's Firefox Web page.

Pre-Order information can be found on the Windows 7 Pre-Order page, as well as basic system requirements.

For those looking to purchase a new PC, most manufactures are offering FREE upgrades to Windows 7 once it begins shipping. Here are a few that already have the free upgrade offers on their websites:

• Dell
• HP
• Velocity Micro

If you're specifically looking for a notebook, there is a page with all the notebooks eligible for free upgrades: Featured PCs at Microsoft.

To refresh your memory about Windows 7, you can take a look another look at what's new in Windows 7.

The first quarterly patch goes to Adobe Reader and Adobe Acrobat. This new version patches critical security vulnerabilities that crash the programs (Reader and Acrobat) and can allow an attacker to gain access to your PC.

Download Adobe Reader 9.1.2.

If you'd like to read about the details of the vulnerabilities, read Security Bulletin APSB09-07.

Adobe Reader & Acrobat:

Adobe Reader and Acrobat suffer from javaScript vulnerabilities that have been patched in version 9.1.1.

Download and install the Adobe Reader 9.1.1 Update as soon as possible.

If you have difficulties downloading from the website or want to install the update in Acrobat, run the update from within the program.

QuickTime:

Apple released a security update for QuickTime that fixes 10 vulnerabilities which can allow code execution. As usual when these types of vulnerabilities are patched it is recommended that you update the software as soon as possible.

Download the latest update via the Automatic Software Update Tool (in Windows) or by downloading from the QuickTime web page.

If you’d like to learn more about the vulnerabilities that are resolved by the update you can read: About the security content of QuickTime 7.6.2

Firefox:

Mozilla has updated Firefox to version 3.0.10. The new version fixes a stability issue and a security vulnerability.

Get the latest version of Firefox from the Mozilla web site or by checking for an update from within Firefox.

Windows 7 RC (Release Candidate) is scheduled for May 5 and the final version of Widows 7 is expected to ship during late summer/early fall.

Users currently using Windows Vista will be able to purchase an upgrade version of Windows 7 and upgrade easily to the latest Operating System. Those of us using Windows XP will also be able to purchase upgrade versions of Windows 7 but will have to perform a clean installation (which removes all software and settings prior to installation). There are rumors that a settings transfer program will be provided to help backup settings and programs before performing the upgrade and if they prove to be true, it will make the upgrade process a bit less daunting.

Mozilla News:

Mozilla has recently updated Firefox to 3.0.10. As always, there are various bugs fixed and a security update included with the new version (get it while it's hot).

The next version of Firefox, dubbed Firefox 3.5 is expected to be released sometime during the summer and will have additional speed and security enhancements.

If you currently use Firefox, you'll want to update to version 3.0.8 (just released by Mozilla). This latest version fixes two critical security issues.

Mozilla continues to impress by issuing updates quickly whenever it becomes aware of vulnerabilities in it's browser.

In addition to the two security vulnerabilities, there were also a few bug fixed.

Installing:

1. The easiest way to update Firefox to the latest version is to check for updates via the Help menu:



2. You can download the newest version from the Mozilla Firefox website.

With either method listed above, Firefox will automatically be updated if already installed on your system (no need to uninstall the older version).

Yesterday, Microsoft released the final version of Internet Explorer 8. I previously described some notable IE 8 features in the beta version and want to urge those currently using older versions of Internet Explorer to take the plunge and upgrade to Internet Explorer 8.

Security and performance improvements in this latest version are vast when compared to older versions and the upgrade is simple as can be. Just download Internet Explorer 8 and run set-up. Your settings, favorites and cookies are easily transferred and the improvements are well worth the time it takes to download and install.

What to expect:

Installation begins by asking if you'd like to participate in the Customer Experience Improvement Program (I chose not to participate).

Choosing Next will bring to to the user license screen. Once you click Accept, you will be presented with a window asking if you'd like to install updates. The updates will automatically download while installing Internet Explorer 8 (I recommend you leave it check-marked) and click Next.

Your previous version of Internet Explorer will be removed (don't worry your settings, favorites and cookies are saved).

After finalizing installation, you will need to reboot.

Once you click re-start now and your PC re-starts, IE will download updates and check for malicious software. Then it will continue with installation and once finished, it will automatically re-boot your system.

The first time you open Internet Explorer after installation, you will be greeted with a welcome screen that will walk you through personalizing your settings.

In the following screen you will be asked if you'd like to turn on Suggested Sites (I chose No).

Next, you will choose if you'd like to use Express Setting or would like to customize your settings (I chose Custom Settings).

Note: If you choose Express Settings, the screens that follow will not be presented to you.

Choose if you'd like to continue using your default search provider or if you'd like to choose from a list of search providers (after set-up is complete).

You can also have your search provider updated (your search provider is not changed, only updated to use the latest technology).

You can then choose to use the current Accelerators provided with IE 8, add new ones or turn them off altogether.

Additionally, you can activate the Smart Screen Filter (recommended).

I chose not to keep IE 8 as my default browser because I use Firefox as my primary browser. If you want to have IE automatically open when clicking on a link (not another browser), you'll have to choose Yes. If you prefer to use a different browser, choose No.

Finally, you'll have to decide whether to allow the automatic updating of Compatibility View websites (I chose No because I prefer to keep my own compatibility view website list).

After performing the above steps, you'll be ready to surf the Internet using the new and much improved, Internet Explorer 8.

Visit the Internet Explorer Home Page to download or read more about it's latest features and improvements. Don't be afraid to try it. If you install it and later decide not to keep it, it can easily be uninstalled via Windows Add and Remove Programs (your previous version of Internet Explorer will be restored).

If left unpatched, the vulnerability can allow a malicious user to gain access to your computer. I strongly advise that those with older versions of Adobe Reader upgrade to the latest version immediately.

You can download the update via the updater within the program or visit the link below that corresponds to your program to download the latest version:

• Adobe Reader 9.1
• Adobe Acrobat 9.1 Pro

If you used Adobe Reader or Adobe Acrobat, installing the update is the only way to completely protect your computer from this particular vulnerability. Don’t wait, install the update today.

Unfortunately, a patch from Adobe will not be available until March 11. In the meantime, to keep your PC protected and prevent the exploit from running, do the following:

Disable JavaScript (this will prevent running the malicious code and is not needed for PDFs to be viewed). To disable JavaScript, go to Edit-> Preferences-> JavaScript and un-check Enable Acrobat JavaScript. (Highly Recommended)

As an additional safety precaution, you can also disable PDF display in browser. To prevent PDF documents from opening in your web browser, go to Edit-> Preferences-> Internet and un-check Display PDF in browser. (Optional)

Note: If you disable the displaying of PDF files in browser, you will have to download the files onto your PC to open and view them since they will no longer open in your browser automatically.

To learn more about this vulnerability and how you can keep your PC protected, read the article in Information Week.