Bugs and Fixes: Grab an Essential Fix for IE

PC World - With critical updates from Adobe, Foxit, and Mozilla joining a bevy of essential patches for Internet Explorer and Office, the fixes are running hot this summer.

After an ebb of only one patch in Microsoft's previous regular cycle, the flow resumed in force as Microsoft plugged 31 vulnerabilities. The most important update fixes flaws that could allow an attacker to take over your PC or steal data if you view a poisoned Web page. Collectively, the patches are critical for IE 5 on Windows 2000, IE 6 on Windows XP, and IE 7 on Windows XP and Vista. It's bad news for IE 8 as well, on both XP and Vista. IE 8 on the latest Windows 7 release candidate isn't affected. Run Windows Update to pick up the patch.

Office Fixes

Two other patches close holes that could allow tainted Word or Excel files to trigger an attack. Office 2000 is most vulnerable, as the hole could permit an attacker to run any command. The flaws are rated important for Office XP, 2003, and 2007, as well as for Office for Mac (2004 and 2008). Run Windows Update to get the fix.

A similar fix for Microsoft Works files and converters is critical for Office 2000, important for Office XP, 2003, and 2007, and important for Microsoft Works 8.5 and 9.

Windows 2000 users should nab a critical patch for three bugs in Windows Print Spooler that Internet attackers could hit if the PC isn't protected by a firewall. A successful attack could take over a Windows 2000 PC, but the threat is a bit less dangerous (rated moderate or important) for other versions of Windows.

A number of other Microsoft patches correct less-important holes; none of them would allow attackers to have their way with your PC. That said, make sure you have them all by running Windows Update.

Shockwave, Reader Updates

Adobe shored up its Shockwave Player with a must-have fix. Without it, if you have Shockwave 11.5.0.596 or earlier, visiting a site with a rigged Adobe Director file could allow a "remote code execution" that puts an attacker in command of your PC. Adobe recommends manually uninstalling the older version and installing the latest Shockwave Player. That isn't exactly convenient, but it beats the heck out of a malware infection.

You'll have a somewhat easier time snagging updates for Adobe's beleaguered Reader and Acrobat. The critical Reader and Acrobat update, to 9.1.2 (or to 8.1.6 or 7.1.3 for older versions), closes holes that could permit a takeover if you open a poisoned PDF file. Click Help, Check for updates to make sure you have the latest version, which is available for Windows, Macintosh, and Unix.