There have been some important announcements and upgrades in the past few days to fix security problems.

Microsoft released a security update on 4/13/2004 that covers Windows NT/2000/XP/Server 2003, and included fixes for fourteen separate problems in Windows. Many of these problems are critical, and could lead to somebody remotely taking control of a computer, or exploits like the MSBlaster worm. They give credit to many different outside security companies for finding the individual flaws. Rather than try to cover each of these individual flaws here, the best thing to do is just go to http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx to get the patch for your version of Windows.

Zone Labs has released ZoneAlarm Pro 4.5.594.000. This version fixes a bug in the popular firewall program with the ID Lock display. It also takes care of some other unspecified routine maintenance. You can get the upgrade at http://download.zonelabs.com/bin/free/information/zap/releaseHistory.html.

It appears that Cisco hardwired in a default username/password into their Wireless LAN Solution Engine (WLSE) and Hosting Solution Engine (HSE) software. With this information, anyone could log on and control the device. As this software ships, there is no way to disable the username (oops!) nor any workaround. You will have to get the upgraded software, which is available from Cisco at http://www.cisco.com/warp/public/707/cisco-sa-20040407-username.shtml.

Want another reason why bundling a browser into the operating system might not be a good idea? Compliments of CERT and the Department of Homeland Security(DHS), here is a warning on how Microsoft Internet Explorer can be tricked into running arbitrary code (ie. a worm, Trojan, or virus) via a compiled help file. Microsoft released a cumulative patch for Outlook Express on 4/13 that fixes this. It is at http://www.microsoft.com/technet/security/bulletin/ms04-013.mspx. If you can't get the patch yet, the advice from CERT and DHS is to disable Active Scripting and ActiveX controls in the local Machine Zone. You can read the details at http://www.kb.cert.org/vuls/id/323070.

You can find continuing coverage of computer bugs and fixes at the BugBlog