Internet Explorer 7 patches

[Sophy]

I thought if updates/patches were needed for Internet Explorer they were included in my critical updates from Windows Update. I ran an online scan with Panda and it listed 7 vulnerabilities. Six of these were with Internet Explorer and one for DirectX. Panda gave the links to download the patches and I did so but I haven't installed them yet. All of them were listed as critical. I don't want to download a bunch of stuff that's going to cause me problems because I've had enough of those lately, but I don't want to be unprotected either.

Can someone advise this computer dummy what I'm supposed to do please? Should I be checking myself for updates and patches for Internet Explorer?

Thank you

Sophy

[spacesurfer]

Search Microsoft website for Microsoft Baseline Security Analyzer. Current version is 2.1.

Run the program and it will tell you all the security updates you have installed or are missing.

[cluberti]

The latest IE cumulative security update was MS08-031. If the updates that you downloaded are included in that update, then you only need to install the cumulative. If the patches are for issues NOT included in that rollup, then you need the rollup + those extra patches.

I'm pretty sure the patches you have for IE7 are included in MS08-031, as I don't think there are any public IE patches since June.

[Sophy]

I warned you ahead of time that when it comes to these technical issues I am a computer dummy. I hope you will hang in there with me and keep helping.

As to MS08-031, how do I tell if the seven patches that I downloaded on recommendation from the Panda scan are included in this? Keep in mind that as to dates of issued updates, if updates for Internet Explorer do not come through the Windows Update, I've never downloaded any. I selected the option now to collect other updates too so I'm assuming that I will now receive IE updates from Microsoft through Windows Update. Is this right?

In clicking on that MS08-031, I clicked on another link to take me to the latest computer security updates and it lists 7 updates issued in June; one of them is for DirectX and so this matches what I downloaded thru Panda scan, however, I've compared those update numbers with the ones I downloaded and they don't match so I'm more confused than ever.

I downloaded and ran the Baseline Security Analyzer -- twice.

No security updates are missing. However, this applies just to Windows updates, doesn't it? If so this still doesn't cover Internet Explorer updates. If this is wrong please advise.

Office security updates indicates that I need to install Office XP SP3. I run Vista, so why would I need this?

SQL Server: No updates missing.

Under Administrative Vulnerabilities: It says a previous software update install was not completed and I need to restart to finish the update. I did that. I ran BSA again and it says the same thing. It doesn't give any indication of which piece of software this refers to.

It says 3 f 4 user accounts have non-expiring passwords. I have no idea what this means, but the part that puzzles me is that I have only two user accounts. My administrative account which I use and the guest account so I don't know what the other 2 are. I am the only one who uses this computer.

It shows 2 administrators on this computer: Administrator, and the other one is (My Name). Is this correct?

Logon success and failure auditing are not enabled. I don't know if this should be enabled, but it tells me to go to Administrative Tools and click on Local Security Policy -- which I can't find under Administrative Tools.

Under Internet it says IIS is not running on this computer and SQL Server and/or MSDE is not installed. I have no idea what this even means.

Under Internet Zones it lists the same user three times and says all are under the recommended level. I opened IE and set all at default, which is what it suggests and it still says, in the second scan, the same thing.

[Sophy]

I have something to add here. When you go to these various updates that I downloaded it says there is a newer update and then it gives a link to get the most current cumulative security update and that link takes me to the Microsoft Update page. From there my Windows Update window opens and it says there are no new updates available for my computer.

If this is correct, then what the heck is it with this Panda scan telling me last night that I had these 7 areas of vulnerability? I thought that was a pretty reputable company. It looks to me like either their scanner is wrong, or my Windows/Microsoft Update collection is not working properly.

Which brings on another question. Why have I never received that Vista SP1 update through my Windows Update? Everything I read indicated that it would come through and I've been watching for it because I wanted to make sure I didn't install it.

Thanks, guys/gals, for your help so far and anything further you can provide to help me get straightened around and understand things a little better.

[spacesurfer]

the baseline security analyzer applies to core windows xp, internet explorer, windows media player, .Net framework, MS Office,....

basically, anything microsoft. so yes, it includes IE7.

[Sophy]

I decided to do some research on MBSA to see if I could get more answers to some of the things I questioned from the scan I ran. It says that MSBA does not detect all the updates that Microsoft releases -- so I don't feel quite so safe again.

[cluberti]

List the 6 patches your app says you need, and we can find out if they're in MS08-031 or not .