Posts Tagged ‘Microsoft’
Microsoft issues critical Windows patches
Microsoft on Tuesday issued five critical Windows-related updates as part of its monthly Patch Tuesday release.
The five bulletins address eight vulnerabilities. According to Symantec Security Response research manager Ben Greenbaum, the two vulnerabilities most likely to be used by attackers involve the way Windows handles ASF and MP3 media files. “We’ve seen similar exploits in the past and all a user would have to do is visit a compromised Web site hosting one of these malicious files, which could be an MP3, WMA or WMV file, and they could become infected.”
In addition, Microsoft said it is re-releasing a bulletin from last month to address an additional control found to be vulnerable to an issue with the Microsoft Active Template Library.
Greenbaum noted that Microsoft has yet to issue a patch for a zero-day flaw in Internet Information Services that was made public last week. “Until a patch for this is issued, as a temporary workaround we suggest IT administrators using IIS 5.0 and 6.0 turn off anonymous write access immediately,” Greenbaum said. “We also recommend using a firewall and restricting access to creating directories. Those using IIS 7.0 with FTP Service version 6.0 installed should upgrade to FTP Service version 7.5.”
There are already some attacks being seen based on that flaw.
“While the company will not release an update this month, it will do so once it has reached an appropriate level of quality for broad distribution,” Microsoft said.
Meanwhile, Microsoft said Tuesday that it is investigating another zero-day issue, this one a reported flaw in Windows Vista and Windows 7.
As for the patches Microsoft did release on Tuesday, Qualys CTO Wolfgang Kandek noted that some of the bulletins are interesting in that they either affect only newer operating systems or are more critical on later versions–the reverse of what is normally the case. Overall, he said, five Windows patches should keep IT workers busy.
“Due to the criticality of the patches and wide coverage of the operating system, this will be a busy day for IT administrators,” Qualys CTO Wolfgang Kandek said in an e-mail.
http://news.cnet.com/8301-13860_3-10346665-56.html?part=rss&subj=news&tag=2547-1_3-0-20
Windows 7, Vista zero-day flaw reported
A security researcher has said there is a zero-day vulnerability affecting Windows 7 and Vista.
The flaw in Windows 7 could allow an attack which would cause a critical system error, or “blue screen of death,” according to researcher Laurent Gaffie.
Gaffie wrote in his blog that the flaw lies in a Server Message Block 2 (SMB2) driver.
“SRV2.SYS fails to handle malformed SMB headers for the NEGOTIATE PROTOCOL REQUEST functionality,” wrote Gaffie in a blog post Monday.
Gaffie said he had contacted Microsoft. Comments on his blog by other users said that the flaw could lead not only to denial of service, but could also lead to remote code execution.
Computer security publication “The H” wrote on Tuesday that its German sister publication had tested the proof-of-concept code, and that while the exploit had caused a reboot on Vista, the exploit had not worked on Windows 7.
Metasploit creator HD Moore said in a tweet on Tuesday that an SMB bug appeared to have been introduced into Vista SP1. Coder Josh Goebel said in a blog post that he had added the exploit code to Metasploit.
Microsoft had not responded to a request for comment at the time of writing.
http://news.cnet.com/8301-1009_3-10346664-83.html?part=rss&subj=news&tag=2547-1_3-0-20
Report: Rivals eye Microsoft’s former Linux patents
Microsoft has at times alleged patent infringement in its attempts to stifle certain Linux-based applications. But one group is hoping to fight back by using Microsoft’s own former patents.
The Open Invention Network (OIN), a group made up of Microsoft competitors and Linux advocates,said it’s close an agreement to buy 22 patents that Microsoft sold to another organization earlier this year. According to Tuesday’s Wall Street Journal, the patents may relate to Linux.
The OIN believes that getting these patents is critical to protecting Linux developers from costly lawsuits, according to the Journal. The concern is that otherwise the patents could be grabbed by patent trolls, which will then try to make money from patent-infringement lawsuits.
The group that currently owns the patents, Allied Security Trust, buys them to protect its members from lawsuits. Composed of such companies as Google, Hewlett-Packard, Verizon Communications, and Cisco Systems, Allied Security Trust bought the patents in a private auction held by Microsoft. The Journal reports that Microsoft presented the patents to potential bidders as relating to Linux.
Microsoft has said that it holds more than 50,000 patents, according to the Journal, and that it believes 200 of those are violated by Linux applications.
Over the past few years, Microsoft has signed deals with several open-source companies in which they pay Microsoft money to protect themselves from intellectual property claims.
The OIN’s goal is to promote and protect Linux by using patents that allow for free and open collaboration. The group says its patents are available to any company or individual that agrees not to assert those patents against Linux. The idea is to help developers use Linux without having to worry about violating existing patents.
The OIN is trying to use such cases as the recent lawsuit between Microsoft and GPS-maker Tom Tom to prevent similar actions against Linux-based apps. Although Tom Tom settled with Microsoft, the OIN is concerned that the case may establish a precedent.
Started in 2005, the OIN counts among its members IBM, Sony, and Red Hat. Over the years, other powerhouses have joined, including Oracle, Google, and most recently Tom Tom.
http://news.cnet.com/8301-10805_3-10346439-75.html?part=rss&subj=news&tag=2547-1_3-0-20
Microsoft releases preview of Windows 7 embedded edition
Designed to run on everything from ATMs to digital photo frames, Windows Embedded Standard 2011 is now available for download as a trial edition. The finished version is expected in the second half of 2010.
The community technology preview of Windows Embedded gives businesses and developers a chance to evaluate it on their devices and offer feedback to Microsoft. The company said that Windows Embedded lets manufacturers choose only those components they need to drive their equipment, eliminating the need to develop a full platform on their own.
Windows Embedded is used in a variety of markets, including industrial automation, entertainment, and consumer electronics. In the business world, the software is typically found in thin clients, kiosks, medical equipment, and point-of-service devices. On the consumer side, Windows Embedded is used in GPS devices, gaming consoles, networked TVs, and portable media players.
Microsoft said the latest embedded version offers several new features. Businesses will be able to manage their devices using Active Directory group policies and virtual desktops. The new edition will support 64-bit CPUs, the Windows Aero interface, and Windows Touch for touch screens. Windows Embedded Standard 2011 will also incorporate Internet Explorer 8 and Windows Media Player 12.
To help manufacturers, the company will offer Microsoft Certified Technology Specialist certification, a preparation kit, and training software. More information can be found on the Windows Embedded Training site. The company will also let businesses and developers register for free Webinars.
Source :
http://news.cnet.com/8301-10805_3-10322875-75.html?part=rss&subj=news&tag=2547-1_3-0-20
Mac OS Snow Leopard: Great news for Windows 7, too
(Credit: Screenshot by Dong Ngo/CNET)
Every time I see the “I’m a Mac/I’m a PC” ads on TV, I can’t help but wonder, “Why not both?” And it has never been a better time for that.
It’s been a three weeks since I first got my hands on Apple’s new Mac OS X 10.6 Snow Leopard. (If anything, this means lots of hard work benchmark testing the product while trying to keep my mouth shut about it till now, which was even harder.)
Overall, personally, I found that while the new Mac OS doesn’t warrant a “wow,” it’s still definitely worth the $29 upgrade price.Mac users can read more about Snow Leopard in my colleague Jason Parker’s full review. On the other hand, for Windows users, especially Windows 7, the release of Snow Leopard is straight-on great news.
Full Story :
http://news.cnet.com/8301-17938_105-10315168-1.html?part=rss&subj=news&tag=2547-1_3-0-20