Maximum PC Microsoft Windows RSS Feed

A Patch Tuesday "Two-Fer" Secures Both Microsoft and Adobe Programs

Mark Edward Soper — Thu, 11 Jun 2009 19:11:41 -0500

June 9th saw a rare 'double-header' in security updates: Microsoft's monthly Patch Tuesday was joined by Adobe's quarterly security updates for Acrobat and Adobe Reader. How big was this month's 10-update Patch Tuesday? According to a Microsoft spokesperson quoted by Cnet, the 31 vulnerabilities covered by updates are "the most since Microsoft started releasing updates on a regular schedule of the second Tuesday of every month in October 2003."

Here's what Microsoft patched this week:

Critical remote code execution vulnerabilities in Active Directory on Windows 2000 Server, Windows Server 2003, and ADAM on Windows Server 2003 and Windows XP Professional (MS09-018)

Critical to Moderate remote code execution vulnerabilities in Windows Print Spooler in Windows 2000 SP4, Windows XP SP2/SP3 and x64, Windows Server 2003 SP2 and x64 SP2, Windows Vista RTM/SP1/SP2 and x64 and Windows Server 2008 RTM/SP2 (MS09-022).

Critical to Moderate remote code execution vulnerabilities in IE5.01, IE6, IE 6SP1, IE7, and IE8. Note that IE8 in Windows 7 RC is not included (MS09-019).

Critical to Important remote code execution vulnerabilities in Microsoft Office Word 2000, 2002 (XP), 2003, and 2007 for Windows; 2004 and 2008 for Mac, Open XML converter for Mac; Microsoft Office Word Viewers and Compatibility Packs for 2007 file formats SP1 and SP2 (MS09-027).

Critical to Important remote code execution vulnerabilities in Microsoft Office Excel 2000, 2002 (XP), 2003, and 2007 for Windows; 2004 and 2008 for Mac, Open XML converter for Mac; Microsoft Office Excel Viewers and Compatibility Packs for 2007 file formats SP1 and SP2 (MS09-021).

Critical to important remote code execution vulnerabilities for Microsoft Works 8.5, 9 and Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2007 SP1 (MS09-024).

Important elevation of privilege vulnerabilities in the RPC function in Windows 2000 SP4, Windows XP SP2/SP3 and x64, Windows Server 2003 SP2 and x64 SP2, Windows Vista RTM/SP1/SP2 and x64 and Windows Server 2008 RTM/SP2 (MS09-026).

Important elevation of privilege vulnerabilities in Windows Kernel in Windows 2000 SP4, Windows XP SP2/SP3, Windows Server 2003 SP2 and x64 SP2, Windows Vista RTM/SP1/SP2 and x64 and Windows Server 2008 RTM/SP2 (MS09-025).

Important elevation of privilege vulnerabilities in IIS 5.0, 5.1, and 6.0 when running on Windows 2000 SP4, Windows XP SP2/SP3 and x64 SP2, and Windows Server 2003 SP2 and x64 SP2 (MS09-020).

Moderate information disclosure vulnerabilities in Windows Search 4.0 when running on Windows XP SP2, SP3, x64 SP2; Windows Server 2003 SP2 and x64 SP2 only (MS09-023).

For details about the exploitability rating for each vulnerability (1-3, 1 being the most severe), see the security bulletin summary. To find out about Windows Media Center and other updates, and where to get the Adobe updates, join us on page 2.

Microsoft also rolled out these updates in June:

The June 2009 version of the Windows Malicious Software Removal Tool (KB890830)
The June 2009 update for the Windows Mail Junk email filter (KB905866)
Cumulative updates for Windows Media Center for Windows Vista (KB967632) and Windows Media Center TV Pack for Windows Vista (KB966315)
An update to the ActiveX kill bits security pack (KB969898).

Adobe was also busy sticking its fingers in the security dike this month, rolling out critical security update APSB09-07 with updates for Adobe Reader and Acrobat 9.x, 8.x, and 7.x. Vulnerabilities patched by the updates include stack overflow, integer overflow, memory corruption and heap overflow, all of which could be used to trigger arbitrary code execution.

Stay safe out there!

Microsoft to Announce Free Windows Mobile Backup Service

Pulkit Chandna — Tue, 10 Feb 2009 19:27:23 -0600

Microsoft seems to have finally taken a cue from its competitors in the cellphone market and is planning to roll out an online marketplace – similar to Apple’s App Store – for the distribution of Windows Mobile applications, according to The Wall Street Journal. The online marketplace will allow developers to directly distribute their applications to Windows Mobile users.

The company is also on the verge of offering a new service called My Phone. It will let users store backups of their Windows Mobile phone’s data on the internet. The company won’t be charging any subscription charges, although iPhone users have to shelve out $99 per year for a similar offering. Other companies are dictating terms to Microsoft in the cellphone market and the company will have to make some changes to turn the tide.

Image Credit: Windows-Mobile-Credit

Hotfixes by Email - Just What the Windows Doctor Ordered

by Mark Soper — Tue, 31 Jul 2007 13:44:35 -0500

Microsoft hotfixes for Windows can be handy, but until now, getting your hands on them hasn't always been easy. Sometimes, knowledge base articles contain links to hotfixes, but if Mama Microsoft has decided you might hurt yourself by applying a hotfix, many articles tell you to call Microsoft tech support and make your very best pitch for permission to download the recommended repair. So, what's the best way to make your request? Should you cry, scream, yell, or threaten to hold your breath and turn blue if you don't get the patch you need? What about threatening to take your mouse and go home? Maybe you should try groveling...

Hotfixes a Request Page and an Email Away

Put away the "Actor's Guide to Persuading Tech Support" - you don't need it anymore. As discussed on MSDNer Steve Patrick's Spat's Weblog (and at Computerworld), Microsoft now offers a contact page for hotfixes: enter the Knowledge Base article number referencing the hotfix you need, select your location and Windows version, and supply your email address, and Microsoft emails you a link to the downloadable file within eight business hours. As 'Spat' points out, one of the advantages of the new system, aside from the obvious one of not needing to persuade a skeptical support desk worker that you need a hotfix, is that you can request hotfixes that are too new to have been posted in the Microsoft knowledge base.

Keep in mind that hotfixes haven't yet been tested as thoroughly as the final versions that wind up in a service pack, so you should try workarounds or other provided solutions first. However, if you're tired of playing "call me" to get hotfixes, this is welcome news indeed.