This month's Patch Tuesday, unlike October's, is a quiet one, with just two security bulletins:
MS08-069 solves a remote code execution vulnerability in Microsoft's XML Core Service that is rated as Critical for version 3.0 and Important for later versions. All 32-bit and 64-bit desktop versions of Windows from Windows 2000 SP4 through Windows Vista SP1 are affected, as well as Microsoft Office 2003 and 2007. The Exploitability Index is 1 (Consistent Exploit Code Likely - the most serious ranking) or 2 (Inconsistent Exploit Code Likely), depending upon the version of XML Core Services installed. Windows Server 2003 and some installations of Windows Server 2008 are also affected.
MS08-068 patches a remote code execution vulnerability in the SMB protocol. MS08-068 is rated as Important for Windows 2000 SP4 and Windows XP, and Moderate for Windows Vista. Windows Server 2003 and all Windows Server 2008 installations are also affected. Despite Microsoft's rating this vulnerability as only Important rather than Critical, MS08-068's Exploitability Index is 1 because exploit code targeting Windows XP is already public.
That's it for Patch Tuesday security bulletins, both of which will be arriving soon via Windows Update (or can be downloaded manually if you prefer). What else has Microsoft served up?
The only non-security content this time is the usual monthly update for the Malicious Software Removal Tool (KB890830; not yet updated as this article was posted now updated) and the usual monthly update for the Windows Mail junk mail filter (KB905866), available in 32-bit and 64-bit versions.
Microsoft has released its DirectX November 2008 update as part of the company's loosely followed bi-annual update schedule. The last DirectX update was served up in August.
A number of enhancements mostly of interest to developers come packaged in the November DirectX SDK, as well as a Direct3D 11 technical preview with associated components and tools. As far as gamers are concerned, we found little information as to what possible bugs and performance enhancements the new update addresses.
If you're experiencing unexplained wonkiness while gaming and have been unable to troubleshoot the problem, you may want to give the November update a spin. Otherwise, you'll likely receive the update as a pre-packaged install on a new game at some point.
Long Zheng's I Started Something blog reports a welcome improvement in Windows 7's Complete PC Backup: in addition to backing up to local hard disks and DVDs, you can now back up to a network share. Complete PC Backup is the image (aka "bare metal restore") backup feature originally found in Vista's Business, Enterprise, and Ultimate editions (see our 2007 article to learn how it compares to other popular image backup/restore programs). This new feature brings Complete PC Backup's backup target options basically in line with those in the file/folder backup portion of the Backup and Restore Center, and makes it possible to use an NAS appliance as well as a folder share on another PC as a backup target.
It's important to realize that Complete PC Backup is a complementary technology to file and folder backup. Use it to back up your entire PC, and then use file and folder backup to backup data files that change after you create an image backup. Note that the NTBackup program (included in Windows XP and earlier versions) is not an image backup program, but a file and folder backup program only; it does not have a true 'bare metal' restore option.
I've used Complete PC Backup on a number of occasions to backup and restore Windows Vista systems, and I'm looking forward to this additional improvement in Windows 7's version (and I hope it will be available in all Windows 7 SKUs, by the way). What do you think? Join us after the jump and tell us.
Microsoft last week released the fifth volume of its Security Intelligence Report (SIR) covering the period between January through June of 2008. The report, which purports to offer an "in-depth perspective on software vulnerabilities and exploits, malicious code threats, and potentially unwanted software," uses data derived from what Microsoft claims are hundreds of millions of Windows users, all of which is analyzed and laid out in a tidy 13MB PDF download.
According to the 150-page report, hackers are increasingly honing in on third party applications rather than attempting to attack Microsoft directly. Vulnerabilities in programs like RealPlayer, QuickTime, WinZip, and other non-operating system software provide hackers with a greater number of exploits requiring a low degree of complexity, the report claims.
"It is alarming to see that more than 90 percent of vulnerabilities disclosed in 1H08 affected applications, and nearly half of all industry vulnerabilities are rated as High Severity," Microsoft says in its report. "Additionally, 1H08 showed how threats are increasingly affecting a variety of vendors beyond Microsoft."
The report also notes several geographical trends in security threats. Among them, password stealers such are Win32/Bancos are most prominent in Brazil where the overall infection rate has risen an alarming 81.8 percent from 2H07 to 1H08. In the U.S., trojan downloaders, like Win32/Zlob, account for the largest single category of threat.
Election Day wasn't the only event to make history on November 4th - the FCC made its own kind of history on Tuesday in approving the development of wireless devices that can use "white space" (the unused broadcast TV spectrum between broadcast TV channels, which ranges from 512MHz to 698 MHz). Unlike the close race between fellow senators for the US Presidency, the FCC decision to open up unused TV spectrum was unanimous, ZDNet's Sean Portnoy reports, despite lobbying against the rule by 50 members of Congress and a variety of recording artists worried about the effects of the decision on their live performances.
The decision (available here in PDF format) balances the hopes of companies like Microsoft and Google to make wireless Internet-enabled devices even more ubiquitous than now with the fears of the theater industry that exploiting white space will interfere with wireless microphones that use the same spectrum, and the concerns of the National Association of Broadcasters that using "white space" will interfere with TV viewing.
To find out how the FCC plans to make everybody happy in wirelessland, join us after the jump.
This year's edition of WinHEC, which has already demonstrated Windows 7's digital goodness with Device Stage, has more good news about Microsoft's next desktop operating system:
Longer battery life
Faster boot times
As Maximum PC.com readers know, better hardware support has been a major goal of Windows 7 right from the start, and it looks as if Windows 7, even in its pre-beta stage, is making impressive strides.
Engadget has posted a video from WinHEC that shows a Windows 7 machine providing energy savings equivalent to an extra hour of DVD playback: you won't have to worry about running out of power before the movie ends, and you'll even have enough juice for a special feature or two.
WinHEC also featured Microsoft exec Jon DeVaan, the Senior Vice President in charge of Core Operating System Division, performing a "boot drag race" pitting identical machines running Windows 7 and Windows Vista: Windows 7 won by several seconds. It's part of DeVaan and Steven Sinofsky's keynote address, which you can see at the WinHEC virtual pressroom.
To find out who else is seeing the improvements in Windows 7, join us after the jump.
November 1 quite literally marked the end of an era. Windows 3.x, which was released back in 1990, is now officially a part of the past. Microsoft finally stopped issuing licenses for the software, which originally brought them worldwide success on the platform of graphical user interfaces.
While 3.x lives in relative obscurity today, it still has some very sizeable tasks placed at its feet. Many cash registers and ticketing systems are still powered by the aging OS. Even in-flight entertainment systems on some Virgin and Quantas jets use 3.x as their platform of choice when bringing long-haul flight customers such cinematic masterpieces as Tim Allen’s, “The Shaggy Dog.”
This has everything to do with what’s under the hood of 3.x. Stefan Berka, who is responsible for the GUI Documentation Project stated that the important technical innovations in the software were its extended memory that could address more than 640KB and vast improvements to hardware support. Not to mention its 100 percent compatibility with older MSDOS applications.
The age ushered in by 3.x required at least an 8086/8088 processor (or better) with a clock speed of at least 10MHz. Along with that, it required a brawny 640KB of RAM and seven MB of HDD space to store it all.
3.x, you’ve served us well. We salute you on your service, and hope that others take after your example. You will be missed.
Among other things, Vista's successor, Windows 7, will bring with it multi-touch support utilizing technology developed by the Surface team. What impact this will have on touch-based computing as a whole remains to be seen; just be sure not to make the mistake of referring to the Tablet PC as a niche market when discussing touch-based computing.
"I won't go so far as to say it's the next mouse, meaning it will be on everything and you have to use it," Microsoft's Ray Ozzie said during an interview with TechFlash. "But it's not going to be like the Tablet PC, where it was truly niche. I think it will go broader and broader."
Ozzie's comments have sparked a backlash of sorts from some of the Tablet PC faithful who feel that the his comments are a slight against their, well, niche PC. But it's not necessarily the truth of the statement that has users perturbed so much as it is hearing Microsoft make such a comment. For example, Loren Heiny of the Incremental Blogger writes:
"What is the case, is that Tablet PCs have been sold like they are niche. The manufacturers have kept the prices high – keeping the volume down and off of store shelves. Even Microsoft itself has relegated the Tablet features to its premium SKUs rather than making them available in low-cost educational PCs where isn’t it obvious that there’s great value and need for them? And feature-wise, we keep coming back to Tablets and IT. Yeah, I wonder why that might be? Might it be the niche thinking of some large northwestern company? Huh? Ring a bell?"
Do you take issue with Ozzie's statement? Hit the jump and let us know.
While Windows 7's basic "look" is a refined version of Windows Vista, Windows 7 is much more than "Vista, Take 2." One of the most significant new features coming in Windows 7 is Device Stage, and Device Stage is one of the major themes of this week's Windows Hardware Engineering Conference (WinHEC).
What is Device Stage?
Device Stage, for the first time, looks at a device as a single entity rather than as a collection of different components. As ArsTechnica describes Device Stage:
Attaching a device in current versions of Windows gives sometimes unpredictable results. A multi-function printer/scanner/fax, for instance, might show up as several different things within Windows: a printer, scanner, removable disk, and some vendor supplied management suite...The "Device Stage" feature is designed to alleviate some of these problems by treating devices as distinct "things" with multiple abilities.
To learn more about Device Stage, and to find out what hardware vendors think about this new feature, join us after the jump.
While Windows 7 is shaping up to be something fresh and new, this pre-beta isn’t anything to worry about. To spend the time, bandwidth (especially for Comcast and AT&T users) and electricity downloading this pirated version of the fledgling OS would be cheating yourself, because this pre-beta comes up low on the impressive meter. And plus, we can’t in all good consciousness condone pirating software.
While the accidental release of the build of Windows 7 came through the Pirate Bay and Mininova (in convenient 32-bit and 64-bit formats!), it was originally intended for an unnamed group of developers. The downloads of Microsoft’s OS of tomorrow have been off the charts as well, with one particular copy providing more than 1,000 uploaders, and roughly 7,000 downloaders.
The build that’s being sought so desperately is a notably incomplete version. It’s missing taskbar updates, as well as other large features. According to comment threads on the torrent sites, most users are unimpressed with what they’ve found. But with a pre-beta, what did they expect?