Posted 10/28/09 at 05:22:38 PM by Bart Salisbury

With all the hoopla over the release of Windows 7, it’s time to recognize that the must hated Vista isn’t going away any time soon. To underscore this point, Microsoft has released platform updates for Vista and Windows Server 2008.

The updates, which include some runtime libraries to handle new technology, include improvements to: Windows ribbon and animation manager library; Windows graphics, imaging, and XPS library; Windows automation API; and Windows portable devices platform.

For those still Vista bound, information on the updates can be found at Microsoft’s support site.

Read More

Posted 07/07/09 at 07:40:58 PM by Mark Edward Soper

This week, Microsoft announced that DirectShow ActiveX code in Internet Explorer 6 and 7 that was reserved for future use has finally been used - by malware providers. The DirectShow Video ActiveX control in the msvidctr.dll file can be used to take over your system if you visit an infected website. According to Symantec, thousands of websites (primarily in China and other parts of Asia) have been affected.

Who's vulnerable? According to Microsoft Knowledge Base article 972890, Windows Server 2003, Windows XP SP2, Windows XP SP3, and Windows XP 64-bit edition are at risk if they haven't upgraded to IE8. IE8 is not vulnerable because the DirectShow ActiveX control being exploited was disabled in IE8. But, if you're still running IE7 (or - horrors! - IE6), what now?

Although Microsoft doesn't have a software patch, it's offering the next best thing: visit KB article 972890 to download and run Microsoft Fix it control 50287 to work around the problem (the same site also offers Microsoft Fix it control 50288 to disable the workaround). The woraround and disable workaround controls are distributed in .msi installer files. Microsoft also recommends the workaround for Windows Vista and Windows Server 2008 users who are still running IE7.

If you want to learn more about what the workaround changes, you can visit the Microsoft Security Advisory (972890) page. This page lists the CLSID values that must be changed. This information can be incorporated into a .reg file, or can be distributed to multiple PCs in a domain using Group Policy. For additional information, see Security Focus article 35558.

Read More

Posted 04/30/09 at 05:32:27 PM by Andy Salisbury

At long last, Microsoft has confirmed that Service Pack 2 for Windows Vista and Windows Server 2008 is complete, by releasing it to select manufacturers. It even hit torrents, hours before it was officially announced on the Windows Vista Team Blog.

As for an official download, it’s not clear when Service Pack 2 will be available. They’ve stated that they will push the final version to customers through Automatic Update over the next few months, but those that aren’t ready can still use Microsoft’s service-pack blocking tool.

Along with this, Microsoft has started pushing Vista SP1 to users that had previously blocked it, in order to prime them for SP2.

For those wondering, Service Pack 2 will bring Windows Search 4.0, the Bluetooth 2.1 Feature Pack, the ability to record data on Blu-ray natively through Windows, Windows Connect Now (a simpler WiFi tool), the addition of support for UTC timestamps in the exFAT file system, as well as various security and performance updates.

Read More

Posted 03/10/09 at 07:08:39 PM by Mark Edward Soper

Today, Microsoft released a trio of security bulletins covering all currently-supported Windows versions. Users of Windows 2000 SP4 through Windows Vista SP1 (as well as Windows Server 2003 and 2008) need to install the update for the critical Windows kernel vulnerability noted in Security Bulletin MS-09-006. The other two bulletins (MS09-007 and MS09-008) solve important vulnerabilities in SChannel (007) and DNS/WINS Server (008); these bulletins apply to Windows 2000 SP4 through Windows XP and Server 2003 only.

Other updates to look for include the usual updates to the Malicious Software Removal Tool and the Windows Mail junk email filter. If you're on Automatic Updates, follow instructions to reboot if needed after installation. If you prefer to be in charge, don't forget to download and install these as soon as possible.

Read More

Posted 02/10/09 at 11:27:35 AM by Josh Kampschmidt

It is finally happening! Microsoft is now changing over to a 64-bit operating system by default instead of 32 bit. Windows Server 2008 R2 will be the first operating system to feature 32 bit optional. This means that all the applications included with Windows Server 2008 R2 will be native 64 bit. It appears Microsoft is now ready to embrace the 21st century and begin shipping their new server operating systems as 64 bit only.

For the system administrators that still want to run 32-bit applications inside of Windows Server 2008 R2 they will have to install WoW64. This application support layer is not included by default with the operating system.

Hit the jump for more information and what this means to regular home users.

Read More

Posted 11/11/08 at 01:17:52 PM by Mark Edward Soper

This month's Patch Tuesday, unlike October's, is a quiet one, with just two security bulletins:

• MS08-069 solves a remote code execution vulnerability in Microsoft's XML Core Service that is rated as Critical for version 3.0 and Important for later versions. All 32-bit and 64-bit desktop versions of Windows from Windows 2000 SP4 through Windows Vista SP1 are affected, as well as Microsoft Office 2003 and 2007. The Exploitability Index is 1 (Consistent Exploit Code Likely - the most serious ranking) or 2 (Inconsistent Exploit Code Likely), depending upon the version of XML Core Services installed. Windows Server 2003 and some installations of Windows Server 2008 are also affected.
• MS08-068 patches a remote code execution vulnerability in the SMB protocol. MS08-068 is rated as Important for Windows 2000 SP4 and Windows XP, and Moderate for Windows Vista. Windows Server 2003 and all Windows Server 2008 installations are also affected. Despite Microsoft's rating this vulnerability as only Important rather than Critical, MS08-068's Exploitability Index is 1 because exploit code targeting Windows XP is already public.

That's it for Patch Tuesday security bulletins, both of which will be arriving soon via Windows Update (or can be downloaded manually if you prefer). What else has Microsoft served up?

The only non-security content this time is the usual monthly update for the Malicious Software Removal Tool (KB890830; not yet updated as this article was posted now updated) and the usual monthly update for the Windows Mail junk mail filter (KB905866), available in 32-bit and 64-bit versions.

Read More

Posted 10/29/08 at 08:15:17 PM by Pulkit Chandna

Microsoft has joined forces with Akamai to provide a consummate high-definition video streaming experience for PCs. The two companies announced that Akamai will launch a beta version of its HD video streaming service christened AdaptiveEdge Streaming for Microsoft Silverlight in early 2009. The beta release will only be accessible to a few of Akamai’s own customers (content providers).

Windows Server 2008 and Microsoft Silverlight will form the skeletal base of the service. Akamai’s service will exploit Microsoft’s new Web server technology, called Internet Information Services 7.0 (IIS7.0) Smooth Streaming, which is aimed at delivering uninterrupted streaming videos – sans any buffering. “Smooth Streaming is an evolution of proven Silverlight technology that has powered global online events,” said Scott Guthrie, corporate vice president of the .NET Developer Division at Microsoft, in a press release.

Microsoft clearly hopes that high-definition streaming video can help its Silverlight platform turn the tide and gain more traction. Of course, if Akamai’s service finds favor among providers, it will automatically endear Silverlight to all such content providers. The camaraderie between Microsoft and Akamai dates back to 1999, when the two first strung together a similar partnership.

Read More

Posted 10/24/08 at 10:53:38 AM by Mark Edward Soper

Redmond usually releases security patches once a month, on Patch Tuesday, but Microsoft's security experts are worried enough about a newly reported vulnerability in the Server service to post an "out-of-band" security update, MS08-067, yesterday for all versions of Windows from Windows 2000 SP4 through Windows Server 2008 and Windows 7 pre-beta. Microsoft hasn't issued a security update between Patch Tuesday releases since April 2007, so this is a significant security issue.

Although all supported versions of Windows are vulnerable, Windows 2000 SP4, Windows XP, and Windows Server 2003 versions are especially vulnerable to this flaw, which can permit remote code execution via a specially crafted RFC request.

To find out what makes this vulnerability so critical, and to learn how to get the update, join us after the jump.

Read More