Posted 09/14/09 at 05:49:54 PM by Jason Barry

On Friday, Microsoft pushed updates for Windows operating systems that disables the AutoRun feature for non-optical devices.  This update affected Windows XP, Vista, Server 2003, and 2008. Microsoft already disables the feature in the, soon to be available, Windows 7 OS. The update was available voluntarily back in August.

AutoRun (and AutoPlay) was originally developed out of convenience to eliminate the need for users to browse the media for the correct file to open.  However, recently it has been exploited to automatically run malware and other obtrusive software applications without the users consent.

Interestingly, the update doesn’t cripple removable optical media (i.e. CDs and DVDs) from running AutoRun procedures.  So companies, such as U3, who manufacture their devices to represent themselves as CDs are largely unaffected by the update.

Read More

Posted 09/08/09 at 09:55:44 PM by Ryan Whitwam

This was a big Windows Patch Tuesday. Microsoft released a total of five critical patches, addressing eight system vulnerabilities. The flaws patched today do not apply to the recently finished Windows 7. Symantec Security Response research manager, Ben Greenbaum, said the two most serious flaws involve the way Windows handles ASF and MP3 files.

"We've seen similar exploits in the past and all a user would have to do is visit a compromised Web site hosting one of these malicious files, which could be an MP3, WMA or WMV file, and they could become infected,” said Greenbaum.

Greenbaum also noted that Microsoft has left a zero-day vulnerability in Internet Information Services unpatched.  Attacks based on the issue are already in the wild. Microsoft expects a patch for that to be pushed out next month.

Read More

Posted 02/09/09 at 10:48:26 AM by Mark Edward Soper

Whether you're using Windows and IE, managing Microsoft Exchange or SQL Server at work, or using Microsoft Office, this month's Patch Tuesday has a security update for you. All four security bulletins address Remote Code Execution vulnerabilities in recent and current service packs for each product listed:

• IE 7: Windows XP, Windows Vista, Windows Server 2003
• Microsoft Office: Visio 2002, 2003, 2007
• SQL: SQL Server 2000 Desktop Engine on Windows 2000 and Windows Server 2003; Windows Internal Database (WYukon) on Windows Server 2003 and Windows Server 2008; SQL Server 2000 and SQL Server 2005
• Exchange Server: Exchange 2000 Server, Exchange Server 2003, Exchange Server 2007

But Wait, There's More!

Other updates to be released tomorrow include:

• Cumulative Update for Windows Vista Media Center (KB960544)
• Cumulative Update for Windows Vista Media Center TVPack (KB958653)
• Upgrade Rollup for ActiveX Killbits for Windows (KB960715)
• February 2009 updates for Windows Mail Junk Email Filter (KB905866) and Windows Malicious Software Removal Tool (KB890830)

For details, look up the KB article numbers starting Tuesday.

Read More

Posted 01/28/09 at 11:05:12 AM by the Maximum PC Staff

I was installing a Windows Update on my laptop, and I left it to finish making dinner, not realizing that the automatic update wanted to restart my computer.

While I was away, the computer restarted. From there, it basically locked up. I had recently purchased a hot-swap box that was compatible with laptop hard drives, so I put it in and completely formatted it. Now I can’t do anything with it. I have been trying to reinstall from a boot CD, but I get an NTLDR Missing error. I know this is a Windows issue, and I want to install Linux. Can you help?

Read More