This week, Microsoft announced that DirectShow ActiveX code in Internet Explorer 6 and 7 that was reserved for future use has finally been used - by malware providers. The DirectShow Video ActiveX control in the msvidctr.dll file can be used to take over your system if you visit an infected website. According to Symantec, thousands of websites (primarily in China and other parts of Asia) have been affected.
Who's vulnerable? According to Microsoft Knowledge Base article 972890, Windows Server 2003, Windows XP SP2, Windows XP SP3, and Windows XP 64-bit edition are at risk if they haven't upgraded to IE8. IE8 is not vulnerable because the DirectShow ActiveX control being exploited was disabled in IE8. But, if you're still running IE7 (or - horrors! - IE6), what now?
Although Microsoft doesn't have a software patch, it's offering the next best thing: visit KB article 972890 to download and run Microsoft Fix it control 50287 to work around the problem (the same site also offers Microsoft Fix it control 50288 to disable the workaround). The woraround and disable workaround controls are distributed in .msi installer files. Microsoft also recommends the workaround for Windows Vista and Windows Server 2008 users who are still running IE7.
If you want to learn more about what the workaround changes, you can visit the Microsoft Security Advisory (972890) page. This page lists the CLSID values that must be changed. This information can be incorporated into a .reg file, or can be distributed to multiple PCs in a domain using Group Policy. For additional information, see Security Focus article 35558.
Russia’s state run anti-monopoly service has launched a formal investigation into Microsoft over cutbacks in the supply of Windows XP. The agency believes that Microsoft has violated antimonopoly legislation by intentionally limiting the stock of Windows XP to Russia in both retail, and OEM editions which come preinstalled on new PC’s. Analysts claim that Windows Vista continues to be available, while the ongoing demand for XP both by the public, and the government, remains unsatisfied.
Microsoft has yet to formally address the issue, but according to the Moscow regional office, nobody from the anti-monopoly service has tried to contact them. "We (have) always answered antimonopoly service questions in full and intend to continue this practice in future," Microsoft spokeswoman Marina Levina said by telephone. Full scale investigations by the antimonopoly service in Russia are rare, and Microsoft will be given more details by July 24th.
The accusations being made in Russia are drastically different than previous antitrust cases leveled by the EU and USA. In both these cases, the complaints were focused on software bundling for which it was fined $708 million in 2004 by the EU.
Could Microsoft be intentionally limiting Windows XP supply in Russia to help push Vista?
Earlier this week, Acer pulled a 180 and announced plans to ship an Android-based netbook after previously saying the open-source OS wasn't ready for netbooks. For the company's next trick, Acer now plans to dual-boot Android with Windows XP.
According to Acer chairman JT Wang, the dual-boot strategy carries less risk than shipping a netbook with Android alone, as consumer response has yet to be determined for the latter. But the company isn't ruling out a standalone Android netbook either. Acer plans to target telecom providers to sell the new netbook, and if there's enough demand, an Android-only model could be in the works.
Not everyone is happy about the decision, however, particularly open-source enthusiasts. It also remains to be seen what kind of consumer reaction there will be, considering the major selling point of an open-source platform is the reduced cost, but that won't be the case with XP tagging along for the ride.
What are your thoughts on a dual-booting netbook? Hit the jump and let us know!
AutoRun and AutoPlay, Microsoft's "dangerous duo" for launching programs from CD/DVD and other removable media types, have become among malware authors' favorite infection vectors - and Microsoft has finally said, "enough already!"
A research study by Forefront Client Securitycited by the Engineering Windows 7 blog determined that infections that can be started with AutoRun amounted to 17.7% of detected infections in the second half of 2008.
Although AutoRun was originally designed strictly for optical media, it can be used for other types of media. For example, you can create an autorun.inf file that adds the program on the media to the AutoPlay menu Windows displays, and change the default icon to make the malware program mimic a legitimate program. Conficker used this method to spread, as illustrated here.
Starting in Windows 7 RC, Microsoft has changed how both AutoRun and AutoPlay work:
AutoPlay no longer supports AutoRun on non-optical removable media. An autorun.inf file on a USB or other type of non-optical removable media will be disregarded. Only AutoPlay options that pertain to the types of files on the media will be listed.
When AutoPlay displays programs present on the media, the dialog now states that those programs will be run from the media.
To learn more about these changes, and to find out what other Microsoft operating systems will eventually get similar protection, join us after the jump.
In Win XP, folders automatically display in Explorer in alphabetical order. I want to order folders chronologically by calendar month, i.e., January, February, March, etc., but Explorer displays them alphabetically. Is there a way to change the order that folders are displayed? —Dave Schaffer
Once Windows 7 ships, Windows 7 Professional, Enterprise, and Ultimate edition users will be able to download a free Windows XP Mode upgrade from Microsoft, WinSuperSite's Paul Thurrott reports. What Thurrott calls XP Mode will enable these versions of Windows 7 to be almost perfectly compatible with Windows XP applications. Essentially, Windows 7 will have "Windows XP inside" when XP Mode is installed.
What is XP Mode? Officially known as Virtual Windows XP, it combines a hardware-accelerated host virtualizer based on Virtual PC with a fully licensed copy of Windows XP Professional SP3 which the user must supply [updated 4-29-09]. While, at first glance, this might sound like little more than a more convenient replacement for downloading a copy of Virtual PC 2007 and scrounging up a Windows XP Pro disc and license from a dead PC, there's a lot more to Virtual Windows XP.
As the WinSuperSite screenshow reveals, Virtual Windows XP will be able to share your system's USB drives, and when you install apps to Virtual Windows XP, your Windows 7 menu will automatically be updated with shortcuts, enabling you to run Windows XP programs in separate virtualized windows on your desktop. Although the virtualizer used by Virtual Windows XP is a host-based virtualizer, these features put it miles ahead in usability compared to Virtual PC 2007 plus Windows XP. And, because Virtual Windows XP's virtualizer requires hardware virtualization support, it won't bog down your system the way an unaccelerated virtualization host will do.
Are there any downsides? For a couple of potential gotchas, and for your chance to sound off, join us after the jump.
Most users who have tried Windows 7 like it - a lot, but if you (or your company) are worried about what happens if old hardware or software you rely on won't play nice with the latest Windows version, stop worrying. According to Cnet's Ina Fried and ZDNet's Mary Jo Foley, Windows 7 users will have the option to downgrade from 7 to either Windows Vista or even "the operating system that will not die," Windows XP.
Volume-licensing (aka "Software Assurance") customers have been able to do this for some time, but Microsoft has confirmed that downgrades from 7 to either Vista or XP will be available for at least a while after Windows 7 ships.
If you're on the fence about Windows 7, does the availability of downgrade rights make a difference? Join us after the jump for your chance to sound off.
While Windows XP has proven itself to be the biggest contender to Microsoft’s (almost) flagship OS, Windows Vista, it could very well outlive it and perhaps come to compete with Windows 7.
According to recent reports, Microsoft recently granted HP and exclusive OEM license extension for XP all the way into the depths of 2010. This would line it up to go side by side with Windows 7 on netbooks, and provide healthy competition in that sector. With this number in mind, it will make Windows XP almost nine years old before it finally stops shipping.
It’s not expected that HP will ship PCs with Windows XP on them other than netooks. A massive 96 percent of the netbook market is running off of Windows, and an overwhelming majority of this is XP.
Still, netbooks aside, Windows XP is still the global majority leader with a market share of 62.85 percent. Windows Vista rolls in at second place with a 23.42 percent share.
Today, Microsoft released a trio of security bulletins covering all currently-supported Windows versions. Users of Windows 2000 SP4 through Windows Vista SP1 (as well as Windows Server 2003 and 2008) need to install the update for the critical Windows kernel vulnerability noted in Security Bulletin MS-09-006. The other two bulletins (MS09-007 and MS09-008) solve important vulnerabilities in SChannel (007) and DNS/WINS Server (008); these bulletins apply to Windows 2000 SP4 through Windows XP and Server 2003 only.
Other updates to look for include the usual updates to the Malicious Software Removal Tool and the Windows Mail junk email filter. If you're on Automatic Updates, follow instructions to reboot if needed after installation. If you prefer to be in charge, don't forget to download and install these as soon as possible.
Call it peer pressure, or call it a dose of common sense, but Microsoft is finally looking to take on the free rivals of its Office application suite. During a presentation at the Morgan Stanley Technology conference, Microsoft Business Division Chief Stephen Elop announced a free / ad supported version which they hope will help combat piracy. According to Elop, “There's an opportunity to draw those pirate customers into the revenue stream. We want to draw them into the Windows family and maybe there's an upsell opportunity later”.
Also in related news, Microsoft Business Software VP Chris Capossela, has also tipped off the Silicon Alley Insider as to the operating system requirements of Office 14, and Windows Vista / 7 will still be optional. The Office and Windows teams now work completely independent of each other, and I’m sure the Office guys are simply hoping to avoid the depressing Halo effect that requiring a new operating system can have on sales. With Office 14 delayed until sometime in 2010, will this give businesses even more reasons to stick with XP? If the productivity software these companies rely on still works just as well in a legacy operating systems, do companies have enough incentive to move to Windows 7? Corporate IT professionals are typically big fans of the status quo, and are usually against operating system migrations unless they can prove the value.
So will this slow down business adoption of Windows 7? And if you would be willing to use an ad supported version of Office 14? Let us know what you think.