This month's Patch Tuesday, unlike October's, is a quiet one, with just two security bulletins:
MS08-069 solves a remote code execution vulnerability in Microsoft's XML Core Service that is rated as Critical for version 3.0 and Important for later versions. All 32-bit and 64-bit desktop versions of Windows from Windows 2000 SP4 through Windows Vista SP1 are affected, as well as Microsoft Office 2003 and 2007. The Exploitability Index is 1 (Consistent Exploit Code Likely - the most serious ranking) or 2 (Inconsistent Exploit Code Likely), depending upon the version of XML Core Services installed. Windows Server 2003 and some installations of Windows Server 2008 are also affected.
MS08-068 patches a remote code execution vulnerability in the SMB protocol. MS08-068 is rated as Important for Windows 2000 SP4 and Windows XP, and Moderate for Windows Vista. Windows Server 2003 and all Windows Server 2008 installations are also affected. Despite Microsoft's rating this vulnerability as only Important rather than Critical, MS08-068's Exploitability Index is 1 because exploit code targeting Windows XP is already public.
That's it for Patch Tuesday security bulletins, both of which will be arriving soon via Windows Update (or can be downloaded manually if you prefer). What else has Microsoft served up?
The only non-security content this time is the usual monthly update for the Malicious Software Removal Tool (KB890830; not yet updated as this article was posted now updated) and the usual monthly update for the Windows Mail junk mail filter (KB905866), available in 32-bit and 64-bit versions.
One of the most frustrating experiences you can have as a PC user is when something just won’t work. Maybe it’s a game that blacks out after the title screen, or an app that refuses to launch when you tell it to, but in any case it doesn’t give you much of a clue what’s going wrong, and it’s enough to make you want to pull your hair out.
One possible cause of these mysterious crashes is interference with one of your computer’s background processes. Unfortunately, a whole host of them start with Windows, so it can be tricky to figure out if they’re causing a problem, and if so, which one.
In this article, we’ll show you how to use a clean boot to identify harmful program interactions. A clean boot is a boot where no unnecessary background processes launch at startup. Some functionality of the computer may be lost while performing a clean boot, but it’s easily reversible and a powerful diagnostic technique.
For most of the last decade, improving 3D performance has been the primary goal of operating system, application (read gaming) developers, and hardware developers. However, when you're at work, trying hard to make the money you need to buy a new HDTV and über-gaming PC, you're probably working in a 2D world that's being managed by the creaky GDI/GDI+ APIs which were first developed back to the 1990s.
This week, Microsoft introduced a replacement for GDI/GDI+ called Direct2D. Microsoft's Thomas Olsen, a Dev Lead in the Windows Desktop Graphics organization, uses his new blog to bring us up to speed on why we need the new Direct2D API and how it will make PCs work better.
To learn more about Direct2D, join us after the jump.
Redmond usually releases security patches once a month, on Patch Tuesday, but Microsoft's security experts are worried enough about a newly reported vulnerability in the Server service to post an "out-of-band" security update, MS08-067, yesterday for all versions of Windows from Windows 2000 SP4 through Windows Server 2008 and Windows 7 pre-beta. Microsoft hasn't issued a security update between Patch Tuesday releases since April 2007, so this is a significant security issue.
Although all supported versions of Windows are vulnerable, Windows 2000 SP4, Windows XP, and Windows Server 2003 versions are especially vulnerable to this flaw, which can permit remote code execution via a specially crafted RFC request.
To find out what makes this vulnerability so critical, and to learn how to get the update, join us after the jump.
Adobe began shipping its Creative Suite 4 (CS4) this week, and perhaps the most significant new feature from a typical Maximum PC reader's point of view is the support for GPU acceleration in Photoshop CS4 and other components, including Bridge CS4, After Effects CS4, Premiere Pro CS4, Acrobat 9, and Flash Player 10.
In the latest indication that Windows Vista's not one of Redmond's greatest hits, Windows XP (aka "The operating system that will not die") has won another reprieve. Friday, Microsoft confirmed rumors that OEMs bundling Windows Vista Ultimate or Vista Business can continue to order media for downgrades to Windows XP Professional until July 31, 2009 . Meaning, for those paying attention, that Harry Potter could get a Vista system downgraded to Windows XP for his birthday. Previously, the last day for downgrade media was going to be January 31, 2009. 1-31-2009 remains the deadline for system builders (aka "the corner computer store") to buy Windows XP licenses for their systems.
As an OEM product, Windows XP won't quite make it to Windows 7's anticipated release date of January 2010, but it will get closer than anyone could have guessed when it was released in October 2001.
So, what say you? Have you exercised your downgrade rights to send a Vista machine back to XP land? Any tips or tricks to consider? Hit the jump for your chance to sound off.
It's a super-sized Patch Tuesday this month, and here's what to expect Windows Update to be sending you in the next day or so (if not already). Follow the links if you prefer to install the updates immediately.
Critical updates include:
A fix for a remote code execution vulnerability in Windows Image Color Management affects users running Windows XP, Windows Server 2003, and Windows 2000 SP4 (Windows Vista users can breathe easy on this one).
A fix for a sextet of vulnerabilities in Internet Explorer 5.01, 6, and 7 affects users of Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003, Windows Vista, and Windows Server 2008.
A fix for a remote code execution vulnerability in the ActiveX control for Microsoft Access's snapshot viewer affects Office 2000 SP3, Office XP SP3, and Office 2003 SP2 and SP3 (Office 2007 users, you ducked this one).
Microsoft is going to extraordinary lengths this summer to make some of its customers satisfied with Windows Vista - or else. If they don't love Vista, Microsoft will help them downgrade to Windows XP. How much does this new customer-satisfaction blitz cost? For you, special price: nothing!
However, not everybody gets the special Microsoft Vista schmooze. To find out who gets the special love from Redmond, and how long they get primo treatment, you know what to do. We'll see you after the break.
Cut off the supply for a product that people still want, and the demand skyrockets. Windows XP is the product, and Amazon.com's Software Bestseller list proves that Windows XP is still a hot item. CNet reports that Windows XP ranks high on the Amazon.com best-selling software list. So, how popular is Windows XP? How does Windows Vista compare? And, where else can you buy Windows XP in the wake of its retail discontinuance by Microsoft?
The August 2008 cumulative time zone update for Windows XP, Windows Vista, Server 2003, and Server 2008 is now available at KB951072. New time zone changes include the Arabic, Argentina, Iran, Morocco, Pacific SA, and Pakistan time zones, but it also includes all previous changes.
If it's been a while since you updated your system's time zone information, it's time to bring your PC up to date. For more information and for download links, go to KB951072.