Posted 10/24/08 at 10:53:38 AM by Mark Edward Soper

Redmond usually releases security patches once a month, on Patch Tuesday, but Microsoft's security experts are worried enough about a newly reported vulnerability in the Server service to post an "out-of-band" security update, MS08-067, yesterday for all versions of Windows from Windows 2000 SP4 through Windows Server 2008 and Windows 7 pre-beta. Microsoft hasn't issued a security update between Patch Tuesday releases since April 2007, so this is a significant security issue.

Although all supported versions of Windows are vulnerable, Windows 2000 SP4, Windows XP, and Windows Server 2003 versions are especially vulnerable to this flaw, which can permit remote code execution via a specially crafted RFC request.

To find out what makes this vulnerability so critical, and to learn how to get the update, join us after the jump.

Read More

Comments 

2

TAGS 

microsoft, operating system, Security, windows xp, Windows Vista, Windows 2000, vulnerability, Patch Tuesday, Operating Systems, windows 7, Windows Server 2008, Windows Server 2003, MS08-067

Posted 10/08/08 at 09:56:45 PM by Mark Edward Soper

Just as we nerds have overhyped some technologies, we've also overlooked some even better alternatives. PC World has put on its thinking cap and posted its picks for the ten most overrated technology products and services - and alternatives that deserve a closer look.

So, How Would You Rate These Contenders?

• Ultra-portable laptops versus mini-laptops
• Microsoft Zune versus Apple iPod Touch
• Windows XP versus Windows Vista

To discover which ones get the overrated razz, and which ones deserve some unexpected love, join us after the break.

Read More

Comments 

4

TAGS 

Software, web 2.0, hardware, Operating Systems, consumer electronics, comparison, services

Posted 08/11/08 at 07:59:58 PM by Mark Edward Soper

As we told you last week, Microsoft rolled out two new security programs, Microsoft Active Protections Program and Microsoft Exploitability Index, during the Black Hat USA 2008 Conference. Unfortunately for Microsoft, the same conference saw a presentation by security experts Mark Dowd and Alexander Sotirov that renders these and other protections for Windows Vista, including its much-touted Address Space Layout Randomization (ASLR) and Data Execution Protection (DEP) features, effectively null and void.

Dowd and Sotirov's presentation, How To Impress Girls With Browser Memory Protection Bypasses, made their point by beginning their presentation with a live exploit against IE7 on Windows Vista. And, as the photo at the top of this article suggests (from page 40 of the presentation), it does seem to impress the girls!

How did they do it? The full presentation (available here in PDF format) is quite technical, but here's the short version. according to SC Magazine:

In explaining the problem, the researchers said that most memory protection mechanisms are based on two things: detecting corruption and stopping common exploit patterns, and attempts to reinforce these are integral to Vista. But in many cases, some of the built-in protection mechanisms in Vista are not enabled by default for compatibility reasons.

“At the desktop level, compromises had to be made because of compatibility issues. Exploiters have a lot more control over browsers,” Sotirov said.

And in many cases, third-party applications are not compiled to use the Vista memory protections. For example, Java and Flash are not compiled using the critical protection called ASLR.

What can be done? My take: Microsoft needs to rethink the balance of compatibility versus protection, do a better job of informing users of what's protected and what's not, and get third-party application vendors to take advantage of the protection features in Vista. What about ordinary users like us? Watch out for compromised legitimate websites, and, as always, as our own Will Smith says, think before you click.

What's your take on Vista and other browser security issues? See us after the jump for your chance to sound off.
 

Read More

Comments 

1

TAGS 

vista, microsoft, Security, Windows Vista, exploit, IE7, Operating Systems, Black Hat 2008, DEP, ASLR

Posted 07/07/08 at 10:24:48 AM by Mark Edward Soper

Windows Update will itself be updated, starting in late July, according to Windows Update product manager Michelle Haven, in a recent TechNet post. This update changes both the WU clients used by Windows XP and Vista-based machines as well as the back-end infrastructure, and as a result, scans for updates and update installations are faster. That's the good news. But, will the update cause problems for Windows XP users who need to perform a repair installation? And, what about users who don't want Microsoft making any changes to their system?

For more light on these questions, join me after the break.

Read More

Comments 

4

TAGS 

windows, microsoft, Security, windows xp, Windows Vista, Windows Update, Operating Systems, Microsoft Update

Posted 07/06/08 at 03:14:51 AM by Justin Kerr

The dreaded day has come and gone. June 30^th 2008 marked the first milestone in Microsoft’s plan to euthanize our beloved OS. Windows XP leaves us with more of a bang than a whimper, and considerably more street credibility than it afforded at launch. Here at Maximum PC we want to take you down the nostalgic path of Windows XP one last time. A path lovingly paved for us over the years with hundreds of patches and countless upgrades.

Hit the jump and step inside for one last farewell to an old friend and to see why the future doesn’t look so bad.

Read More

Comments 

36

TAGS 

windows, microsoft, Software, windows xp, Windows Vista, Operating Systems

Posted 12/14/07 at 08:10:56 PM by Paul "One4yu2c" Lilly

Nintendo offers Wii rain checks at GameStop, AMD chats about 45nm and 32nm, Google takes on Wikipedia, and much more!

Read More

Comments 

7

TAGS 

Internet, news, processor, Operating Systems