This week, Microsoft announced that DirectShow ActiveX code in Internet Explorer 6 and 7 that was reserved for future use has finally been used - by malware providers. The DirectShow Video ActiveX control in the msvidctr.dll file can be used to take over your system if you visit an infected website. According to Symantec, thousands of websites (primarily in China and other parts of Asia) have been affected.
Who's vulnerable? According to Microsoft Knowledge Base article 972890, Windows Server 2003, Windows XP SP2, Windows XP SP3, and Windows XP 64-bit edition are at risk if they haven't upgraded to IE8. IE8 is not vulnerable because the DirectShow ActiveX control being exploited was disabled in IE8. But, if you're still running IE7 (or - horrors! - IE6), what now?
Although Microsoft doesn't have a software patch, it's offering the next best thing: visit KB article 972890 to download and run Microsoft Fix it control 50287 to work around the problem (the same site also offers Microsoft Fix it control 50288 to disable the workaround). The woraround and disable workaround controls are distributed in .msi installer files. Microsoft also recommends the workaround for Windows Vista and Windows Server 2008 users who are still running IE7.
If you want to learn more about what the workaround changes, you can visit the Microsoft Security Advisory (972890) page. This page lists the CLSID values that must be changed. This information can be incorporated into a .reg file, or can be distributed to multiple PCs in a domain using Group Policy. For additional information, see Security Focus article 35558.
Microsoft’s main aim with Windows 7 is to make it much easier to use than its predecessor, Vista. Apparently, this also includes the packaging that it comes in.
While the old packaging did take a brief moment to figure out, the new box will work in a way that most of us are very familiar with, and open just like a DVD case. However, the shape of the package will remain the same. It’ll include just the disc and a getting started guide.
Overall, Microsoft reports that they’ve been able to lighten up the package weight by 37 percent with these changes.
Russia’s state run anti-monopoly service has launched a formal investigation into Microsoft over cutbacks in the supply of Windows XP. The agency believes that Microsoft has violated antimonopoly legislation by intentionally limiting the stock of Windows XP to Russia in both retail, and OEM editions which come preinstalled on new PC’s. Analysts claim that Windows Vista continues to be available, while the ongoing demand for XP both by the public, and the government, remains unsatisfied.
Microsoft has yet to formally address the issue, but according to the Moscow regional office, nobody from the anti-monopoly service has tried to contact them. "We (have) always answered antimonopoly service questions in full and intend to continue this practice in future," Microsoft spokeswoman Marina Levina said by telephone. Full scale investigations by the antimonopoly service in Russia are rare, and Microsoft will be given more details by July 24th.
The accusations being made in Russia are drastically different than previous antitrust cases leveled by the EU and USA. In both these cases, the complaints were focused on software bundling for which it was fined $708 million in 2004 by the EU.
Could Microsoft be intentionally limiting Windows XP supply in Russia to help push Vista?
The entire staff is back in the office this week, eager to grill Gordon about his thoughts on the new Star Trek movie. Was there enough intersteller diplomacy for him? Did he find its message heavy handed enough? Will caps the Star Trek chat to 5 minutes, after which we jump into recent tech news. Apparently, the US military is going to adopt Windows Vista, Intel announces a new anti-Ion netbook platform, and we uncover the real size of the internet. After numerous debates and tangents, we eventually tackle a few listener questions, and Gordon unleashes his rant of the week. All that and more on this week's Memorial Day weekend podcast!
Do you have a tech question? A comment? A tale of technological triumph? Just need to get something off your chest? A secret to share? Email us at email@example.com or call our 24-hour No BS Podcast hotline at 877.404.1337 x1337--operators are standing by.
AutoRun and AutoPlay, Microsoft's "dangerous duo" for launching programs from CD/DVD and other removable media types, have become among malware authors' favorite infection vectors - and Microsoft has finally said, "enough already!"
A research study by Forefront Client Securitycited by the Engineering Windows 7 blog determined that infections that can be started with AutoRun amounted to 17.7% of detected infections in the second half of 2008.
Although AutoRun was originally designed strictly for optical media, it can be used for other types of media. For example, you can create an autorun.inf file that adds the program on the media to the AutoPlay menu Windows displays, and change the default icon to make the malware program mimic a legitimate program. Conficker used this method to spread, as illustrated here.
Starting in Windows 7 RC, Microsoft has changed how both AutoRun and AutoPlay work:
AutoPlay no longer supports AutoRun on non-optical removable media. An autorun.inf file on a USB or other type of non-optical removable media will be disregarded. Only AutoPlay options that pertain to the types of files on the media will be listed.
When AutoPlay displays programs present on the media, the dialog now states that those programs will be run from the media.
To learn more about these changes, and to find out what other Microsoft operating systems will eventually get similar protection, join us after the jump.
At long last, Microsoft has confirmed that Service Pack 2 for Windows Vista and Windows Server 2008 is complete, by releasing it to select manufacturers. It even hit torrents, hours before it was officially announced on the Windows Vista Team Blog.
As for an official download, it’s not clear when Service Pack 2 will be available. They’ve stated that they will push the final version to customers through Automatic Update over the next few months, but those that aren’t ready can still use Microsoft’s service-pack blocking tool.
Along with this, Microsoft has started pushing Vista SP1 to users that had previously blocked it, in order to prime them for SP2.
For those wondering, Service Pack 2 will bring Windows Search 4.0, the Bluetooth 2.1 Feature Pack, the ability to record data on Blu-ray natively through Windows, Windows Connect Now (a simpler WiFi tool), the addition of support for UTC timestamps in the exFAT file system, as well as various security and performance updates.
Most enterprises have resolved to skip Windows Vista altogether. With Vista on its way out, Microsoft would be hoping for enterprises to upgrade to Windows 7 at the first given opportunity. However, Microsoft will have to wait as that is exactly what most enterprises plan on doing. A large majority of enterprises have decided against upgrading next year, according to a survey conducted by market research firm Dimensional Research.
Dimensional Research took the opinion of 1,100 IT professionals. More than 83 percent of those surveyed have no plans of upgrading next year. The ongoing recession and doubts over software compatibility are the main reasons why most businesses want to play the wait-and-watch game.
Most users who have tried Windows 7 like it - a lot, but if you (or your company) are worried about what happens if old hardware or software you rely on won't play nice with the latest Windows version, stop worrying. According to Cnet's Ina Fried and ZDNet's Mary Jo Foley, Windows 7 users will have the option to downgrade from 7 to either Windows Vista or even "the operating system that will not die," Windows XP.
Volume-licensing (aka "Software Assurance") customers have been able to do this for some time, but Microsoft has confirmed that downgrades from 7 to either Vista or XP will be available for at least a while after Windows 7 ships.
If you're on the fence about Windows 7, does the availability of downgrade rights make a difference? Join us after the jump for your chance to sound off.
That's the message that Microsoft announced today on its Engineering Windows 7 blog, Cnet's Ina Fried reports.
While Microsoft says you can upgrade from Win7 Beta to RC when it becomes available, it prefers that you upgrade from Windows Vista to Windows 7 RC. Why? As the E7 blog entry points out:
The RC...is about getting breadth coverage to validate the product in real-world scenarios. As a result, we want to encourage you to revert to a Vista image and upgrade or to do a clean install, rather than upgrade the existing Beta. We know that means reinstalling, recustomizing, reconfiguring, and so on. That is a real pain. The reality is that upgrading from one pre-release build to another is not a scenario we want to focus on because it is not something real-world customers will experience.
This reasoning makes sense from Redmond's standpoint, but since the same blog post acknowledges that millions of users (including, I bet, a lot of Maximumpc.com fans) are using Windows 7 Beta as their "full time" operating system, Microsoft has outlined a way to bypass the usual installer checks. Join us after the jump for the details.
While Windows XP has proven itself to be the biggest contender to Microsoft’s (almost) flagship OS, Windows Vista, it could very well outlive it and perhaps come to compete with Windows 7.
According to recent reports, Microsoft recently granted HP and exclusive OEM license extension for XP all the way into the depths of 2010. This would line it up to go side by side with Windows 7 on netbooks, and provide healthy competition in that sector. With this number in mind, it will make Windows XP almost nine years old before it finally stops shipping.
It’s not expected that HP will ship PCs with Windows XP on them other than netooks. A massive 96 percent of the netbook market is running off of Windows, and an overwhelming majority of this is XP.
Still, netbooks aside, Windows XP is still the global majority leader with a market share of 62.85 percent. Windows Vista rolls in at second place with a 23.42 percent share.