Microsoft sure likes to keep people confused, don’t they? Most recently, they decided to designate the next version of Windows ’10’ instead of the otherwise completely sensible ‘9’ (being as it comes after 8).
Now, there’s a new chapter in the saga of ‘what the heck should we call applications that use the goofy new Start screen in Windows?’ Originally these applications were called ‘Metro apps’, to match the name of the new UI, Metro. Then they started calling them ‘Windows 8-style apps’. Then ‘Modern apps’. Then ‘Windows Store apps’. And then ‘Universal apps’. As of today, Microsoft has changed their collective minds once again, and now these Windows applications will be known as: ‘Windows apps’.
It would be fun to tally up what is has cost Microsoft to come up with the idea of calling Windows applications ‘Windows apps’.
A new version of the Enhanced Mitigation Experience Toolkit (EMET) was announced by Microsoft on March 12. EMET is an application that provides an additional level of security for Windows systems by detecting and blocking specific types of application behaviour that are associated with malware.
Version 5.2 of EMET adds new features for Windows 8.1 (and up), and for Internet Explorer.
EMET is highly recommended for Windows computers. You can obtain it from the main EMET page.
Update 2015Mar17: If you downloaded EMET 5.2 before March 16, you may have noticed that Internet Explorer on Windows 8.1 stopped working. Microsoft has re-released EMET 5.2 to address this problem.
One of the updates made available by Microsoft earlier this week is apparently causing problems on some Windows 7 computers. Details are sketchy at this point, but some users are reporting that their Windows 7 computers get into an infinite reboot loop after installing the KB3033929 update.
Microsoft is expected to release another update or pull the existing update soon. For now, anyone running Windows 7 should avoid this update.
Today Microsoft announced fourteen updates for security vulnerabilities in Windows, Office, Exchange, and Internet Explorer. Five of the updates are flagged as Critical.
The bulletin summary gets into all the technical details. All you really need to know is that you should install these updates as soon as possible, especially if you use Internet Explorer.
One of the updates provides what is hoped will be a complete fix for a vulnerability that allowed the Stuxnet worm to spread. Microsoft published a fix for this vulnerability in 2010, but the fix was incomplete and the vulnerability remained largely intact.
Microsoft has announced this month’s updates. There are nine bulletins and associated patches, addressing 56 vulnerabilities in Windows, Office and Internet Explorer. Three are flagged as Critical.
Recommendation: install these updates as soon as possible. At least one of them fixes a bug that’s currently being exploited in the wild.
Ars Technica reports on a serious bug in current versions of Internet Explorer that could allow attackers to gather security credentials from targeted Windows computers.
Microsoft is aware of the problem and is working on a fix. Anyone using Internet Explorer should exercise extreme caution when opening links from sources not known to be safe.
Microsoft needs to understand that it’s on the wrong side of this battle. Vulnerabilities must be patched quickly, and absent any incentive, big companies like Microsoft, Oracle and Adobe will take increasingly long periods of time to produce patches. Ninety days is plenty of time.
In Microsoft parlance, ‘mainstream’ support includes requests for feature changes, certain free support options (eg. phone support), and non-security updates. Now that Windows 7 is in the ‘extended’ support phase, Microsoft will no longer be changing the O/S, except to fix security issues.
In other words, there’s no need to panic. Windows 7 will continue to get security updates until 2020.
Update 2015Jan13: One of the updates in this batch is the source of some ill-will between Microsoft and Google. Google reported a Windows 8.1 vulnerability to Microsoft on October 13, and in keeping with its disclosure policies, made the vulnerability public 90 days later. By the time Microsoft got around to developing a fix, it was too late to make the patch available before the 90 day delay would end. Microsoft apparently asked Google to wait for the patch to be released on January 13, but Google stuck to its policy. Now Microsoft has publicly expressed its displeasure with Google. Information Week has additional details.
In a recent post on the MSRC blog, Microsoft announced that the monthly “heads up” we’ve come to expect a few days before each Patch Tuesday will no longer be made available to the public. The advance notifications will only be for Premier support customers.
Rants and musings on topics of interest. Sometimes about Windows, Linux, security and cool software.
Close
Ad-blocker not detected
Consider installing a browser extension that blocks ads and other malicious scripts in your browser to protect your privacy and security. Learn more.
boot13