After October 31st, you will no longer be able to purchase the Home Basic, Home Premium and Ultimate versions of Windows 7. The Professional version will still be available, and Microsoft has yet to announce when that will stop.
If you are planning to purchase or build a new PC and want to run Windows 7 Home or Ultimate, you need to buy your Windows license before the end of the month.
According to Microsoft, all versions of Windows except Windows Server 2003 are vulnerable to attacks based on a bug in OLE (Object Linking and Embedding).
Attacks exploiting this vulnerability would take the form of a specially-crafted PowerPoint document.
Microsoft has released a Fix It solution that can be used to close this hole until a proper patch is released. If you commonly receive PowerPoint documents from unknown sources, you are strongly encouraged to apply this fix or refrain from opening those documents.
References:
Yesterday saw eight security bulletins and associated patches from Microsoft, as well as two new versions of Java from Oracle, and a new version of Adobe Flash.
The Microsoft updates include three flagged Critical. The updates address twenty-four CVEs in Windows, Office, .NET Framework, .ASP.NET, and Internet Explorer. A post on the MSRC blog provides a good overview.
Two new versions of Java from Oracle address as many as 25 security vulnerabilities in Java 7 and 8. If you’re using a web browser with Java enabled, you should install Java SE 8 Update 25 and/or Java SE 7 Update 72 as soon as possible. Unfortunately, Oracle has made things a bit confusing by saying that you should install SE 7 Update 72 only if you are being affected by the issues fixed in that version, and otherwise to install Update 71. Our recommendation is to install Update 72.
The new version of Flash is 15.0.0.189, and it includes fixes for at least three security vulnerabilities. If you’re like most people and use a browser with Flash enabled, you should update to the new version as soon as possible.
A lot of the criticism of Windows 8 focused on its lack of support for enterprise users. Most notably, the new user interface was spectacularly unsuited to business use. Enterprises stayed away from Windows 8, preferring to upgrade to – or stay with – Windows 7.
Microsoft seems to have given up on Windows 8. Although the Start menu was scheduled to reappear in Windows 8, plans for that change were later scrapped. Microsoft’s efforts are now firmly centered on Windows 10, where the Start menu will once again appear.
There’s more good news for enterprise users in Windows 10. According to a recent report from Ars Technica, the update process will have some new options that allow system administrators to control which updates are distributed to enterprise computers. This is already possible with Windows Server Update Services, but the new options promise to simplify things greatly.
Next week’s Patch Tuesday will see nine bulletins and associated updates from Microsoft. Three of the updates are flagged Critical. The updates will affect Windows, Internet Explorer, .NET, Office and ASP.NET.
Anyone interested in looking at an early version of Windows 10 can sign up to the ‘Windows Insider Program’ at preview.windows.com. Signing up is free, but you are encouraged to think of this software in terms of short term testing only.
The accompanying preview document (ed: no longer available) describes some important features of the upcoming O/S, including the new Start menu, window snapping and multiple desktops. Interestingly, it also steers clear of calling the next version ‘Windows 10’.
Microsoft’s recent announcements about Windows 9 10 may have been the death knell for Windows 8. It seems people are happy to wait for the next Windows or switch to Windows 7 rather than take on the task of learning a user interface better suited to mobile phones than desktop computers.
According to the latest stats posted by Ars Technica, Windows 8 sales slipped slightly in the last month, while Windows 7 sales increased and Windows XP held steady.
Microsoft has a long history of naming things strangely, and they’re showing no signs of stopping. Despite it being a) logical; and b) already announced, “Windows 9” will not be the name of the next version of Windows. No, it will be “Windows 10”, because 10 is better than 9.
That aside, Windows 9 10 is apparently going to be a lot like Windows 7, at least according to some early prototype reviewers.
On a positive note, it looks like Microsoft is finally starting to realize that they can make users really happy by fixing things that should have worked properly in Windows 95. A good example of this is the file copy/move dialog in Windows 8.x, which is vastly better than in any previous version of Windows. And now the creaky old command window is finally going to be improved in Windows 10.
Update 2014Oct02: According to some sources, the reason ’10’ was chosen over ‘9’ is that a lot of software currently includes code that determines whether a computer is running Windows 95 and 98 by looking at the Windows version and comparing it to “Windows 9”. However, while such code does exist, this is not the recommended method for determining Windows version. If Microsoft is going to make decisions like this based on sloppy, ancient coding practices, we’re in serious trouble.
This month’s crop of updates from Microsoft includes four security bulletins, addressing 42 CVEs in Microsoft Windows, Internet Explorer, .NET Framework, and Lync Server. The update for Internet Explorer is Critical, and should be installed ASAP.
From Adobe, we get another new version of Flash, 15.0.0.152. The new version addresses memory leakage vulnerabilities that could be used to bypass memory address randomization (CVE-2014-0557), a security bypass vulnerability (CVE-2014-0554), a use-after-free vulnerability that could lead to code execution (CVE-2014-0553), memory corruption vulnerabilities that could lead to code execution (CVE-2014-0547, CVE-2014-0549, CVE-2014-0550, CVE-2014-0551, CVE-2014-0552, CVE-2014-0555), a vulnerability that could be used to bypass the same origin policy (CVE-2014-0548), and a heap buffer overflow vulnerability that could lead to code execution (CVE-2014-0556, CVE-2014-0559). Anyone still using Flash, especially within a web browser, should update immediately.
Google Chrome and Internet Explorer on Windows 8.x will be updated automatically to include the new version of Flash.
Microsoft and Adobe plan to release software updates on September 9.
There will be four bulletins from Microsoft, affecting Windows, Internet Explorer, and .NET. One of the updates is rated Critical.
There’s not much detail on the upcoming Adobe updates, but they will affect Reader/Acrobat.
boot13