Category Archives: Microsoft

Microsoft, Patches and updates, Security, Windows

Windows vulnerable to document-based attack

Leave a comment

According to Microsoft, all versions of Windows except Windows Server 2003 are vulnerable to attacks based on a bug in OLE (Object Linking and Embedding).

Attacks exploiting this vulnerability would take the form of a specially-crafted PowerPoint document.

Microsoft has released a Fix It solution that can be used to close this hole until a proper patch is released. If you commonly receive PowerPoint documents from unknown sources, you are strongly encouraged to apply this fix or refrain from opening those documents.

References:

  1. MSRC post about Security Advisory 3010060
  2. Security Advisory 3010060
  3. Fix It solution for Advisory 3010060
Adobe, Flash, Internet Explorer, Java, Microsoft, Patches and updates, Security, Windows

Patch Tuesday for October 2014

1 Comment

Yesterday saw eight security bulletins and associated patches from Microsoft, as well as two new versions of Java from Oracle, and a new version of Adobe Flash.

The Microsoft updates include three flagged Critical. The updates address twenty-four CVEs in Windows, Office, .NET Framework, .ASP.NET, and Internet Explorer. A post on the MSRC blog provides a good overview.

Two new versions of Java from Oracle address as many as 25 security vulnerabilities in Java 7 and 8. If you’re using a web browser with Java enabled, you should install Java SE 8 Update 25 and/or Java SE 7 Update 72 as soon as possible. Unfortunately, Oracle has made things a bit confusing by saying that you should install SE 7 Update 72 only if you are being affected by the issues fixed in that version, and otherwise to install Update 71. Our recommendation is to install Update 72.

The new version of Flash is 15.0.0.189, and it includes fixes for at least three security vulnerabilities. If you’re like most people and use a browser with Flash enabled, you should update to the new version as soon as possible.

Microsoft, Windows 10

Microsoft once again realizes that there are different kinds of users

Leave a comment

A lot of the criticism of Windows 8 focused on its lack of support for enterprise users. Most notably, the new user interface was spectacularly unsuited to business use. Enterprises stayed away from Windows 8, preferring to upgrade to – or stay with – Windows 7.

Microsoft seems to have given up on Windows 8. Although the Start menu was scheduled to reappear in Windows 8, plans for that change were later scrapped. Microsoft’s efforts are now firmly centered on Windows 10, where the Start menu will once again appear.

There’s more good news for enterprise users in Windows 10. According to a recent report from Ars Technica, the update process will have some new options that allow system administrators to control which updates are distributed to enterprise computers. This is already possible with Windows Server Update Services, but the new options promise to simplify things greatly.

Microsoft, Windows 10

Windows 10 Technical Preview

Leave a comment

Anyone interested in looking at an early version of Windows 10 can sign up to the ‘Windows Insider Program’ at preview.windows.com. Signing up is free, but you are encouraged to think of this software in terms of short term testing only.

The accompanying preview document (ed: no longer available) describes some important features of the upcoming O/S, including the new Start menu, window snapping and multiple desktops. Interestingly, it also steers clear of calling the next version ‘Windows 10’.

Microsoft, Windows

Windows 8 fading, XP and 7 still going strong

Leave a comment

Microsoft’s recent announcements about Windows 9 10 may have been the death knell for Windows 8. It seems people are happy to wait for the next Windows or switch to Windows 7 rather than take on the task of learning a user interface better suited to mobile phones than desktop computers.

According to the latest stats posted by Ars Technica, Windows 8 sales slipped slightly in the last month, while Windows 7 sales increased and Windows XP held steady.

Microsoft, Windows 10

Windows 9 is Windows 10

Leave a comment

Microsoft has a long history of naming things strangely, and they’re showing no signs of stopping. Despite it being a) logical; and b) already announced, “Windows 9” will not be the name of the next version of Windows. No, it will be “Windows 10”, because 10 is better than 9.

That aside, Windows 9 10 is apparently going to be a lot like Windows 7, at least according to some early prototype reviewers.

On a positive note, it looks like Microsoft is finally starting to realize that they can make users really happy by fixing things that should have worked properly in Windows 95. A good example of this is the file copy/move dialog in Windows 8.x, which is vastly better than in any previous version of Windows. And now the creaky old command window is finally going to be improved in Windows 10.

Update 2014Oct02: According to some sources, the reason ’10’ was chosen over ‘9’ is that a lot of software currently includes code that determines whether a computer is running Windows 95 and 98 by looking at the Windows version and comparing it to “Windows 9”. However, while such code does exist, this is not the recommended method for determining Windows version. If Microsoft is going to make decisions like this based on sloppy, ancient coding practices, we’re in serious trouble.

Adobe, Flash, Internet Explorer, Microsoft, Patches and updates, Security, Windows

Patch Tuesday for September 2014

Leave a comment

This month’s crop of updates from Microsoft includes four security bulletins, addressing 42 CVEs in Microsoft Windows, Internet Explorer, .NET Framework, and Lync Server. The update for Internet Explorer is Critical, and should be installed ASAP.

From Adobe, we get another new version of Flash, 15.0.0.152. The new version addresses memory leakage vulnerabilities that could be used to bypass memory address randomization (CVE-2014-0557), a security bypass vulnerability (CVE-2014-0554), a use-after-free vulnerability that could lead to code execution (CVE-2014-0553), memory corruption vulnerabilities that could lead to code execution (CVE-2014-0547, CVE-2014-0549, CVE-2014-0550, CVE-2014-0551, CVE-2014-0552, CVE-2014-0555), a vulnerability that could be used to bypass the same origin policy (CVE-2014-0548), and a heap buffer overflow vulnerability that could lead to code execution (CVE-2014-0556, CVE-2014-0559). Anyone still using Flash, especially within a web browser, should update immediately.

Google Chrome and Internet Explorer on Windows 8.x will be updated automatically to include the new version of Flash.

Microsoft, Spam and scams, Windows 8.x

Windows Store cleanup underway

1 Comment

If you’re using Windows 8.x, you’re familiar with the Windows Store, because it’s the main source for Windows 8 applications. Unfortunately the store hasn’t been at all well curated, and it’s filled with scammy and misleading apps.

After a series of complaints, Microsoft is finally doing something about it. At least 1500 scammy apps have been removed from the store. Apps must now (and retroactively) comply with more strict rules on app naming and icon use.