Category Archives: Microsoft

Advance notification for May 2013 Patch Tuesday

As usual, Microsoft has issued an advance notification for this month’s Patch Tuesday. The updates will become available on Tuesday, May 14 at about 10am PST.

There are ten bulletins this month, two of them flagged Critical. In total, 34 vulnerabilities in Windows, Office, Internet Explorer, .NET and server software will be addressed.

Update 2013May11: The upcoming patches will include a fix for the Internet Explorer 8 vulnerability recently discovered.

Internet Explorer 8 vulnerable to new web-based attack

Update 2013May09: Microsoft has issued a ‘Fix-It’ for this problem. This is a temporary, band-aid solution to the problem. It will be superseded by an actual patch at some point. The original bulletin about this issue has been updated to include information about the ‘Fix-It’.

Microsoft recently announced a new attack, targeted at a specific version of Internet Explorer, being exploited in the wild. More details are provided in the associated security advisory from Microsoft.

Only Internet Explorer version 8 is vulnerable to this attack, which begins when someone using IE8 is tricked into visiting a compromised web site. Once infected, the user’s computer can be remotely controlled by the attacker.

Anyone using Internet Explorer 8 is strongly urged to upgrade to IE9, or – if using Windows 7 or 8 – to IE10. If upgrading Internet Explorer is not an option, you can reduce the risk of infection by increasing the level of protection provided by the browser, as follows:

Set Internet and local intranet security zone settings to “High” to block ActiveX Controls and Active Scripting in these zones. This will help prevent exploitation but may affect usability; therefore, trusted sites should be added to the Internet Explorer Trusted Sites zone to minimize disruption.

Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and local intranet security zones. This will help prevent exploitation but can affect usability, so trusted sites should be added to the Internet Explorer Trusted Sites zone to minimize disruption.

Ars Technica has additional details.

Problematic update re-issued by Microsoft

Microsoft today released a new version of the update that caused so many problems this past Patch Tuesday, MS013-036.

The new version is KB2840149, and it replaces the update originally associated with MS013-036, KB2823324.

The new update will be installed automatically on computers with auto-update enabled. Anyone using manual updates should install the new version by visiting the Windows Update site or the KB2840149 page.

Windows 8.1 will bring back the desktop – sort of

The Verge reports on rumours that Microsoft will make the new (formerly ‘Metro’) interface skippable in the next version of Windows 8. That next version is being referred to as ‘Windows 8.1’ and ‘Windows Blue’, and Microsoft may or may not make it a paid upgrade.

The details are sketchy, but it sounds like users will have a new option to boot straight to the desktop, bypassing the new UI. It’s unclear whether the Start menu will reappear; if it doesn’t, then the usefulness of this new option will be limited. The new UI will probably still rear its ugly head in many circumstances as well.

Patch Tuesday update causing problems

Apparently some Windows users are encountering problems after installing last Tuesday’s Microsoft updates. One of the updates, KB2823324 (aka MS13-036), is causing system errors on some Windows computers.

Affected users are advised to follow the instructions in a new bulletin, KB2839011 – You receive an Event ID 55 or a 0xc000021a Stop error in Windows 7 after you install security update 2823324.

The original update has been pulled from the Windows Update site, and is no longer being pushed out to Windows computers with Autoupdate enabled.

Update: Microsoft is now saying that the update in question (KB2823324) should be removed from ALL Windows 7 computers. See bulletin KB2839011.

Advance notification for April 2013 Patch Tuesday

It’s that time again. Microsoft has posted its usual notification about the next Patch Tuesday. This month’s patch day is on April 9. Anyone using Windows Autoupdate will start seeing the patches around 10am on that day.

There will be nine bulletins/updates this month, two of which are Critical, addressing Windows, Internet Explorer, Office, and server software. The technical details are available in the associated Security TechCenter post.

Windows 8.1 (aka Windows ‘Blue’)

Microsoft is moving toward a release system for Windows that more closely resembles Apple’s OS releases. The reason is fairly obvious: money. With major new operating system releases from Microsoft separated by several years, and every other release being largely ignored (think Windows Me and Vista), Microsoft just isn’t making enough money on Windows.

So, Microsoft has been working away on their next Windows release, code-named ‘Windows Blue’, and they plan to produce additional releases on a yearly basis. Pricing remains unclear, but apparently the upgrades will be “low-cost”. If Microsoft can make this work, they will have a steady inflow of cash from Windows sales.

In the past, incremental releases were provided in the form of service packs, which were always available for free. Microsoft insists that the new releases will do much more than the old service packs, but that remains to be seen. For now, the simplest way to think about this is that Microsoft is going to start charging for service packs.

The Verge has a series of posts about Windows Blue that are worth reading.

Microsoft improves Windows 8 apps

The basic applications that come bundled with Windows 8 were received unkindly by most reviewers. Seeking to redress some of the concerns raised, Microsoft recently began releasing updates for some of those applications, including Mail, Calendar and People (contacts).

The Verge has a useful summary of the changes, which include folder management and speed improvements for Mail, and readability improvements for Calendar. Inexplicably, Microsoft has removed support for Google Calendar from the Windows 8 Calendar app.