boot132013’s first Patch Tuesday arrives at 10am on January 8. This month will see seven bulletins, addressing a total of twelve vulnerabilities in Windows, Office, Microsoft developer tools and server software. Two of the bulletins are rated Critical. You can find all the details in the advance notification bulletin.
Category Archives: Microsoft
Flash Player fix for Internet Explorer 10
The Flash vulnerability reported on December 11 has finally been fixed in Internet Explorer 10.
Microsoft chose not to use the regular Flash plugin in Internet Explorer 10, deciding instead to integrate the player into the IE10 code. As a result, any time the Flash player is updated, Microsoft must make corresponding changes to IE10. Hence the delay in producing the patch for IE10. Google now does the same thing with their Chrome browser, but they tend to make the required changes much more quickly.
Fix for Internet Explorer 6/7/8 now available
Microsoft has issued a special “Fix It” patch for the recently-discovered vulnerabilities in older versions of Internet Explorer.
The original security advisory has been updated to include a link to the fix.
Anyone still using Internet Explorer 6, 7 or 8 should install the fix or stop using IE immediately.
Update 2013-Jan-05: According to the Internet Storm Center, the temporary workaround provided by this Fix-It from Microsoft has already been rendered ineffective by means of a bypass.
Internet Explorer 6, 7 and 8 vulnerable to new exploit
A new exploit, targeted at users of older versions of Internet Explorer, recently surfaced. IE 9 and 10 are not vulnerable to this exploit.
Microsoft is working on a patch, but until it’s available, anyone using Internet Explorer 6, 7 or 8 should exercise extreme caution when browsing the web, or – better yet – switch to a different browser such as Firefox, Opera or Chrome.
Unfortunately for anyone still using Windows XP, including a large number of corporate users, recent versions of IE (9 and 10) don’t run on that version of Windows. XP users are strongly encouraged to stop using Internet Explorer.
Details:
Animated rant about Windows 8
Brian Boyko’s 20+ minute animated video is an entertaining – albeit painful – look at the new Microsoft operating system. Spoiler: he hated it. Boyko originally intended to spend several days working with Windows 8, and produce his review on a Windows 8 computer, but he gave up in frustration and made this video instead. The video is worth watching; although some of what he says is admittedly personal opinion, he delves into the science of user interfaces and explains why in some respects, Windows 8 is worse than DOS.
It’s another Patch Tuesday for Microsoft software
This month there are seven bulletins, addressing twelve issues in Windows, Internet Explorer (including IE 10) and Office. The Microsoft Security Response Center has a useful summary. For the gory details, see the official security bulletin for the December updates over at Technet.
Here are the bulletins:
Advance notification for December 2012 Patch Tuesday
Microsoft has issued their monthly heads up for December’s patches.
The associated Security Bulletin outlines seven upcoming bulletins that address eleven security vulnerabilities, affecting Windows, Word and Internet Explorer (including IE 10).
The patches will become available at about 10am PST on December 11, 2012.
Windows 8 crapware
Just in case you had any doubt, new PCs loaded with Windows 8 also come pre-bloated with crapware. For those unfamiliar with the term, crapware refers to the software pre-installed on OEM systems that typically adds nothing useful, but uses up system resources and causes slowness and instability.
OEM system builders like Dell, HP, Acer and so on install the software because they make money from it: third-party software companies pay the OEM builders to install trial versions of their software. Other types of crapware originate with the OEM builder: software that delivers advertising, offers to sell more products, reminds the customer to register their software, tracks usage, and a host of other shady purposes, often presented as helpful.
Some builders offer an option to buy systems without the crapware, but that will cost you extra. A better solution is to use the free software PCDecrapifier.
ITWorld has some details on new Windows 8 crapware they’ve encountered.
Interface expert declares Windows 8 UI “terrible” for PCs
Renowned interface expert Jakob Nielsen has taken a closer look at the new Windows 8 user interface, and his conclusions are not positive. While the new UI works reasonably well for tablets, it’s problematic for desktop PCs.
One of Nielsen’s most entertaining findings is that the new UI no longer supports multiple windows, leading him to suggest that the O/S be renamed “Microsoft Window”.
Computerworld has a useful summary of Nielsen’s findings.
Malware targeting Windows 8
Microsoft has been putting a lot of effort into making their software more secure, and it’s paying off: Kaspersky’s IT Threat Evolution: Q3 2012 report includes no Microsoft software in its Top Ten Vulnerabilities List.
The anti-malware software bundled with Windows 8 is Microsoft’s strongest offering in any version to date. But as long as Windows is widely deployed, it will remain a popular target for malware developers, as is demonstrated by the recent discovery by Symantec that a new Trojan variant, detected as Backdoor.Makadocs, includes code specific to the new O/S.