boot13Users forced to switch to Windows 8 are going to have a hard time adjusting to the new user interface. People who provide technical support for those users are going to wish they were on an extended vacation. Ars Technica provides an early glimpse at the Windows 8 support experience.
Category Archives: Microsoft
Microsoft releases patches for Windows 8
Despite the fact that Windows 8 has not yet started appearing on store shelves, Microsoft is releasing a set of updates for the new operating system. Since Windows 8’s RTM (release to manufacturing), several new issues have been discovered, and the updates are intended to address those issues.
Anyone testing or evaluating Windows 8 should install the updates, which are available through Microsoft Update.
Anyone buying a new computer with Windows 8 installed on it should check for and install any pending updates immediately after powering up the computer for the first time. Anyone installing Windows 8 after it is released to retail should also immediately check for and install any pending updates.
Patch Tuesday for October 2012
It’s Patch Tuesday and Microsoft has released seven security bulletins, affecting Windows, Word, Internet Explorer and other Microsoft software. A total of 20 vulnerabilities are addressed by the updates. We covered the details in a previous post. As always, we encourage everyone running affected software to apply the updates as soon as possible.
Options for bringing the Start menu back to Windows 8
ITWorld has posted an article reviewing several methods for reviving the Start menu in Windows 8.
Two of the solutions are open source (free), and the third costs about $5. Each has various pros and cons, as described in the article.
October 2012 Patch Tuesday Advance Notice
Another month, another batch of updates from Microsoft. On October 9, starting at about 10 am PDT, Microsoft will release patches that address a total of twenty vulnerabilities in Windows and Office. Seven security bulletins will cover the defects being patched, one of which is a critical vulnerability in Word.
Also included in the upcoming updates will be Microsoft Security Advisory (2661254): Update For Minimum Certificate Key Length. This update is the final step in a series of actions taken by Microsoft to improve Internet-based security for its products. This update will force RSA-encrypted communications in Internet Explorer and Outlook to use keys that are 1024 bits in length or greater. If you access secure web sites with Internet Explorer or use encrypted email with Outlook, this update may cause those services to stop working. For further details, see:
Poll shows Windows 8 users prefer Windows 7
While it may be too early for definite conclusions, a recent survey of 50,000 Windows 8 users shows that a huge proportion of early adopters would rather be using Windows 7.
Apparently people like how fast the new O/S boots up, but they are not enjoying the new Metro Windows 8 style (whatever) user interface.
Google Apps dropping support for Internet Explorer 8
Google recently announced that it will be dropping support for version 8 and earlier of Internet Explorer in Google Apps.
The change will occur shortly after the release of Internet Explorer 10, on November 15, 2012.
Internet Explorer 8 is the most recent version of the web browser that runs on Windows XP, so anyone who uses Internet Explorer on Windows XP to access Google Apps will need to switch to a different web browser, or upgrade to Windows 7 or 8 after November 15.
Active attacks targeting Internet Explorer
Update 2012Sep22: As promised by Microsoft, patches for Internet Explorer versions 9 and earlier were made available yesterday. The patches are available through regular update channels, including Windows Update and Microsoft Update. Security Bulletin MS12-063 has all the details, including links for downloading the updates separately.
Update 2012Sep21: A fix for this issue, promised earlier this week by Microsoft, was announced yesterday. Anyone using Internet Explorer for web browsing is strongly encouraged to install the fix immediately. A proper (i.e. fully tested) patch will be available from Microsoft later today.
Update 2012Sep19: Another bulletin from Microsoft promises an ‘out of cycle’ fix for this issue in the next few days. Meanwhile, the list of sites known to contain the exploit code is growing.
Update 2012Sep18: Microsoft has issued a security bulletin that goes into some detail about this issue and suggests workarounds. Apparently you can install the ‘Enhanced Mitigation Experience Toolkit’, or configure Internet Explorer to either prompt before running ActiveX scripts or prevent them from running altogether.
A newly-discovered vulnerability in most versions of Internet Explorer is being exploited in current, ongoing attacks.
Anyone using IE 6, 7, 8 or 9 on Windows XP, Vista or 7 is potentially at risk. To become infected, a user need only visit a web site that contains the exploit code. Typically, trojan malware is then installed silently on the user’s computer. The computer is then open to further attacks as well as remote control by the perpetrators.
Internet Explorer 10 is not affected.
The exploit code may be placed on a web site without the knowledge of the site owner, if the site is not secure.
This vulnerability and the associated attacks are serious enough to warrant extreme caution when using Internet Explorer. Some experts are recommending discontinuing the use of Internet Explorer until a fix becomes available.
Microsoft has issued a bulletin that provides additional details.
Patch Tuesday for September 2012
It’s a light month for Microsoft patches. Many users won’t be affected at all by the two updates announced by Microsoft for release today, since those updates are for Windows development and server software.
Windows 8 Internet Explorer shipping with vulnerable Flash
Update 2012Sep22: A Security Advisory published yesterday by Microsoft announced the availability of a patch for Flash in Internet Explorer 10. A related post on the Microsoft Security Response Center blog explains how security updates for Flash in Internet Explorer will be handled in the future. Anyone using Internet Explorer 10 or Windows 8 should install the Flash update as soon as possible.
Update 2012Sep11: Given the negative reaction to Microsoft’s previous announcement that recent Flash vulnerabilities would not be fixed in Internet Explorer 10 until after Windows 8 is released, today’s announcement is perhaps not much of a surprise. Microsoft is now saying that the Flash holes in IE10 will be plugged much sooner than originally announced. However, there will still be an easily-exploited delay between the launch of Windows 8 and the point at which all Windows 8 systems are patched.
Recently, Google switched to an integrated version of Flash in the Chrome web browser. They did this to simplify the update process: Chrome users no longer have to worry about keeping their browser’s Flash plugin up to date.
Microsoft has apparently done something similar with Internet Explorer 10, which is included with Windows 8. Unfortunately, the recent Flash vulnerabilities were not addressed in Internet Explorer 10 when Windows 8 was finalized recently. Which means Windows 8 has at least two very serious security holes in its integrated web browser, out of the box.
Microsoft says that the Flash vulnerabilities in Windows 8’s IE10 will be fixed during the regular patch cycle, but it’s not known exactly when the updates will appear.
Nefarious hackers are no doubt preparing for a surge of new Windows 8 systems to appear on the Internet, all with these rather large holes, ready to exploit.
If you are using Windows 8 or plan to start using it soon, your options are:
- Stop using Internet Explorer. This isn’t really a viable option, since the browser is integrated into the O/S.
- Disable Flash in Internet Explorer 10, assuming this is even possible.
- Avoid all Flash content while using Internet Explorer 10. This is increasingly difficult to accomplish, given the prevalence of Flash content on the web.