Category Archives: Windows

Microsoft will finally reconcile version identifiers with Windows 10

If you’re a regular user and not a developer, you may not have noticed that internal Windows version identifiers have been stuck at 6.x since Vista.

Vista was a disaster, with one of the biggest problems being software compatibility. Programs that worked fine on Windows XP no longer worked on Vista. One reason that happened was that Microsoft bumped the internal version of Windows from 5 (XP) to 6 for Vista. This caused a lot of software to get confused and stop working.

This made Microsoft much more reluctant to make major changes to the internal version number for subsequent releases of Windows. The internal version identifier for Windows 7 is 6.1. For Windows 8, it’s 6.2, and for Windows 8.1, it’s 6.3.

Microsoft also got to work on finding better ways to get around software compatibility issues, and developed the Application Compatibility tools, which include a simple method for tricking software into thinking it’s running on a different version of Windows.

With Windows 10, Microsoft apparently plans to get back to internal version numbers that make sense, and they’re also using this opportunity to finally make the internal version match the external version. Windows 10 will be identified internally as version 10.

Fake Windows Support companies shut down

The US Federal Trade Commission, working with law enforcement in Florida, has shut down several companies offering fake computer support services.

The companies involved are PC Cleaner Inc., Netcom3 Global Inc., Inbound Call Experts LLC, Advanced Tech Supportco. LLC, PC Vitalware LLC, Super PC Support LLC, Boost Software Inc., Vast Tech Support LLC, OMG Tech Help, OMG Total Protection, and others.

These scammers made money by tricking Windows users into paying for expensive and unnecessary repairs.

Unfortunately, since this type of scam can be lucrative, similar companies are likely to appear before long, making this yet another game of ‘whac-a-mole‘ for law enforcement.

Microsoft issues special update MS14-068

Two of the updates originally scheduled for release last week for Patch Tuesday were held back. Yesterday one of those updates was released. MS14-068 addresses security vulnerabilities in all versions of Windows. We recommend installing the update as soon as possible.

Brian Krebs has additional details, as does Ars Technica. A post on Microsoft’s Security Research and Defense Blog provides technical details of the vulnerability.

Patch Tuesday for November 2014

Yesterday Microsoft released fourteen updates, addressing 33 CVEs in Windows, Internet Explorer, Office, .NET, Internet Information Services, Remote Desktop Protocol, Active Directory Federation Services, Input Method Editor, and Kernel Mode Driver. Four of the updates are flagged as Critical. You can find all the details in the main bulletin.

Two of the expected sixteen updates (MS14-068 and MS14-075) were held back by Microsoft, with release dates for those updates now being shown as ‘Release date to be determined’.

In keeping with its new monthly update policy, Adobe released a new version of Flash yesterday. Flash 15.0.0.223 addresses several security vulnerabilities in previous versions.

Brian Krebs has additional analysis of these updates.

Update 2014Nov15: One of the updates in this batch addresses a serious vulnerability that exists on all versions of Windows. MS14-066 fixes a bug in the way secure connections are handled by the Microsoft secure channel (schannel) security component. Most of the focus has been on Windows servers, especially those running Microsoft’s web server software, Internet Information Services (IIS). However, according to some sources, any Windows computer that is configured to accept secure network connections is potentially vulnerable. Recommendation: if you’re running any Internet-facing service on a Windows computer, install this patch ASAP. Ars Technica has additional details.

Update 2014Nov15: Another of this month’s patches (MS14-064) addresses problems with a previous patch (MS14-060). McAfee has a detailed breakdown of the problems with MS14-060.

Update 2014Nov19: MS14-068 was released.

Update 2014Nov26: Apparently the MS14-066 update caused problems for some Windows servers. Microsoft added a workaround to the update bulletin that should resolve one of the problems, but has yet to acknowledge the performance problems reported in SQL Server and IIS. InfoWorld has additional details.

Adjusted numbers show Windows 8 is actually doing as well as Windows XP

Ars Technica’s monthly look at operating system and browser market share was delayed slightly this month as they investigated an unexpected blip in the numbers for Windows 8 and XP. It turns out that the new numbers really are more accurate, and they show that Windows 8 isn’t doing quite as badly as previously thought. In fact, Windows 8 is doing about as well as the ancient and no longer supported Windows XP.

Advance notification for November Patch Tuesday

Next Tuesday Microsoft plans to publish 16 Security Bulletins, five of which are flagged as Critical. The updates affect Windows, Internet Explorer, Office, Exchange, .NET Framework, Internet Information Services (IIS), Remote Desktop Protocol (RDP), Active Directory Federation Services (ADFS), Input Method Editor (IME) (Japanese), and Kernel Mode Driver (KMD).

Last chance to buy Windows 7 Home and Ultimate

After October 31st, you will no longer be able to purchase the Home Basic, Home Premium and Ultimate versions of Windows 7. The Professional version will still be available, and Microsoft has yet to announce when that will stop.

If you are planning to purchase or build a new PC and want to run Windows 7 Home or Ultimate, you need to buy your Windows license before the end of the month.

Microsoft Lifecycle Fact Sheet – End of sales.

Windows vulnerable to document-based attack

According to Microsoft, all versions of Windows except Windows Server 2003 are vulnerable to attacks based on a bug in OLE (Object Linking and Embedding).

Attacks exploiting this vulnerability would take the form of a specially-crafted PowerPoint document.

Microsoft has released a Fix It solution that can be used to close this hole until a proper patch is released. If you commonly receive PowerPoint documents from unknown sources, you are strongly encouraged to apply this fix or refrain from opening those documents.

References:

  1. MSRC post about Security Advisory 3010060
  2. Security Advisory 3010060
  3. Fix It solution for Advisory 3010060

Patch Tuesday for October 2014

Yesterday saw eight security bulletins and associated patches from Microsoft, as well as two new versions of Java from Oracle, and a new version of Adobe Flash.

The Microsoft updates include three flagged Critical. The updates address twenty-four CVEs in Windows, Office, .NET Framework, .ASP.NET, and Internet Explorer. A post on the MSRC blog provides a good overview.

Two new versions of Java from Oracle address as many as 25 security vulnerabilities in Java 7 and 8. If you’re using a web browser with Java enabled, you should install Java SE 8 Update 25 and/or Java SE 7 Update 72 as soon as possible. Unfortunately, Oracle has made things a bit confusing by saying that you should install SE 7 Update 72 only if you are being affected by the issues fixed in that version, and otherwise to install Update 71. Our recommendation is to install Update 72.

The new version of Flash is 15.0.0.189, and it includes fixes for at least three security vulnerabilities. If you’re like most people and use a browser with Flash enabled, you should update to the new version as soon as possible.