According to several sources some of the users of latest Windows XP Service Pack 3 have problems causing blue screen at AMD based systems. Microsoft and HP stated that the problem might be around the Power Management feature. HP has posted a work around that has you go boot into Safe Mode and disable the Intel Power Management.

Latest Microsoft Thursday security bulletin patches three critical bulletins for Microsoft Office and Windows and a moderate denial of service vulnerability for the company’s security software. A critical remote code execution vulnerability primarily affecting Microsoft Office (Word) and another critical remote code execution flaw in Publisher, a critical Jet database engine issue that affects Windows 2000, Windows XP and Windows Server 2003 and a denial of service vulnerability in Windows Live OneCare, Microsoft Antigen, Microsoft Windows Defender, Microsoft Forefront Security.

A security thinktank says it has found a vulnerability in Apple’s QuickTime multimedia player that can be exploited remotely to compromise Windows Vista PCs upgraded to Service Pack 1, as well as XP SP2. From the informations at GNUCitizen’s blog, the exploit involves a maliciously crafted media file. When a user opens the file, which can be hosted on a website, the vulnerability in QuickTime allows the hacker to take complete control of the machine, according to Petko D. Petkov. Mr Petkov stated that it is reasonably to believe that anyone knows how to exploit this vulnerability since he didn’t shared the details with anyone, and the actual vulnerability is different enough to be rather challenging for even some of the most gifted hackers out there.The Apple is notified about this issue and did not stated any official comments.

Microsoft has released new RC2 version of Windows XP Service Pack 3 that includes all previously released updates for Windows XP, security updates, out-of-band releases, and hotfixes. New stuff in this RC2 are small number of new updates that should not significantly change the Windows XP experience. At the same time Microsoft officials confirmed that final version of XP Service Pack 3 will be available in Windows Update and the Microsoft Download Center on April 29th.

Security researchers have found malicious code that can trigger a critical vulnerability in the Chinese version of Windows 2000. The non-Chinese users are warned to expect same attacks. Symantec confirmed that the code posted to the milw0rm.com site successfully attacks Chinese editions of Windows 2000 Service Pack 4 (SP4) exploiting one of the two critical bugs in Windows GDI, or graphics device interface, that Microsoft patched last week. So far attack code works only on Chinese versions of Windows 2000 while crashes Explorer, the Windows file manager, on non-Chinese versions of the OS. Security researchers urged the Windows 2000 users to update all the fixes released by Microsoft in MS08-021 security bulletin to patch their systems.

This Thursday Microsoft issued 25th security bulletin this year fixing critical patches in Vista and Windows Server 2008. Also three fixes are for all flavors of Windows, Internet Explorer and Office. In its patch day advance notification for its Tuesday update, Microsoft issued five critical bulletins to address remote code execution vulnerabilities. Microsoft said it will patch critical flaws in Vista, Windows Server 2008, Windows Server 2003 (SPs 1 and 2), IE 6 and 7 and Office XP SP3, 2003 and 2007 Microsoft Office System among others.

TechARP.com, a Malaysian website that successfully predicted the release date for Vista SP 1, reported yesterday that Microsoft will officially release Windows XP Service Pack 3 during the second half of April. The site pegged RTM for Windows XP SP3 as “second half of April 2008″ for seven languages, with a follow-on RTM of the remaining supported languages “approximately 21 days” later. Although Microsoft declined comment we would like to see if those rumors are true.

Microsoft has reported about new MS Office Word vulnerability that could allow hackers to install malicious software on a victim’s PC. The attack involves a malicious Word document and Jet Database Engine that is used by a number of products including Microsoft Access. Microsoft is investigating whether other programs may also be exploited in this type of attack. Word versions from 2000 to 2007 unless users are running Windows Vista or Windows Server 2003, Service Pack 2. Those two operating systems include a newer version of the Jet Database Engine that does not have the bug. It is advised not to open or save Word files that you receive from untrusted sources or that you receive unexpectedly from trusted sources.

Microsoft’s Patch Tuesday this week delivers several patches to fix critical vulnerabilities in Office especially already well known Excel flaw. That vulnerability could allow remote code execution if a user opens a specially crafted Excel file and can allow a remote attacker to take control of a system, install, view and change data and create new accounts. According to Microsoft the update is critical for Microsoft Office Excel 2000 Service Pack 3 and rated Important for Excel 2002 Service Pack 3, Excel 2003 Service Pack 2, Excel Viewer 2003, Excel 2007, Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats, Office 2004 for Mac, and Office 2008 for Mac.

McAfee has reported about new Windows Mobile PocketPC Trojan that disables phone security. The Trojan has been discovered in China and installs via a memory card, can’t be uninstalled and create special home page in your phone browser. WinCE/InfoJack, how McAfee named this Trojan, sends the infected device’s serial number, operating system and other info to the author. Also leaves the infected mobile device vulnerable allowing silent installation of malware. The Trojan modifies the infected device’s security settings and allow unsigned applications to be installed without a warning messages. Users are advised to be aware about this Trojan and be careful when installing software or transfer data from memory cards.