Archive for the ‘Windows’ Category
Jeff Jones, a security strategy director in Microsoft’s Trustworthy Computing group, reported that Windows Vista is more secure OS than XP since it was hit by significantly fewer publicly disclosed security flaws in its first year than Windows XP and open source rivals in their first years. In its first year Microsoft released 17 security bulletins and patches affecting Vista, compared to 30 for XP in its first year. Vista had 9 patches, XP had 26, Red Hat 64, Ubuntu had 65 and Mac OS X 17. Most of those success is related to the changes made in way Microsoft handles patching and that resulted in less work for system administrators on Vista compared to Windows XP. However those figures do not indicate which operating system is “more secure” than the others.
|
 Microsoft has released an advisory on a new discovered MS Excell vulnerability. The vulnerability affects all versions except Excel 2003SP3 and Excel 2007 and can allow remote code execution. Attack appears to be targeted, not widespread and Microsoft team is working on solving the issue.
|
Digital Armaments company has announced a $20,000 award for hackers that can find any exploitable vulnerability or working exploit for Windows applications. The contest’s deadline is February 29. The company has more details about this interesting idea but most of Internet security researchers point that Digital Armaments is not well known company and maybe they don’t even have $20K for award. But then again if you are a hacker and enthusiast, why hesitate to try?
|
Microsoft urged Windows Vista users to download a new security tool that automatically disables suspicious or malicious “gadgets”, small applications that can display date, time or RSS feeds. Since gadgets are written in HTML and various scripts they can be dangerous or malicious. Windows Sidebar Protection, just 1MB large, prevent a malicious gadgets from installing, and if it’s installed, to block the gadget. Windows Sidebar Protection can be downloaded from Windows Update site. This update is optional, but depending on what settings have been selected in Automatic Updates, it may be downloaded and installed without any additional user interaction.
|
Filed Under ( Windows) by Telix on January-11-2008
 After small number of customer reports Microsoft admitted that is send wrong Vista patch to the wrong users. The update was one of three prerequisites for SP1 unveiled Tuesday and was supposed to go up only on Vista Enterprise and Vista Ultimate machines, since it targeted BitLocker, the full-drive encryption technology bundled with those premium versions of the operating system. Instead, the update was also offered to PCs running Vista Home Basic and Home Premium. As company representatives states customers who installed the initial release of the update on editions other than Ultimate or Enterprise should not be concerned as the update will have no negative impact on their systems.
|
 As we announced, today Microsoft released two new patches for January 2008. The critical patch resolves two vulnerabilities reported by IBM ISS X-Force. The vulnerability, which involved TCP/IP processing, was critical for XP and Vista, important for Windows Server 2003 and moderate for Windows 2000. And second patch covers a vulnerability that allows an attacker to run “arbitrary code with elevated privileges”. The update is marked as important for Windows 2000, XP and Server 2003.
For more details on these updates, read Microsoft’s Security Bulletin.
|
 The US-CERT reported waring about possible RealPlayer vulnerability after a Russian security company Gleg claimed to have found a way to exploit a critical flaw in the multimedia software. The flaw affects the latest version 11 of RealPlayer running on Windows XP, service pack 2, according to Gleg. A Flash demonstration of the vulnerability has been posted to the Gleg website, but the company has not released its attack code or any technical details of the flaw. Real spokesman said that company is working to confirm whether the exploit code actually works.
|
For next Patch Tuesday, January 8, Microsoft is preparing a relatively light haul of two security bulletins. The first one is rated critical and covers a remote code execution in Windows Vista and Windows XP Service Pack 2 users. For Windows Server 2003, the bulletin is rated as “important”. Second bulletin is related to local elevation of privilege vulnerability and rated as “important” for Windows 2000 Server Service Pack 4, Windows XP and Windows Server 2003 but doesn’t apply to Vista.
|
Microsoft has warned Windows Home Server users not to edit files stored on their backup systems with Vista Photo Gallery, Office OneNote and Outlook, as well as files generated by finance software Quicken, QuickBooks or Microsoft Money 2007. Microsoft said that the problem is a glitch within Windows Home Server’s shared folders. The company development team is working full-time through the holidays to diagnose and address this issue, but there is one reasonable question we’d like to ask: what the point is in having a home server if you can’t back up files on it?
|
 For couple hours last week Kaspersky AV quarantined Windows Explorer after being falsely identified as malicious code. The security systems had decided that a virus called Huhk-C was present in the explorer.exe file, leading to its confinement or deletion. Since Windows Explorer is the graphical user interface for Windows’ file system, this made it difficult to perform many common tasks within the operating system. The bug was only live for two hours, and ended up affecting just one corporate customer and small number of home users.
|
|
|
