Navigation

You are here: Home Microsoft

Archive | Microsoft

Microsoft Patches 3 vulnerabilities: Flash (!), Exchange, DTS

By on May 10, 2006 in Microsoft, Security

InfoWorld reports “Microsoft released one critical security update for its Exchange messaging server and two security updates for Windows on Tuesday, one of which was critical… In Microsoft’s rating system, a critical vulnerability means it could allow unauthorized software to be installed without user action… The third patch released Tuesday fixes two vulnerabilities in Windows rated as “moderate,” Microsoft said… More information and Microsoft’s monthly security bulletin can be found at its Web site“.

Funny, I would not have thought that Adobe Flash was a product MSFT would be responsible for patching, but it appears they shipped it in some of their components. Watch out for the Exchange patch – SANS Internet Storm Center is reporting it cripples Blackberries using the Blackberry Enterprise Server.

MS06-018, 019 and 020 ship this week. It’s the 19th week of the year.

WinSCP 3.8.1 released

By on May 8, 2006 in Linux, Microsoft

WinSCP (Secure Copy) lets you copy, move or synchronize files and folders between two machines over a secure (ssh) tunnel. It offers a simple two-panel local-remote file explorer supporting drag-and-drop, a toolbar of utilities (rename, move, copy, etc.) and intuitive operation. I use WinSCP all the time to keep remote Linux machines up to date with local Windows machines while doing development. (Actually, the “local Windows machine” is almost always using files on a networked share via SMB that’s actually a Linux file server running Samba, so I’m really just using Windows as the pretty GUI to synch two Linux machines, but I digress.)

WinSCP has just released a new version, v. 3.8.1, with a significant list of changes, improvements and bug fixes. SCP (really ssh) servers are available for most platforms and interoperate between different OSes. Check out WinSCP.

New E-book: VFP Best Practices for the Next 10 Years

By on May 7, 2006 in FoxPro, Microsoft

Over at Shedding Some Light, Rick Schummer blogs VFP Best Practices E-book Available “Have you read some of the blog or forum posts touting the sessions at GLGDW 2006, and kicked yourself for not attending? Wish you had a second chance? Well Whil is giving you a second chance by releasing the session whitepapers as a new e-book: Visual FoxPro Best Practices for the Next Ten Years

What a great idea! I wish more of the conferences would offer their proceedings in electronic format! There is so much knowledge in those conference notes. While it’s nowhere near as good as attending the conference in person, these notes can be treasure troves of clever code and solutions.

Vista loses another feature

By on May 3, 2006 in Microsoft, Security

OSNews reports RSA: Microsoft To Shelve Token Support in Vista. “Microsoft has shelved plans to include built-in support for RSA Security’s tokens in Windows Vista, even though the company has been testing out the authentication technology for almost two years. In February 2004, Microsoft Chairman Bill Gates said that Windows would be able to support easy integration with RSA’s popular SecurID tokens. That meant businesses would find it far easier to deploy a two-factor authentication system for logging on to networks and applications. However, almost two years after the SecurID beta-testing program kicked off, RSA’s chief executive, Art Coviello, disclosed that Windows Vista will not natively support the technology.”

So, there were features left in Vista! Good thing Microsoft found them and removed them before shipping!

Microsoft encourages Office alternatives

By on April 30, 2006 in Microsoft, OpenSource

Microsoft Watch from Mary Jo Foley reports It Didn’t Take Long: Office Validation Program Goes Live. “Just days after announcing its plans to attempt to thwart Office piracy by using the same kind of validation mechanism it has instituted for Windows, Microsoft posted for download the first Office Genuine Advantage (OGA)validated component.”

I can’t think of a better way to get folks to look at the alternatives to Microsoft Office – Corel WordPerfect Office, IBM/Lotus SmartSuite, Sun StarOffice, OpenOffice.org, Apple’s iWork and AppleWorks, and other tools – than to treat them as criminal suspects and to prevent the “extended try-ware” rationalization we’ve all heard once or twice. People need to recognize that MS Office is no big deal and that there are a lot of other packages that can meet their needs with less hassle, less cost, less malware and perhaps even an open and standardized office data interchange format. There’s nothing to lose but the shackles!

A sign of changing times

By on April 28, 2006 in LAMP, Microsoft, OpenSource, Security

Netcraft notes that “Apache has overtaken Microsoft as the leading developer of secure web servers. Apache now runs on 44.0% of secure web sites, compared to 43.8% for Microsoft.” Yet another sign of the tide turning. Interesting article with several trends explaining the shift, and a great graph. Read the entire article here

SMTP Good; MAPI Bad

By on April 27, 2006 in Microsoft, Security

Microsoft Watch from Mary Jo Foley asks “Is Microsoft Engaging in ‘Borderline Extortion’ with Security Disclosures?” “We have to admit, zero-day Internet Explorer vulnerabilities just don’t shock us any more. But the harsh words of security researcher Michal Zalewski, regarding Microsoft’s policies for dealing with vulnerabilities, did make us stand up and take notice.”

In very related news, eWEEK.com is reporting Microsoft Rocked by New IE Zero-Day Flaw Warning. “Microsoft is scrambling to address the public disclosure of a new zero-day vulnerability that could put Web surfers at risk of code execution attacks.”

Microsoft ships v. 2.0 of MS06-015 patch

By on April 26, 2006 in Microsoft, Security

In a fairly unusual move, Microsoft has re-released MS06-015, Vulnerability in Windows Explorer Could Allow Remote Code Execution (908531). Microsoft sent out an email to let folks know about that. Amazingly, while explaining why they were re-issuing the patch, they never mention what the patch is, nor specifically what went wrong, nor who should apply the new patch:

This bulletin has been re-released to
advise customers that revised versions of the security update
are available for all products listed in the “Affected Software”
section. Customers who have already applied the MS06-015 update
who are not experiencing the problem need take no action.

Here’s the quick scoop: Windows Explorer (the desktop, not the browser) has fundamentally changed the way it launches programs, and some programs that hooked into that behavior, including Hewlett-Packard’s “Share-to-Web”, older NVIDIA graphics drivers, Kerio firewall, and others, would fail to operate properly, lock up, or freeze after files are saved, especially to “My Documents” or other special folders. This patch allegedly fixes the problem.

Get Patching! Good Luck!

Microsoft keeping secrets from the good guys

By on April 19, 2006 in Microsoft, Security

From Microsoft Watch from Mary Jo Foley: Is Microsoft’s Silent Treatment Appropriate for Patches?. “Microsoft says it is withholding certain details on security vulnerabilities to protect customers from bad guys. But critics say Microsoft’s cone of security silence only increases the risk for everyone.”

An interesting article. It claims that Microsoft is keeping its bug count artificially low by silently slipstreaming multiple bug fixes into the patches and, worse, not disclosing the details even to their “trusted partners.” The bad guys know what’s patched. Why shouldn’t we? Shouldn’t “Trustworthy Computing” require more transparency than this?

Older posts Newer posts

Powered by WordPress. Designed by Woo Themes

This work by Ted Roche is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 United States.