Archive | Microsoft

Exploits in the wild for Microsoft’s August patches

By Ted Roche on August 12, 2005 in Microsoft

Slashdot post: Exploits Circulating for Latest Windows Holes. 1sockchuck writes “Exploits are already circulating for at least two (and possibly four) of the Windows security holes addressed in Microsoft’s updates on Tuesday. Several working exploits have been released for a new vulnerability in Windows Plug and Play technology, which could be used to spread a worm targeting Windows 2000 machines, according to eEye security, which has released a free scanner to help network admins identify vulnerable computers.”

Keep patching! If you were quick on the draw initially, you might have run into trouble as some of the patch files were corrupted, but Microsoft fixed that problem.

Demoronate your .Doc to .html

By Ted Roche on August 10, 2005 in Microsoft, OpenSource

Slashdot includes an interesting question on Sanely Moving from Word to the Web? where the poster asks how to convert Microsoft Word documents to clean and valid HTML files. HTML Tidy is a thing I’ve used in the past and is mentioned. A new one to me is the aptly-named demoroniser.

What’s on the Vista this week?

By Ted Roche on August 10, 2005 in Microsoft

Microsoft Watch from Mary Jo Foley opines that Microsoft Needs to Come Clean About Vista. “Before Beta 1 went out, Microsoft officials would say little about the next Windows release. But now it’s time to talk turkey… What is Microsoft gaining from hiding the fact that some of the features originally slated for Vista and Longhorn Server have been pulled from the products?”

As I pointed out last week, it’s not a beta until it’s feature-complete. Microsoft is showing off a prototype, a demo. When they have the new UI in place, and lock down the features they plan to actually ship, then it is time for beta evaluation and testing. At this point, it’s just idle promises from a company that might ship something 16 months in the future…

What’s wrong with this HTML?

By Ted Roche on August 10, 2005 in Microsoft, Technology

Internet Explorer (version 6.0.2900.2180.xpsp_sp2_gdr.050301-1519IC – I swear I am not making that up!) reports “Problems with this Web page might prevent it from being displayed properly or functioning properly. In the future, you can display this message by double-clicking the warning icon displayed in the status bar.” The same page loads fine without error in FireFox 1.06, Mozilla 1.7.1, Opera 8.01 and Safari 2.0 (412.2). The page validates correctly using the W3C HTML validator as Transitional HTML 4.01. On Laura’s machine, IE says there’s an error on line 2, without further information. It seems suspicious that IE is the only one to detect an “error.” Can anyone spot the error on this page? (Besides grammar, syntax and content, wise guys 🙂

UPDATE: Found it. Of course, it was a trick question. There was nothing wrong with the HTML. And it was nothing I changed that caused the problem to appear, despite the proximity of changes to the error being found.

There was a small JavaScript call at the end of the third column that looked like this:

<script language="javascript" type="text/javascript" src=" http://technorati.com/embed/cddjc96gix.js"> </script>

And would generate a response that looked like this:

All of the other browsers (FireFox, Safari, Opera 6 and 8, Camino, Mozilla 1.7.1 and 1.7.11) would gracefully ignore the comment and work fine.

IE, otoh, not only failed, but failed with a miserable error message that gave no clue what document had the error. If the error handler had indicated the JavaScript interpreter had the problem, I could have nailed this in a couple of minutes. Rack this up to lousy error messages, the bane of debugging everywhere!

Microsoft’s Patch Tuesday, August

By Ted Roche on August 10, 2005 in Microsoft

Last night, Microsoft released its monthly batch of security patches. They include 3 Critical Updates, one Important and two Moderate Security Bulletins. They include:

CRITICAL

* MS05-038 – Cumulative Security Update for Internet Explorer (896727) – Yet another security rollup for Internet Explorer, affecting Win2k and Up (and likely down)

* MS05-039 – Vulnerability in Plug and Play Could Allow Remote Code Execution and Elevation of Privilege (899588) – Puts a whole new meaning in “play,” doesn’t it?

* MS05-043 – Vulnerability in Print Spooler Service Could Allow Remote Code Execution (896423) – Just when you thought it was safe to print…

IMPORTANT

* MS05-040 – Vulnerability in Telephony Service Could Allow Remote Code Execution (893756)

MODERATE

* MS05-041 – Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (899591)

* MS05-042 – Vulnerabilities in Kerberos Could Allow Denial of Service, Information Disclosure, and Spoofing (899587)

RE-RELEASES

Re-released this month, with updates for additionally affected platforms and updated patches are:

* MS05-023 – Vulnerabilities in Microsoft Word May Lead to Remote Code Execution (890169) – noting that the Word 2003 Viewer is also in danger

* MS05-032 – Vulnerability in Microsoft Agent Could Allow Spoofing (890046) – Noting that there is a revised update available for x65-based systems.

So, the count is up to 43 Security Bulletins so far this year. It’s the 33rd week of 2005. Trustworthy Computing continues…

Get details on all the latest bulletins and tools from Microsoft at http://www.microsoft.com/technet/security — and get patching!

Rick Strahl weighs in on AJAX

By Ted Roche on August 4, 2005 in Microsoft, Technology

Andrew MacNeill – AKSEL Solutions points to Past the AJAX Hype – Some things to think about – Rick Strahl’s WebLog. As usual, Rick has played with the new stuff, and given some thought to what’s just bright-and-shiny silliness and what provides real value for the developer and customer.

Microsoft promises to try harder with IE7

By Ted Roche on August 2, 2005 in Microsoft, Technology

Microsoft Watch from Mary Jo Foley posts Microsoft’s CSS Plans for IE 7 Draw Cheers, Jeers. “Although it won’t fix most of its CSS-related bugs until Beta 2, Microsoft is going public with what it expects to deliver, standards-wise, by the time Internet Explorer 7.0 ships. Acid2 test compliance isn’t on the short list.”

It’s great to hear that IE 7 will attempt closer compliance with the standards. It means that those of us who surf with Safari, Konqueror, FireFox, Opera, Camino or other browsers will have a better chance of getting web pages that look right and work right. Microsoft won’t promise 100% standards compliance; it’s unlikely there is any browser that means that lofty goal. It’s not even clear that experts agree on what 100% compliance is.

Seeing behavior from Microsoft that looks a lot like standards compliance raises hopes. Perhaps Microsoft can grow to assume the responsibilities it should shoulder as the industry leader and stop trying to monopolize markets with “Embrace-Enhance-Extend-Extinguish” tactics. Or perhaps I’m just a hopeless optimist…

Microsoft Vista Beta One: We Were Only Kidding…

By Ted Roche on August 1, 2005 in Microsoft

OSNews posts The Whys, Whats and Whens of Vista. Head of all things Windows at Microsoft, Jim Allchin provides a heads up on the operating system formerly known as Longhorn: “Most of the stuff that we would expect that tech enthusiasts and consumers will be interested in will happen at Beta 2. Beta 1 is not what I would call deeply interesting unless you are a real bithead”.

I probably haven’t griped for 24 hours or so how wrong this is. Microsoft “ships” a product, in the sense that the reviewers (and likely anyone who cares) can evaluate it, and it’s not even out the door before Microsoft is saying that none of this is final, that the “good bits” are in Beta 2, the UI comes later, you just wait, we’ll get it right next time. They’re just throwing it against the wall, seeing who says “ooh” and “ah” and then they’ll ship another one. What’s the point of wasting your time looking at something they promise isn’t final?

Novell: SCO owns no copyright, and we ought to get all their licensing money

By Ted Roche on July 30, 2005 in Microsoft, OpenSource, Technology

OSNews points to a Groklaw article: Novell Files Countersuit Against SCO. “Today, Novell has answered SCO’s complaint alledging Novell slandered SCO’s ownership of the Unix copyrights. Novell claims that SCO approached Novell in 2003 to try and pursuade them to go along with the Linux Licensing Scheme. When Novell refused, SCO attempted to talk Novell into transfering the Unix Copyrights to SCO, which Novell also refused to do. Novell has also filed four counterclaims against SCO, one of them being Slander of Title (for SCO slandering Novell’s ownership of the Unix Copyrights).”

Delicious. If accepted, Novell should earn all the monies SCO got from “licensing” rights to software it didn’t own, plus penalties. Looking forward to the next step.

Dvorak: struggling to make sense of Creative Commons

By Ted Roche on July 27, 2005 in Microsoft, OpenSource, Technology

Doc Searls’ IT Garage – notes Barning Creative Commons. “John C. Dvorak is one of the most interesting, informative and entertaining journalists in the history of the computer business. He is also something of a troll.”

To think at one time my career aspiration was to be the next Dvorak. Luckily, I got over it. Sadly, John never did.

P.S. If that one doesn’t hit your hot button, try “Windows Vista: Where’s the Buzz?” At least John’s an equal-opportunity troll.

Older posts Newer posts

Navigation