Microsoft promises lightweight Patch Tuesday
Microsoft will issue two bulletins addressing eight flaws in Windows and Office for this month’s Patch Tuesday.
Both bulletins are listed as important – Microsoft’s second highest alert rating – and will address flaws that could allow remote code execution in all supported versions of Office on Windows and Mac OS X, and Windows XP and higher.
There was no word on a fix for the VBScript security issue exposed earlier this week, which allows hackers to hijack a user’s computer by getting them to press F1 on a phony site. However, announcing the bulletins on Microsoft’s security blog, senior security communications manager Jerry Bryant said that Microsoft would continue to monitor the situation.
Full Story: PC Pro (UK)
Apple topples Microsoft for mobile share
Apple demonstrated its growing clout in the mobile space when it knocked Microsoft off for third place in global smartphone sales last year, according to Gartner’s latest report.
Apple’s market share grew by 6.2 percent from 2008, to sell 24 million iPhones for 14.4 percent of the market. Microsoft’s Windows Mobile devices had 8.7 percent market share, with 15 million devices sold.
Overall, worldwide mobile phone sales reached 1.21 billion units last year, a 0.9 percent decline from the year before.
However, smartphone sales grew strongly, up 23.81 percent over the year before to reach 172.4 million units, said Carolina Milanesi, research director at Gartner, in the report.
Milanesi highlighted Apple and Research in Motion’s (RIM) performance in capturing market share with their smartphone portfolios. RIM had 19.9 percent of this market.
Of the overall mobile market, Nokia was still the number one phone vendor with a 36.4 percent share, having shipped 441 million handsets. This, however, represented a 2.2 percent market share drop over 2008.
The Finnish outfit also dominated in the Asia-Pacific mobile space, with a 40.8 percent share comprising 197,000 phones sold, over second place holder Samsung with 15 percent and 72 million shipped. Asia Pacific, in contrast to the flat global market, saw a total of 483.5 million devices sold last year, up 6.7 percent from 453.1 million in 2008.
Full Story: ZDNet Asia
Windows patch cripples XP with blue screen, users claim
Tuesday’s security updates from Microsoft have crippled Windows XP PCs with the notorious Blue Screen of Death (BSOD), users have reported on the company’s support forum. Complaints began early yesterday, and gained momentum throughout the day.
“I updated 11 Windows XP updates today and restarted my PC like it asked me to,” said a user identified as “tansenroy” who kicked off a growing support thread. “From then on, Windows cannot restart again! It is stopping at the blue screen with the following message: ‘A problem has been detected and Windows has been shutdown to prevent damage to your computer.’”
Others joined in with similar reports. “There is something seriously wrong with the update. I can’t even open in safe mode,” said “Ghellow,” referring to Windows diagnostic mode that’s often a last-chance way to boot a PC.
Full Story: Computer World
Microsoft to patch 17-year-old computer bug
A 17-year-old bug in Windows will be patched by Microsoft in its latest security update.
The February update for Windows will close the loophole that dates from the time of the DOS operating system.
First appearing in Windows NT 3.1, the vulnerability has been carried over into almost every version of Windows that has appeared since.
The monthly security update will also tackle a further 25 holes in Windows, five of which are rated as “critical”.
Home hijack
The ancient bug was discovered by Google security researcher Tavis Ormandy in January 2010 and involves a utility that allows newer versions of Windows to run very old programs.
Mr Ormandy has found a way to exploit this utility in Windows XP, Windows Server 2003 and 2008 as well as Windows Vista and Windows 7.
The patch for this vulnerability will appear in the February security update. Five of the vulnerabilities being patched at the same time allow attackers to effectively hijack a Windows PC and run their own programs on it.
Full Story: BBC News
Researcher to Reveal More Internet Explorer Problems
Microsoft’s Internet Explorer could inadvertently allow a hacker to read files on a person’s computer, another problem for the company just days after a serious vulnerability received an emergency patch.
The problem was actually discovered as long as two years ago but has persisted despite two attempts by Microsoft to fix it, said Jorge Luis Alvarez Medina, a security consultant with Core Security Technologies. He is scheduled to give a presentation at the Black Hat conference in Washington, D.C., on Feb. 3.
The issue could allow a hacker to read files on a person’s computer but not install other code. Nonetheless, the problem represents a serious security issue, Medina said. It affects all of Microsoft’s operating systems from Windows NT through Windows 7 and every version of IE, including the latest one, IE8.
Full Story: PC World
Microsoft Terminated Us For Not Participating In An Orgy
EIM, an Israeli software distributor is suing Microsoft for terminating their partnership after they refused to participate in a drug and sex party.
According to Globes(Hebrew), EIM, once one of the largest Microsoft distributor in Israel, claims that Microsoft sponsored a cruise for its Israeli and and Turkey distributors. On this cruise they claim there were women paid by Microsoft to have sex with the guests, activity that was encouraged by Microsoft stuff. Also in this alleged party Microsoft representatives encouraged participants to use what looked like illegal substance.
According to the claim, EIM’s personnel refused to participate in the drug and sex party which caused Microsoft to cancel their agreement and terminate their distributor license, which caused EIM a 50% loss in revenue.
Microsoft claims that the license termination was due to incorrect sales reports by EIM, and even called it fraud.
Microsoft refused to comment about the sex party allegation saying the claims are not worthy of a response.
Full Story: globes.co.il
Mozilla Endorses Bing Over Google Privacy Issues
A Mozilla official last week pointed Firefox users to the extension that adds Microsoft’s Bing search engine
to the list of the browser’s search engines after Google’s CEO downplayed consumers’ privacy concerns.
Citing a clip from a CNBC broadcast last Friday, during which Google chief executive Eric Schmidt discussed online privacy, Asa Dotzler, Mozilla’s director of community development, provided a link to the Firefox extension that adds Bing to Firefox’s search engine list. “Here’s how you can easily switch Firefox’s search from Google to Bing,” said Dotzler in an entry on his personal blog today. The link he included leads to the Bing search add-on .
During the interview, Schmidt was asked: “People are treating Google like their most trusted friend…should they be?” It was Schmidt’s answer that motivated Dotzler to show users how to drop Google, Firefox’s default search engine, for rival Bing.
Full Story: PC World
Security firm retracts ‘black screen’ claims, apologises
The UK security company that started a firestorm after claiming recent Windows security updates caused a widespread “black screen” lock-out of users’ PCs has retracted its claims and publicly apologized to Microsoft.
“It is clear that our original blog post has been taken out of context and may have caused an inconvenience for Microsoft,” Mel Morris, the chief executive of UK security firm Prevx, said in an entry on the company’s blog on Wednesday . “This was never our intention and we have already apologised to Microsoft.”
Morris’ blog post was the second in two days that included an apology to Microsoft. The first, written yesterday by Jacques Erasmus, Prevx’s director of research, said that Microsoft’s patches were not to blame; he instead pinned responsibility for the black screens on malware infections.
Full Story: Computer World (NZ)
Microsoft Windows 7 ‘Black Screen of Death’ blamed on malware
Microsoft said that malicious software is to blame for technical problems that have caused Windows 7 computers to crash
Some experts had initially suspected that a recent Windows security update could be to blame for the glitch, which causes desktop icons and the start menu to disappear from computers after users log on, leaving them with a black screen.
Engineers at software company Prevx said that the patch could have caused a glitch in the Windows system registry, leading to performance issues. The “black screen” crash appeared to affect computers running the most recent Windows operating system, Windows 7, as well as older platforms, including Windows Vista and Windows XP.
But Microsoft said that malicious software, rather than a security update, was the likely cause of the problem.
“We’ve conducted a comprehensive review of the November Security Updates, the Windows Malicious Software Removal Tool, and the non-security updates we released through Windows Update in November,” said Microsoft. “That investigation has shown that none of these updates make any changes to the permissions in the registry. Thus, we don’t believe the updates are related to the ‘black screen’ behaviour described in these reports.”
Prevx apologised for its earlier assertion that the security patch could be to blame. “We’ve been working with Microsoft to get to the bottom of the specific black screen issues. We have made some significant progress in determining specific triggers of the black screen event,” said the company.
Full Story: Telegraph.co.uk
Patches Cause Windows ‘Black Screen of Death
Microsoft today confirmed that it is looking into reports that November’s security updates have triggered a black screen on some Windows users’ PCs.
“Microsoft is investigating reports that its latest release of security updates is resulting in system issues for some customers,” said a company spokesman in an e-mail Monday. “Once we complete our investigation, we will provide detailed guidance on how to prevent or address these issues.”
The reports Microsoft alluded to stemmed from U.K.-based security vendor Prevx, which claimed last Thursday that the Windows security updates issued on Nov. 10 changed Access Control List (ACL) entries in the registry, preventing some installed software from running properly. The result, said Prevx, is a black screen , sometimes dubbed “black screen of death” in a sop to the “blue screen of death” that Windows puts up after a major system crash.
Full Story: PC World
