Microsoft will issue 14 security bulletins on Tuesday to plug 34 holes, including eight that are critical, in Windows, Office, Internet Explorer, SQL and Silverlight, the company said on Thursday.
“This will be the most bulletins we have ever released in a month; we have released 13 bulletins on a couple of occasions,” Angela Gunn, security response communications manager at Microsoft, wrote in a blog post. “However, in total CVE [common vulnerabilities and exposures] count, this release ties with June 2010, so there’s no new record there.”
Affected software includes: Windows 7; Windows XP; Vista; Windows Server 2003 and 2008; Windows Server 2008 release 2; IE 6, 7 and 8; Office XP Service Pack 3; Office 2003 Service Pack 3; 2007 Microsoft Office System Service Pack 2; Office 2004 and 2008 for Mac; Office Word Viewer; Office Compatibility Pack for Word, Excel and PowerPoint; 2007 File Formats Service Pack 2; Microsoft Works 9; and Silverlight 2 and 3.
The IE, Office, and Silverlight updates fix an increasingly used type of flaw “where attackers and malware go through the installed applications rather than through the core operating system,” said Qualys CTO Wolfgang Kandek.
Archive
Tag: Microsoft
A few days after announcing that Windows XP SP2 would no longer be supported, Microsoft on Monday announced the availability of a beta version of its Service Pack 1 update to Windows 7.
Intended for business computing professionals, the single update package simultaneously addresses Windows Server 2008 R2, which uses the same core code base as Windows 7. Microsoft made the announcement on the first day of its Worldwide Partner Conference (WPC) in Washington D.C.
Microsoft had discussed the coming service pack back in March at the company’s Desktop Virtualization Hour event, but no release date was divulged at that time. Then just last month at Tech Ed 2010 Bob Muglia, Microsoft’s president of Server and Tools Division, announced that the public beta of the service pack would appear in July, without getting more specific.
According to Microsoft’s TechNet site targeting IT professionals, “This early release of Windows 7 and Windows Server 2008 R2 SP1 Beta is not available for home users. The SP1 Beta does not provide new end-user features, and installation is not supported by Microsoft.” In fact, as has mostly been the case with recent Windows service packs, this first Windows 7 update is made up of previous fixes already delivered through Windows Update.
Robbie Bach, 48, will retire by year’s end from his post as president of the Entertainment and Devices Division.
Entertainment devices chief technology officer James “J” Allard will also leave Microsoft, becoming a strategic adviser to chief executive Steve Ballmer.
Don Mattrick will remain head of Microsoft’s Interactive Entertainment Business and Andy Lees will stay in charge of the Mobile Communications Business but both men will report directly to Ballmer as of July 1.
“I’ve been so fortunate to spend more than two decades of my life working with incredible people and doing amazing things like launching Office, Xbox and Xbox Live, the ‘Halo’ franchise, Windows Phones, Zune and more,” said Bach.
A federal judge in Alexandria, VA, granted Microsoft’s request for an order to deactivate 277 Internet addresses, or domain names, that the company linked to a “botnet“—an army of tens of thousands of PCs around the globe, infected with malicious code that allows them to be harnessed for nefarious purposes.
Microsoft on Monday filed a suit that targets a botnet identified as Waledac. It accuses 27 unnamed “John Doe” defendants of violating federal laws against computer crime.
In a private hearing that day, Microsoft attorneys asked U.S. District Judge Leonie Brinkema to issue a restraining order under seal—a rare move in civil cases of this nature—to allow the company to secretly sever communications channels to the botnet before its operators could reestablish links to the network.
“We have a high degree of confidence this will be major blow to this botnet,” said Richard Boscovich, a senior attorney in Microsoft’s digital crimes unit and a former federal prosecutor for 18 years.
Microsoft Security Bulletin MS10-015 goes into further detail about the flaw being patched: “The vulnerabilities could allow elevation of privilege if an attacker logged on to the system and then ran a specially crafted application. To exploit either vulnerability, an attacker must have valid logon credentials and be able to log on locally. The vulnerabilities could not be exploited remotely or by anonymous users.” The security update is rated Important on the versions of Windows it patches: Windows 2000, Windows XP (32-bit and 64-bit), Windows Server 2003 (32-bit and 64-bit), Windows Vista (32-bit and 64-bit), Windows Server 2008 (32-bit and 64-bit), and Windows 7 (32-bit).
The majority of users who are complaining about the issue are on Windows XP, but some users in the thread mention this occurs for them on Windows Server 2003 and Windows Vista. Those running Windows 2000, Windows Server 2008, and Windows 7 have yet to report problems, though the issue is fairly new so it’s still possible that as more and more users install the update, the BSOD will creep up on the remaining versions of Windows as well. We have yet to see the problem occur, as most of our systems and those of our peers are running Windows 7 64-bit or Windows Server 2008 R2.
This was a day after the plaintiffs and Microsoft agreed to drop the lawsuit. “This case has been dismissed, and we are pleased it was resolved successfully,” a Microsoft spokesperson told Ars. The move means Redmond has managed to avoid hundreds of millions in potential damages. In January, Microsoft was told it had until February 12, 2010 to submit its expense list to the court but as part of the stipulation to dismiss the case, however, the plaintiffs and Microsoft agreed that each would pay their own attorneys’ costs and fees.
This download provides the DirectX end-user multi-languaged redistributable that developers can include with their product. The redistributable license agreement covers the terms under which developers may use the Redistributable. For full details please review the DirectX SDK EULA.txt and DirectX Redist.txt files located in the license directory.
System Requirements
- Supported Operating Systems: Windows 7; Windows Server 2003; Windows Server 2008; Windows Vista; Windows XP 64-bit; Windows XP Service Pack 3
Additional Information
- The DirectX redist installation includes all the latest and previous released DirectX runtime. This includes D3DX, XInput, and Managed DirectX components.
- The DirectX runtime cannot be uninstalled. We recommend Windows Me and Windows XP users create a “System Restore” point before installing. For information on creating a restore point, please refer to the following Microsoft Knowledge Base articles: Windows XP: Microsoft Knowledge Base article 310405.
- This update is recommended for users that do not have internet connection during installation
- If you would like the websetup version of the runtime package, please click here.
- Starting with Febraury 2007 SDK release – The redist no longer supports Win9x
A computer operating system is like a desk. It should be comfortable to work at; sturdy and stable; handsome to look upon, but not distracting; it should be able to store files and tools away when not in use, but keep them accessible when you need them. But above all else, an OS should get out of the way and let you get your work done. Now imagine if your desk were enormous—taking up a significant portion of the room you keep it in. To get started working requires unfoldings, knob-twistings and other complex procedures. When you finally are seated, you open a drawer on your desk to get a new pen and the drawer instantly snaps shut on you, saying “Do you really want to use that pen? It’s new and I don’t know where it came from.” Then you say, “Yes, I bought the pen and I’d like to use it. I know where it came from.” And then your desk replies, “All right, fine. Use the pen, but before you do, I want to make sure that I’ve expressed my reservations about that pen. It’s a fountain pen and those have been known to explode and shoot ink all over the place. You’ve been warned.”
It sounds silly, but that’s exactly the problem with Windows Vista, a big, creeping, cumbersome embarrassment for Microsoft the past few years. The worst part is that Vista was an honest attempt to deal with the consequences of the success of Microsoft’s Windows XP’. The ubiquity of Windows has made it a frequent target of cyber attackers and criminals, and the reviled User Account Control was intended to create a barrier so no program could install itself on your computer without your consent. The world got more dangerous, so Windows got more protective. The slow boot time and bloated size of Windows were consequences of the system’s need to be a photo viewer, media player, e-mail client and movie editor. And because, unlike Apple’s Macintosh OS, Windows is built to support thousands of potential computers with millions of potential peripherals, it must have generic support for most of those things built in.
InformationWeek – Microsoft is offering the Home Premium version of its new Windows 7 operating system to college students for just $30. The OS usually sells for $119.
In order to qualify, students must enter their college or university e-mail address into a special Web site that Microsoft has established in partnership with distributor Digital River for the promotion.
Microsoft said it also may require proof of enrollment, but it was not immediately clear how rigidly the software maker plans to enforce the policy.
The Web site also features a link to Microsoft’s online Upgrade Advisor, which students can use to verify that their PCs are capable of running Windows 7.
What’s not known is whether scholastic IT departments will support Windows 7 when it debuts on Oct. 22nd. Many held off supporting Windows Vista when it debuted in early 2007 due to concerns about application compatibility.
Earlier this week, Microsoft said it plans to release a set of tools in late October designed to help organizations, including academic institutions, deploy Windows 7.