Archive

Posts Tagged ‘windows’

Windows 7 critical holes fixed in Microsoft’s biggest Patch Tuesday

win7

Microsoft released a record number of 13 bulletins for 34 vulnerabilities on Patch Tuesday and the first critical update for Windows 7, as well as fixes for zero-day flaws involving Server Message Block (SMB) and Internet Information Services (IIS).

The most severe of the three SMB flaws, which were first reported on last month, could allow an attacker to take control of a computer remotely by sending a specially crafted SMB packet to a computer running the Server service. Exploit code for one of the SMB holes has been posted to the Web, Microsoft said.

Windows 7 is affected by two critical patches that fix vulnerabilities that could allow remote code execution if a malicious Web page were viewed, one part of a cumulative security update for Internet Explorer and the other in .NET Framework and Silverlight.

Windows 7 was finalized in July and is due to go on sale Oct. 22.

Other critical patches fix in the security bulletin for October a vulnerability in Windows Media Runtime that could be exploited if a user opened a malicious media file or received malicious streaming content from a Web site or application, and if a specially crafted ASF (Advanced Systems Format) file is played using Windows Media Player 6.4.

Among the critical updates was a cumulative security update of ActiveX Kill Bits that is being exploited that affects ActiveX controls compiled using Active Template Library (ATL) and another patch resolving several vulnerabilities in ATL ActiveX Controls that could allow remote code execution if a user loaded a malicious component or control. ActiveX and ATLs were the subject of an emergency patch Microsoft released in July.

The final critical bulletin fixes a hole in Windows GDI+ (Graphics Device Interface) that could allow an attacker to take control of a computer if user viewed a malicious image file using affected software or browed a malicious Web page.

“Microsoft has repeatedly had to fix problems related to the Graphics Device Interface in Windows and vulnerabilities in the component have been exploited broadly in the past. We can expect that security researchers will be looking to reverse engineer today’s patches, which may very well lead to exploits being created,” said Dave Marcus, director of security research and communications at McAfee Labs.

Nine of the vulnerabilities were previously disclosed, which meant that attackers had time to come up with so-called “zero-day” exploits before the patches were available, Marcus noted.

The most alarming vulnerability in the mix is the SMB flaw, which according to the person who discovered it was introduced by the patch for a different vulnerability, according to Josh Phillips, virus researcher at Kaspersky Lab.

Andrew Storms, director of security operations at nCircle, said the but that is likely to have teh biggest impact will be the critical one affecting Windows Media Runtime and which involves a speech codec bug that has limited exploits in the wild. “This is a typical file parsing issue and similar to vulnerabilities have allowed attackers to create drive-by attacks that infect unsuspecting video viewers,” he said.

Meanwhile, the critical SMB vulnerability is relatively difficult to exploit given default firewall conditions, but the IIS bugs are easy to exploit, Storms added.

Also released were five bulletins rated “important” to fix vulnerabilities in IIS, for which exploit code has been publicly released and there have been limited attacks, Windows CryptoAPI, Windows Indexing Service, Windows Kernel and Local Security Authority Subsystem Service.

The update for Windows CryptoAPI relates to flaws in the way domain names are verified on the Internet that could allow attackers to impersonate a site and steal information from unsuspecting Web surfers. The holes were revealed by researchers Dan Kaminsky and Moxie Marlinspike at Defcon in August.

Affected software is Windows 7, Windows 2000, XP, Vista, Server 2003 and 2008, Office XP, Office 2003 and 2007Microsoft Office System, SQL Server 2000 and 2005, Silverlight, Visual Studio .NET 2003, Visual Studio 2005 and 2008, Visual FoxPro 8.0 and 9.0, Microsoft Report Viewer 2005 and 2008, Forefront Client Security 1.0, and Office software including Visio, Project, Word Viewer and Works.

The installation also removes the Win/FakeScanti Trojan that claim to scan a system for malware and claim to find it in order to get money from computer users.

Advertisements
Categories: windows 7 Tags: , ,

Windows Server 2008 R2 RTM Download Live

WindowsServer2008Logo

Windows Server 2008 R2 editions are now available for download on the MSDN, TechNet and Microsoft licensing Web site.  While Windows Server 2008 R2 reached the RTM milestone the same day as Windows 7 it has taken a back seat with Windows 7 RTM releasing first last week.  Now that the initial download surge of Windows 7 has passed Windows Server 2008 R2 has be released for all subscribers and VL customers.

Windows Server 2008 R2 64-bit Direct Download Links:

MSDN: Windows Server 2008 R2 Standard, Enterprise, Datacenter, and Web

TechNet: Windows Server 2008 R2 Standard, Enterprise, Datacenter, and Web

Volume License Customers:

Windows Web Server 2008 R2

Windows Server Standard 2008 R2

Windows Server Enterprise 2008 R2

Windows Server DataCenter 2008 R2

Download Microsoft Windows 7 90-Day Evaluation VHD

Windows

The Microsoft VHD Test Drive Program provides customers with an enhanced server-based software evaluation experience that’s faster, better supported and more flexible.

This download helps you evaluate the new features of Windows 7, Windows 7 has better ways to find and manage files—like Jump Lists and improved taskbar previews—to help you speed through everyday tasks.

This is a preconfigured virtual machine set contained within the Virtual Hard Disk (VHD) format. Windows Server 2008 Hyper-V, Microsoft Hyper-V Server 2008, or the R2 versions of these products is required to use this virtual machine. Please refer to the system requirements section for more details.

Click Download details: Windows 7

Categories: windows 7 Tags: , ,

What’s Compatible with Windows 7?

October 12, 2009 1 comment

win7

For most people, there won’t be any compatibility issues when making the move to Windows 7, especially since the new OS – like Vista –  allows you to run applications in a special “compatibility mode” if needed. That mode is available from the program’s “Properties” (right-click the executable to access) on the Compatibility tab.

However, there’s still a chance that some legacy programs may not work on Windows 7 or may only function in Windows XP Mode, the new feature that lets you run XP-only apps right in Windows 7. If you’re unsure about any of your applications, you may want to check the new Windows 7 Compatibility Center. Although not live yet, this site will soon feature an extensive list of applications and their compatibility status.

The site will officially launch on October 22nd – the same day Windows 7 goes live. It’s definitely worth bookmarking if there are any apps you’re concerned about.

Categories: Latest News Tags: , ,

Microsoft adds free root certificate authority to Windows

security

A couple of weeks ago some very interesting Windows news flew by under the radars that I think deserves much more credit than it received, considering how much we rely on the web and the impact this has on making it safer.

In the September 2009 update to the Windows Root Certificate Program, Microsoft has added to the list of trusted root certificate authorities StartCom Ltd, notably its first member who issues amongst others free Class 1 digital certificates.

What this means in practice is that out-of-the-box in Windows 7and if installed as an optional patch under Windows Vista and XP, free digital certificates issued by StartCom will be inherently trusted by the operating system and its applications.

Besides simple identification, one other benefit delivered by digital certificates is the ability to transparently encrypt and secure the connection to a server via HTTPS and this is what makes what Microsoft did so notable.

Up and until now the digital certificates market has been dominated by large corporations who charge quite a pretty penny for the privilege, limiting the use of HTTPS. Unfortunately at the same time due to the nature of digital certificates and the chain of trust, a limited number of root certificate authorities (CA) in operating systems such as Windows has limited the adoption of free digital certificates as offered by some companies like StartCom. Granted Firefox and Safari has supported many of the certificate authorities issuing free certificates for some time, Microsoft has not, until now.

With StartCom as a Windows root CA, web developers now have a practical free alternative for digital certificates if they wish to secure their websites or web services that by default works with Internet Explorer and other Windows applications.

Not only is this great for developers but even more so users who can look forward to more websites that encrypt the data they send to and receive from – reducing the risks of sniffing and man-in-the-middle vulnerabilities, especially when using wireless and public networks.

Categories: Latest News Tags: ,

Microsoft to fix first critical hole in Windows 7 on Tuesday

windows 7 Microsoft confirmed on Wednesday that the company plans to push out a security fix for a critical security hole in Windows 7 next Tuesday.

Microsoft officials posted an advanced security bulletin today that confirms Windows XP will have 6 critical holes patched, Windows Vista 5 critical holes and Windows 7 only one. Microsoft’s critical rating is the highest out of all definitions used by the company, described as “a vulnerability whose exploitation could allow the propagation of an Internet worm without user action.”

Microsoft will ship a total of 13 updates on Tuesday, eight of them marked as critical. Previously the company released a record of 12 updates in both February 2007 and October 2008. Next Tuesday will set a new record. This is Windows 7’s first critical patch and initial information suggests Internet Explorer 8 is at fault. Neowin will be live from the New York launch of Windows 7 on October 22 where Microsoft CEO Steve Ballmer will release Windows 7 to the world.

Categories: windows 7 Tags: , ,

Whats new in Windows Mobile 6.5 ?

windowsphone Windows Mobile 6.5 has made significant enhancements to business productivity, consumer messaging, andmobile Internet. It focuses on key areas to help partners target professionals and also target new consumer messaging positions for Windows phones. more…