Slashdot Mirror

← Back to Domains

Domain: technet.com

Stories and comments across the archive that link to technet.com.

Stories · 141

  1. Flame Malware Hijacks Windows Update

    It · Microsoft · · posted by timothy · from the trustworthy-computing-of-course dept. · 268 comments
    wiredmikey writes "As more research unfolds about the recently discovered Flame malware, researchers have found three modules – named Snack, Gadget and Munch – that are used to launch what is essentially a man-in-the-middle attack against other computers on a network. As a result, Kaspersky researchers say when a machine attempts to connect to Microsoft's Windows Update, it redirects the connection through an infected machine and it sends a fake malicious Windows Update to the client. That is courtesy of a rogue Microsoft certificate that chains to the Microsoft Root Authority and improperly allows code signing. According to Symantec, the Snack module sniffs NetBIOS requests on the local network. NetBIOS name resolution allows computers to find each other on a local network via peer-to-peer, opening up an avenue for spoofing. The findings have prompted Microsoft to say that it plans to harden Windows Update against attacks in the future, though the company did not immediately reveal details as to how." And an anonymous reader adds a note that Flame's infrastructure is massive: "over 80 different C&C domains, pointed to over 18 IP addresses located in Switzerland, Germany, the Netherlands, Hong Kong, Poland, the UK, and other countries."

  2. Microsoft Certificate Was Used To Sign Flame Malware

    News · Microsoft · · posted by samzenpus · from the signing-dirty dept. · 194 comments
    wiredmikey writes "Microsoft disclosed that 'unauthorized digital certificates derived from a Microsoft Certificate Authority' were used to sign components of the recently discovered Flame malware. 'We have discovered through our analysis that some components of the malware have been signed by certificates that allow software to appear as if it was produced by Microsoft,' Microsoft Security Response Center's Jonathan Ness wrote in a blog post. Microsoft is also warning that the same techniques could be leveraged by less sophisticated attackers to conduct more widespread attacks. In response to the discovery, Microsoft released a security advisory detailing steps that organizations should take in order block software signed by the unauthorized certificates, and also released an update to automatically protect customers. Also as part of its response effort, Microsoft said its Terminal Server Licensing Service no longer issues certificates that allow code to be signed."

  3. Windows 8: More EULA, Fewer Rights.

    Tech · Windows · · posted by Unknown · from the you-shall-submit dept. · 470 comments
    sl4shd0rk writes "Microsoft has adopted a brand new licensing scheme for Windows 8 which effectively removes your right to file a class-action lawsuit against them should you feel the need. '...Many of our new user agreements will require that, if we can't informally resolve the dispute, the customer bring the claim in small claims court or arbitration, but not as part of a class action lawsuit.' Class-action lawsuits are intended to help individuals stand up to corporate law-breaking but this new EULA model simply nullifies that course of action for the consumer."

  4. Microsoft Makes Ambitious Carbon Neutral Pledge

    Science · Earth · · posted by Soulskill · from the we-will-grow-a-rainforest-on-the-moon dept. · 178 comments
    Qedward writes "Chief operating officer Kevin Turner says Microsoft will be 'carbon neutral across all our direct operations including data centers, software development labs, air travel, and office buildings' from July 1, the start of the 2012 fiscal year. Turner added: 'We are hopeful that our decision will encourage other companies, large and small, to look at what they can do to address this important issue."

  5. Microsoft: Macs 'Not Safe From Malware, Attacks Will Increase'

    Apple · Macosx · · posted by timothy · from the what-a-huge-surprise dept. · 290 comments
    An anonymous reader writes "Microsoft researchers have analyzed a new piece of Mac malware that uses a multi-stage attack similar to typical Windows malware infection routines. In a post titled 'An interesting case of Mac OSX malware' the Microsoft Malware Protection Center closed with this statement: 'In conclusion, we can see that Mac OSX is not safe from malware. Statistically speaking, as this operating system gains in consumer usage, attacks on the platform will increase. Exploiting Mac OSX is not much different from other operating systems. Even though Mac OSX has introduced many mitigation technologies to reduce risk, your protection against security vulnerabilities has a direct correlation with updating installed applications.'"

  6. CEO of TuCloud Dares Microsoft To Sue His New Company

    News · Microsoft · · posted by Unknown · from the conversation-via-lawyer dept. · 109 comments
    Fluffeh writes "Word from Ars Technica is that OnLive, a service provider that seems to totally flout Microsoft licensing and offers iPad users a Microsoft Desktop for free (or a beefier one for $5) isn't being sued by Microsoft, as this blog quotes: 'We are actively engaged with OnLive with the hope of bringing them into a properly licensed scenario.' The people who are angry include Guise Bule, CEO of tuCloud. He accuses Microsoft of playing favorites with OnLive — whose CEO is a former Microsoft executive — while regularly auditing license compliance for companies like tuCloud that provide legitimate virtual desktop services. Bule is so mad that he says he is forming an entirely new company called DesktopsOnDemand to provide a service identical to OnLive's, complete with licensing violations, and dare Microsoft to take him to court. Bule hopes to force Microsoft into lifting restrictions on virtual desktop licensing that he says inhibit growth in the virtual desktop industry, and seem to apply to everyone except OnLive." One of the restrictions applied to licensed remote desktop providers is that each user must have his own dedicated machine (pretty onerous in the days of 16+ core servers costing a mere grand or two).

  7. Microsoft Files EU Antitrust Complaint Against Motorola Mobility

    Tech · Google_Fb · · posted by Unknown · from the evil-fighting-evil dept. · 148 comments
    judgecorp writes "Microsoft has filed a complaint with the European Commission complaining that Motorola Mobility is charging too much for use of its patented technology in phones and tablets. The complaint follows a similar one by Apple last week, and will need to be resolved by Google as it takes charge of Motorola Mobility."

  8. Microsoft Names Reputed Head of Kelihos Botnet

    It · Botnet · · posted by Unknown · from the framed-by-darpa-created-ai dept. · 30 comments
    wiredmikey writes with an update on Microsoft's takedown of the Kelihos botnet. From the article: "Microsoft is not just taking down botnets; it is taking them down and naming names. In an amended complaint [PDF] filed Monday in U.S. District Court for the Eastern District of Virginia, Microsoft named a man from St. Petersburg, Russia, as the alleged head of the notorious Kelihos botnet. Naming names can be a risky business. Previously, Microsoft alleged Dominique Alexander Piatti, dotFREE Group SRO and several unnamed 'John Does' owned a domain cz.cc and used cz.cc to register other subdomains used to operate and control the Kelihos botnet. However, the company later absolved Piatti of responsibility when investigators found neither he nor his business was controlling the subdomains used to host Kelihos. Whether naming Sabelnikov – who, according to Krebs on Security, once worked as a senior system developer and project manager for Russian antivirus vendor Agnitum, will have the same effect as naming the Koobface gang remains to be seen. Though Kelihos has remained defunct since the takedown last year, the malware is still on thousands of computers."

  9. Microsoft Pushes For Gay Marriage In Washington State

    Politics · Microsoft · · posted by Soulskill · from the taking-a-stand dept. · 678 comments
    New submitter plsenjy writes "An article in the Atlantic outlines how Microsoft Corp. has submitted its support for a Washington State provision allowing gay couples to marry. Citing the company's inability to compete for top talent in the face of discrimination, Microsoft joins other firms such as Nike and Vulcan to effectively change moral policy from the top-down."

  10. Microsoft 'Trustworthy Computing' Turns 10

    It · Microsoft · · posted by Soulskill · from the eat-your-cake-at-your-desk dept. · 185 comments
    gManZboy writes "Bill Gates fired off his famous Trustworthy Computing memo to Microsoft employees on Jan. 15, 2002, amid a series of high-profile attacks on Windows computers and browsers in the form of worms and viruses like Code Red and 'Anna Kournikova.' The onslaught forced Gates to declare a security emergency within Microsoft, and halt production while the company's 8,500 software engineers sifted through millions of lines of source code to identify and fix vulnerabilities. The hiatus cost Microsoft $100 million. Today, the stakes are much higher. 'TWC Next' will include a focus on cloud services such as Azure, the company says."

  11. Windows Admins Need To Prepare For GUI-Less Server

    Tech · Gui · · posted by Soulskill · from the back-to-basics dept. · 780 comments
    msmoriarty writes "We knew Windows Server 8 was going to be a departure for Microsoft, including an 'optional' GUI, but in a blog post made earlier this week, the Windows Server team said that working without the GUI will be the 'recommended' method, and is telling developers not to assume a GUI will be present. According to Windows consultant and author Don Jones, this is a big hint to Windows admins that they better get used to not having a GUI in future releases. From the article: 'I'm well aware that many Windows admins out there aren't looking forward to a GUI-less server operating system from Microsoft. ... I'm sure Microsoft has, too.They're proceeding anyway. We have two choices: adapt or die.'"

  12. ITC Judge: Motorola Mobility Infringed Microsoft Patent

    Yro · Android · · posted by samzenpus · from the let-the-suing-begin dept. · 141 comments
    chrb writes "An International Trade Commission judge has issued a preliminary ruling that Motorola Mobility infringed one of Microsoft's patents. The disputed patent covers storing a meeting request on a mobile device, and was rejected by the European Patent Office as being 'obvious.' The judge also ruled that six other Microsoft patents were not being infringed. Experts say that this will strengthen Microsoft's hand in collecting patent fees on Android. Microsoft recently claimed that it now collects patent fees on over half of all Android devices sold."

  13. Microsoft Says Goodbye To CES

    Tech · Microsoft · · posted by samzenpus · from the we're-outta-here dept. · 79 comments
    theodp writes "Microsoft has traditionally delivered the pre-show keynote and put up a mammoth booth at the Consumer Electronics Show (CES) in Las Vegas each January. No more. GeekWire reports that Microsoft will bow out of CES after this year's show (Steve Ballmer says buh-bye on Jan. 9). 'As we look at all of the new ways we tell our consumer stories,' explained Microsoft's Frank Shaw, 'it feels like the right time to make this transition.'"

  14. Microsoft, Mozilla and Google Ban Malaysian Intermediate CA

    Tech · Google_Fb · · posted by Soulskill · from the another-one-bites-the-dust dept. · 80 comments
    Orome1 writes "Microsoft, Mozilla and Google have announced that they are revoking trust in Malaysia-based DigiCert, an intermediate certificate authority authorized by well-known CA Entrust, following the issuing of 22 certificates with weak keys, lacking in usage extensions and revocation information. 'There is no indication that any certificates were issued fraudulently, however, these weak keys have allowed some of the certificates to be compromised,' wrote Jerry Bryant of Microsoft's Trustworthy Computing."

  15. Microsoft Now Collects Royalties From Over Half of All Android Devices

    Yro · Android · · posted by Unknown · from the where-can-i-get-me-some-patents dept. · 241 comments
    An anonymous reader writes "Microsoft has inked a deal with Compal Electronics, which pumps out gadgets that run Android and Chrome OS, for an undisclosed sum." Microsoft has an explanatory weblog post; with this deal over half of all Android devices are licensing patents from Microsoft. Notably refusing to cooperate and instead opting for the court battle route are Motorola and Barnes and Noble.

  16. Microsoft Finalizes Skype Acquisition

    News · Microsoft · · posted by Soulskill · from the assimilation-complete dept. · 111 comments
    suraj.sun sends word that Microsoft's acquisition of Skype for $8.5 billion has officially completed. Quoting: "Skype CEO Tony Bates will be named president of the new Skype Division of Microsoft, and will have to report directly to Steve Ballmer. In a post on the Official Microsoft Blog today, Bates seemed unsurprisingly enthusiastic about the acquisition, describing it as a marriage of two 'disruptive, innovative, software-oriented companies. Microsoft is committed to the ubiquity of the Skype experience – communication across every device and every platform will remain a primary focus,' Bates wrote. 'And we've only scratched the surface.'"

  17. Microsoft Disables Kelihos Botnet

    It · Botnet · · posted by Unknown · from the i'm-down-to-20k-viagra-offers-per-day dept. · 94 comments
    Trailrunner7 writes with an excerpt from an article in Threatpost: "Continuing its legal assault on botnet operators and the hosting companies that the criminals use for their activities, Microsoft has announced new actions against a group of people it contends are responsible for the operation of the Kelihos botnet. The company has also helped to take down the botnet itself and says that Kelihos's operators were using it not only to send out spam and steal personal information but also for some more nefarious purposes."

  18. Microsoft Drops Use of 'Supercookies' On MSN

    Yro · Microsoft · · posted by timothy · from the but-kinect-knows-your-every-move dept. · 45 comments
    Trailrunner7 writes "In response to work by Stanford University researchers who found that Microsoft and several other high-profile companies were using a controversial technique to keep persistent cookies on users' PCs to track their movements, Microsoft says it has discontinued the practice of using so-called 'supercookies.' In July, Jonathan Mayer, a graduate student at Stanford, revealed that some companies were still employing techniques that enabled browser history sniffing, which give the companies information on what sites users have visited and what links they've clicked on. The research also found that some companies were using cookies that re-spawn even after users have deleted them. Microsoft was using this technique on one of its sites, MSN.com, and now the company said that it is no longer doing so."

  19. Microsoft Offers $250,000 Reward For Botnet Info

    News · Botnet · · posted by Soulskill · from the dead-or-alive dept. · 99 comments
    Orome1 writes "Microsoft decided to extend their efforts to establish the identity of those responsible for controlling the Rustock botnet by issuing a $250,000 reward for new information that results in the identification, arrest and criminal conviction of such individual(s). 'While the primary goal for our legal and technical operation has been to stop and disrupt the threat that Rustock has posed for everyone affected by it, we also believe the Rustock bot-herders should be held accountable for their actions.' Residents of any country are eligible for the reward pursuant to the laws of that country."

  20. Microsoft Says Reinstall Overkill In Removing Rootkit

    It · Security · · posted by timothy · from the try-this-handy-therapeutic-coma dept. · 203 comments
    CWmike writes "Microsoft has clarified the advice it gave users whose Windows PCs are infected with a new, sophisticated rootkit dubbed Popereb that buries itself on the hard drive's boot sector, noting Wednesday that a complete OS reinstall is not necessary. 'If your system is infected with Trojan:Win32/Popureb.E, we advise fixing the MBR using the Windows Recovery Console to return the MBR to a clean state,' MMPC engineer Chun Feng wrote in an updated blog entry. Feng provided links to instructions on how to use the Recovery Console for Windows XP, Vista and Windows 7. Once the MBR has been scrubbed, users can run antivirus software to scan the PC for additional malware for removal, Feng added. Several security researchers agreed with Microsoft's revisions, but a noted botnet expert doubted that the advice guaranteed a clean PC. But an internationally-known botnet expert disagrees. Joe Stewart, director of malware research at Dell SecureWorks, said, 'Once you're infected, the best advice is to [reinstall] Windows and start over ... [MBR rootkits] download any number of other malware. How much of that are you going to catch? This puts the user in a tough position.' MBR rootkit malware is among the most advanced of all threats."

  21. Rootkit Infection Requires Windows Reinstall

    Tech · Windows · · posted by timothy · from the spring-cleaning-comes-late dept. · 510 comments
    CWmike writes "Microsoft is telling Windows users that they'll have to reinstall the OS if they get infected with a new rootkit. A new variant of a Trojan Microsoft calls Popureb digs so deeply into the system that the only way to eradicate it is to return Windows to its out-of-the-box configuration, Chun Feng, an engineer with the Microsoft Malware Protection Center (MMPC), said last week on the group's blog. 'If your system does get infected with Trojan:Win32/Popureb.E, we advise you to fix the MBR and then use a recovery CD to restore your system to a pre-infected state,' said Feng. A recovery disc returns Windows to its factory settings."

  22. Microsoft's Virtual Skywriting Patent App Features the Real Thing

    Yro · Microsoft · · posted by timothy · from the sounds-like-a-creative-children's-story dept. · 66 comments
    theodp writes "GeekWire reports that Microsoft this week was awarded a patent on something it calls 'virtual skywriting', an augmented reality service that adds fake skywriting to scenes captured on a cell phone screen. Odd enough in its own right, but Microsoft also included an unattributed photo in the patent application which it described as 'an example of virtual skywriting in use,' although it certainly appears to be identical to a famous image of actual skywriting from a 2001 public art project. If that turns out to be the case, could the self-described opponent of half-baked patents and IP misuse find itself in hot water with the USPTO for using the 'prior art' to fake its fake skywriting?"

  23. Microsoft Brands WebGL a 'Harmful' Technology

    News · Graphics · · posted by Soulskill · from the guns-don't-kill-people,-webgl-does dept. · 503 comments
    An anonymous reader writes "Microsoft has announced that it has no plans to support WebGL — a cross-platform low-level 3D graphics API designed for web use — in its future browsers, citing numerous security concerns over the technology and branding the basic principles as 'harmful.'"

  24. Microsoft Adds Chrome Support For Office Web Apps

    Chrome · · posted by ryuzaki0 · from the it-hurts-me dept. · 46 comments
    CWmike writes "Microsoft will release the first service pack for Office 2010 in late June, when it will for the first time support Google's Chrome running the suite's online applications using SharePoint 2010, the company said on Monday. Google and Microsoft have repeatedly knocked heads over each others' online applications. In May 2010, Matthew Glotzbach, Google's enterprise product management director, kicked off the public battle by urging companies to forget about upgrading to Office 2010 and calling on them to instead add Google Docs to their mix. 'Google Docs makes Office 2003 and 2007 better,' Glotzbach said at the time. Microsoft quickly countered by saying that Google Docs' integration with Office was inferior to Office Web Applications' and that its rival's claims were 'simply not true.'"

  25. Microsoft To Support CentOS Linux In Hyper-V

    Linux · Microsoft · · posted by Soulskill · from the virtual-olive-branch dept. · 291 comments
    jbrodkin writes "Long the enemy of Linux users, Microsoft is apparently seeing dollar signs in the Linux-dominated Web server market. Microsoft's virtualization software, Hyper-V, will immediately add support for CentOS Linux, a community version of Red Hat that even Microsoft notes is a 'popular Linux distribution for hosters.' 'This enables our Hosting partners to consolidate their mixed Windows + Linux infrastructure on Windows Server Hyper-V,' Microsoft said. In addition to Web hosting, this targets another area where Microsoft is stuck in second place: the virtualization market dominated by VMware."

  26. New Alureon Rootkit Takes Malware To New Level

    It · Security · · posted by CmdrTaco · from the boot-the-root dept. · 135 comments
    Trailrunner7 writes "A new version of the venerable Alureon malware has appeared, and this one includes some odd behavior designed to prevent analysis and detection by antimalware systems. However, this isn't the typical evasion algorithm, as it uses some unusual encryption and decryption routines to make life much more difficult for analysts and users whose machines have been infected. Alureon is a well-known and oft-researched malware family that has some rootkit-like capabilities in some of its variations. The newest version of the malware exhibits some behavior that researchers haven't seen before and which make it more problematic for antimalware software to detect it and for experts to break down its components."

  27. Microsoft Blasts Google For False Claims In Court Documents

    Yro · Microsoft · · posted by Soulskill · from the a-case-of-he-filed-she-filed dept. · 213 comments
    recoiledsnake writes "Microsoft writes in a blog post that Google knowingly lied to the court while suing the US government over its consideration of only Microsoft implementations. We previously discussed Google winning an injunction against the Department of the Interior over this. According to Microsoft Deputy General Counsel David Howard, 'Google filed a motion for a preliminary injunction telling the court three times in a single document that Google Apps for Government is certified under FISMA. Google has repeated this statement in many other places as well. Indeed, for several months and as recently as this morning, Google's website states, "Google Apps for Government – now with FISMA certification." ... So imagine my surprise on Friday afternoon when, after some delay, some of the court papers were unsealed, at least in part. There for all to see was a statement by the Department of Justice contradicting Google on one of its basic FISMA claims.' Howard goes on to quote the DoJ brief (PDF), which says, '... it appears that Google's Google Apps for Government does not have FISMA certification.'"

  28. Microsoft Blasts Google For False Claims In Court Documents

    Yro · Microsoft · · posted by Soulskill · from the a-case-of-he-filed-she-filed dept. · 213 comments
    recoiledsnake writes "Microsoft writes in a blog post that Google knowingly lied to the court while suing the US government over its consideration of only Microsoft implementations. We previously discussed Google winning an injunction against the Department of the Interior over this. According to Microsoft Deputy General Counsel David Howard, 'Google filed a motion for a preliminary injunction telling the court three times in a single document that Google Apps for Government is certified under FISMA. Google has repeated this statement in many other places as well. Indeed, for several months and as recently as this morning, Google's website states, "Google Apps for Government – now with FISMA certification." ... So imagine my surprise on Friday afternoon when, after some delay, some of the court papers were unsealed, at least in part. There for all to see was a statement by the Department of Justice contradicting Google on one of its basic FISMA claims.' Howard goes on to quote the DoJ brief (PDF), which says, '... it appears that Google's Google Apps for Government does not have FISMA certification.'"

  29. Microsoft Continues Android Legal Assault

    Yro · Android · · posted by Soulskill · from the business-as-usual dept. · 344 comments
    shmlco writes "According to an article on AllThingsD, Microsoft is continuing its legal assault on Android. On Monday the company sued Barnes & Noble, Foxconn International and Inventec over the company's Nook e-reader, alleging patent infringement. To quote Microsoft deputy general counsel Horacio Gutierrez, 'The Android platform infringes a number of Microsoft's patents, and companies manufacturing and shipping Android devices must respect our intellectual property rights. Their refusals to take licenses leave us no choice but to bring legal action.'"

  30. Senate Panel Backs Patent Overhaul Bill

    Yro · Patents · · posted by Soulskill · from the then-patented-their-support-and-demanded-licensing-fees dept. · 243 comments
    mvar writes "A bill to reduce the likelihood of massive damage awards in patent disputes took a step forward with approval by the Senate Judiciary Committee. The committee voted 15-0 to back the legislation that would give judges a major role in determining how important a particular patent is to a product, so that infringing minor patents would not lead to huge damages. The bill (PDF) also gives patents to the first inventor to file, rather than the first to invent, making the patent application process easier for companies who apply for patents in multiple countries. This year, Microsoft, the Pharmaceutical Research and Manufacturers of America and the Biotechnology Industry Organization support the patent legislation, while Dell, Cisco and others oppose it." Microsoft's blog post in support of patent reform calls for a quick review period for newly-granted patents and the acceptance of prior art submissions from third parties.

  31. Microsoft Is Releasing an H.264 Plugin For Firefox

    News · Firefox · · posted by timothy · from the such-charity dept. · 245 comments
    ndogg writes "Microsoft has announced that it is releasing an H.264 plugin for Firefox. This plugin does not add H.264 capabilities to Firefox, but rather allows it to use the H.264 capabilities built into Windows 7. With that in mind, it sounds like it may not work on anything other than Windows 7."

  32. Microsoft Finally Certifies an Open Source Web App

    Developers · Microsoft · · posted by timothy · from the where's-your-hall-pass-professor dept. · 87 comments
    An anonymous reader writes "Microsoft has caught up with the fact that open source web-based software exists, today announcing an open source project written in PHP is the first 'Certified for Windows' software that (a) follows an OSI-approved license and (b) runs via a webserver rather than operating as a native Windows executable. The software in question is SilverStripe CMS, free software released under a BSD license, that is used to build and manage websites. Certification entails a third-party performing various tests and audits on the software and giving it the green light. If other open source projects can follow suit, this will be another step in getting business folk to see that open source is ready for enterprise use. And heck, maybe even a .NET application could now seek to be certified!"

  33. A Tidal Wave of Java Flaw Exploitation

    News · Oracle · · posted by Soulskill · from the surf's-up dept. · 238 comments
    tsu doh nimh writes "Microsoft warned today that it is witnessing a huge spike in the exploitation of Java vulnerabilities on the Windows platform, and that attacks on Java security holes now far outpace the exploitation of Adobe PDF bugs. The Microsoft announcement cites research by blogger Brian Krebs, who has been warning for several months that Java vulnerabilities are showing up as the top moneymakers for those peddling commercial crimeware exploitation kits, such as Eleonore, Crimepack and SEO Sploit Pack." Several days ago, Oracle released a patch that fixed 29 Java security flaws.

  34. Microsoft Eyes PC Isolation Ward To Thwart Botnets

    It · Security · · posted by timothy · from the but-you-said-no-malware dept. · 413 comments
    CWmike writes "In a paper published Wednesday (PDF), Scott Charney, who heads Microsoft's trustworthy computing group, spelled out a concept of 'collective defense' that he said was modeled after public health measures like vaccinations and quarantines. The aim: To block botnet-infected computers from connecting to the Internet. Under the proposal, PCs would be issued a 'health certificate' that showed whether the system was fully patched, that it was running security software and a firewall, and that it was malware-free. Machines with deficiencies would require patching or an antivirus update, while bot-infected PCs might be barred from the Internet."

  35. Microsoft Sues Motorola Over Android-Related Patent Infringement

    Mobile · Cellphones · · posted by Soulskill · from the no-license-for-you dept. · 199 comments
    suraj.sun writes with this excerpt from Engadget: "Microsoft has hit up the ITC over a total of nine alleged patent infringements by Motorola in its Android devices, specifically relating to 'synchronizing email, calendars and contacts, scheduling meetings, and notifying applications of changes in signal strength and battery power.' This should be interesting — will it result in a quick cross-licensing agreement, or a protracted court battle spanning multiple years?" The ITC complaint was accompanied by a lawsuit in US District Court. Microsoft's Horacio Gutierrez explained the company's reasoning in a blog post.

  36. Microsoft To Release Emergency Fix For ASP.NET Bug

    It · Microsoft · · posted by Soulskill · from the don't-make-us-do-stuff dept. · 73 comments
    Trailrunner7 writes "Microsoft on Tuesday will release an emergency out-of-band patch for the ASP.NET padding oracle attack that was disclosed earlier this month. The patch will only be available on the company's Download Center for the time being, however. The company is taking the step of releasing an emergency fix for the bug because of the seriousness of the vulnerability — which potentially affects millions of Web applications — and the fact that there are attacks ongoing against it already. The patch will fix the flaw in all versions of the .NET framework. Although Microsoft issued guidance about workarounds to defend against attacks on the ASP.NET bug shortly after it was publicly disclosed, the researchers, Juliano Rizzo and Thai Duong, said that the workarounds did not fully protect users against their attack."

  37. Microsoft Helps Adobe Block PDF Zero-Day Exploit

    News · Security · · posted by Soulskill · from the damage-control dept. · 93 comments
    CWmike writes "Microsoft has urged Windows users to block ongoing attacks against Adobe's popular PDF viewer by deploying one of Microsoft's enterprise tools. Adobe echoed Microsoft's advice, saying the Enhanced Migration Experience Toolkit (EMET) would stymie attacks targeting Reader and Acrobat. Called 'scary' and 'clever,' the in-the-wild exploit went public last week when security researcher Mila Parkour reported it to Adobe after analyzing a rogue PDF document attached to spam. Adobe first warned users Wednesday of the threat, but at the time gave users no advice on how to protect themselves until a patch was ready. Microsoft stepped in on Friday. 'The good news is that if you have EMET enabled ... it blocks this exploit,' said Fermin Serna and Andrew Roths, two engineers with the Microsoft Security Response Center in an entry on the group's blog." A Symantec blog post suggests the people exploiting this vulnerability may be the 'Aurora' group responsible for the attacks on Google late last year.

  38. New Malware Imitates Browser Warning Pages

    News · Microsoft · · posted by Soulskill · from the good-thing-nobody-ever-mindlessly-clicks-through-those dept. · 143 comments
    Jake writes with this excerpt from Ars: "Microsoft is warning about a new piece of malware, Rogue:MSIL/Zeven, that auto-detects a user's browser and then imitates the relevant malware warning pages from Internet Explorer, Firefox, or Chrome. The fake warning pages are very similar to the real thing; you have to look closely to realize they aren't the real thing. The ploy is a basic social engineering scheme, but in this case the malware authors are relying on the user's trust in their browser, a tactic that hasn't been seen before. Beyond the warning pages, the actual malware looks like the real deal: it allows you to scan files, tells you when you're behind on your updates, and enables you to change your security and privacy settings. Performing a scan results in the product finding malicious files, but of course it cannot delete them unless you update, which requires paying for the full version. Attempting to buy the product will open an HTML window that provides a useless 'Safe Browsing Mode' with high-strength encryption. To top it all off, the rogue antivirus webpage looks awfully similar to the Microsoft Security Essentials webpage; even the awards received by MSE and a link to the Microsoft Malware Protection Center have been copied."

  39. Microsoft Makes Major Shift In Disclosure Policy

    It · Microsoft · · posted by timothy · from the tread-water-faster dept. · 65 comments
    Trailrunner7 writes "Microsoft is changing the way in which it handles vulnerability disclosures, now moving to a model it calls coordinated vulnerability disclosure, in which the researcher and the vendor work together to verify a vulnerability and allow ample time for a patch. However, the new philosophy also recognizes that if there are attacks already happening, it may be necessary to release details of the flaw even before a patch is ready. The new CVD strategy relies on researchers to report vulnerabilities either directly to a vendor or to a trusted third party, such as a CERT-CC, who will then report it to the vendor. The finder and the vendor would then try to agree on a disclosure timeline and work from there." Here's Microsoft's announcement of the new strategy.

  40. MS To Share Early Flaw Data With Governments

    Yro · Government · · posted by kdawson · from the for-your-eyes-only dept. · 100 comments
    Trailrunner7 writes "Microsoft today announced plans to share pre-patch details on software vulnerabilities with governments around the world under a new program aimed at securing critical infrastructure and government assets from hacker attacks. The program, codenamed Omega, features a 'Defensive Information Sharing Program' that will offer government entities at the national level technical information on vulnerabilities that are being updated in their products." There's a stream the bad guys would dearly love to tap into.

  41. Microsoft Accuses Google Docs of Data Infidelity

    Tech · Business · · posted by kdawson · from the for-this-we-got-a-standard dept. · 178 comments
    Hugh Pickens writes "For years Google has been pitching migrations from Microsoft Office to Google Docs, arguing that Docs makes Office 2003 and 2007 better because users can store Microsoft Office documents in Google's cloud and share them in their original format. Now eWeek reports that Alex Payne, director of Microsoft's online product management team, says that moving files created with Office to Google Docs results in the loss of data fidelity, including the loss of such data components as charts, styles, watermarks, fonts, tracked changes, and SmartArt. 'They are claiming that an organization can use both seamlessly,' Payne writes. 'This just isn't the case.' Meanwhile, Google defended its original 'Docs makes Office better' in a statement, noting that it has made a lot of improvements to the web editors in Docs with its recent refresh, and promising that functionality will only get better as Google integrates the DocVerse assets into Docs. 'It says a lot about Microsoft's approach to customer lock-in that the company touts its proprietary document formats, which only Microsoft software can render with true fidelity, as the reason to avoid using other products,' says a Google spokesperson."

  42. IE8's XSS Filter Exposes Sites To XSS Attacks

    Tech · Msie · · posted by kdawson · from the first-do-no-harm dept. · 84 comments
    Blue Taxes writes "The cross-site scripting filter that ships with Microsoft's Internet Explorer 8 browser can be abused by attackers to launch cross-site scripting attacks on websites and web pages that would otherwise be immune to this threat. The IE8 filter works by scanning outbound requests for strings that may be malicious. When such a string is detected, IE8 will dynamically generate a regular expression matching the outbound string. The browser then looks for the same pattern in responses from the server. If a match is made anywhere in the server's response, the browser assumes that a reflected XSS attack is being conducted and the browser will automatically alter the response so that the XSS attack cannot succeed. The researchers figured out a way to use IE8's altered response to conduct simple abuses and universal cross-site scripting attacks, which worked against sites that would not otherwise have been vulnerable to XSS." Here is the researchers' backgrounder (PDF) on the attack. Microsoft says that they have issued two patches that address the issue, but the researchers insist that holes remain.
    Update: 04/20 14:06 GMT by KD : Microsoft's Security Response Center has issued a statement on the vulnerability.

  43. Microsoft Announces End of the Line For Itanium Support

    Hardware · Windows · · posted by Soulskill · from the development-dollars-well-spent dept. · 227 comments
    WrongSizeGlass writes "Ars Technica is reporting that Microsoft has announced on its Windows Server blog the end of its support for Itanium. 'Windows Server 2008 R2, SQL Server 2008 R2, and Visual Studio 2010 will represent the last versions to support Intel's Itanium architecture.' Does this mean the end of Itanium? Will it be missed, or was it destined to be another DEC Alpha waiting for its last sunset?"

  44. Microsoft Announces Windows 7 SP1

    It · Windows · · posted by timothy · from the software-evolves dept. · 355 comments
    CWmike writes "Microsoft has announced service packs for Windows 7 and Windows Server 2008 R2, but declined to set a release date or a schedule for getting a beta in users' hands. A company spokesman said Windows 7 Service Pack 1 (SP1) will primarily contain 'minor updates,' including patches and hotfixes that will have been delivered earlier via the Windows Update service, rather than new features. One of the latter: an updated Remote Desktop client designed to work with RemoteFX, the new remote-access platform set to debut in SP1 for Windows Server 2008 R2. Windows Server 2008 R2 will also be upgraded to SP1, Microsoft said, presumably at the same time as Windows 7 since the two operating systems share a single code base. Besides RemoteFX — which Microsoft explained Wednesday in an entry on the Windows virtualization team's blog — Server 2008 R2 will also include a feature dubbed 'Dynamic Memory,' which lets IT staff adjust guest virtual machines' memory on the fly. Microsoft did not spell out a timetable for the service packs, saying only that it would provide more information as release milestones approach."

  45. Ballmer Defends Microsoft In China

    Yro · Censorship · · posted by CmdrTaco · from the race-is-on dept. · 162 comments
    An anonymous reader writes "Mr. Ballmer has recently posted on the official Microsoft blog discussing future business in China and defending Microsoft's stance of cooperating with the government even as other large IT companies have begun making public condemnations (Google and Twitter being the most prominent). Couple this with Bill Gate's speech on China's censorship being not all that bad (a speech very well received by Chinese media) and you've got people wondering: Is Microsoft aiming to take Google's place in China?"

  46. Office 2003 Bug Locks Owners Out

    Tech · Bug · · posted by kdawson · from the file-available-but-not-to-you dept. · 247 comments
    I Don't Believe in Imaginary Property writes "A Microsoft Office 2003 bug is locking people out of their own files, specifically those protected with Microsoft's Rights Management Service. Microsoft has a TechNet bulletin on the issue with a fix. It looks like they screwed up and let a certificate expire. There's no information on when the replacement certificate will expire, though, or what will happen when it does."

  47. Black Screen of Death Not Microsoft's Fault

    It · Microsoft · · posted by CmdrTaco · from the well-not-directly-anyway dept. · 583 comments
    Barence follows up to the ongoing Black Screen of Death Saga by saying "Microsoft says reports of 'Black Screen of Death' errors aren't caused by Windows Updates, as claimed by a British security firm. The software giant claims November's Windows Updates didn't alter registry keys in the way described by Prevx, which said that the Microsoft Patches caused PCs to boot with just a black screen and a Windows Explorer window. Microsoft is now blaming the problem on malware. Prevx has issued a grovelling apology on its own blog."

  48. Microsoft Takes Responsibility For GPL Violation

    News · Microsoft · · posted by Soulskill · from the owning-up dept. · 364 comments
    An anonymous reader writes with an update to the news we discussed last weekend that a Windows 7 utility seemed to contain GPL code: "Microsoft has confirmed that the Windows 7 USB/DVD tool did, in fact, use GPL code, and they have agreed to release the tool's source code under the terms of GPLv2. In a statement, Microsoft said creation of the tool had been contracted out to a third party and apologized for not noticing the GPL code during a code review."

  49. The Machine SID Duplication Myth

    Tech · Windows · · posted by kdawson · from the no-harm-in-seeing-double dept. · 201 comments
    toppings writes "Microsoft Technical fellow Mark Russinovich explains why he is now retiring NewSID, which has been used by IT departments for years when deploying Windows to new systems from customized clone images. Russinovich writes: 'The reason that I began considering NewSID for retirement is that, although people generally reported success with it on Windows Vista, I hadn't fully tested it myself and I got occasional reports that some Windows component would fail after NewSID was used. When I set out to look into the reports I took a step back to understand how duplicate SIDs could cause problems, a belief that I had taken on faith like everyone else. The more I thought about it, the more I became convinced that machine SID duplication — having multiple computers with the same machine SID — doesn't pose any problem, security or otherwise. I took my conclusion to the Windows security and deployment teams and no one could come up with a scenario where two systems with the same machine SID, whether in a Workgroup or a Domain, would cause an issue. At that point the decision to retire NewSID became obvious.' He concludes: 'It's a little surprising that the SID duplication issue has gone unquestioned for so long, but everyone has assumed that someone else knew exactly why it was a problem. To my chagrin, NewSID has never really done anything useful and there's no reason to miss it now that it's retired. Microsoft's official policy on SID duplication will also now change and look for Sysprep to be updated in the future to skip SID generation.'"

  50. Microsoft Plans Largest-Ever Patch Tuesday

    It · Bug · · posted by timothy · from the 24-hours-but-bigger-minutes dept. · 341 comments
    CWmike writes "Microsoft said it will deliver its largest-ever number of security updates on Tuesday to fix 13 flaws in every version of Windows, as well as Internet Explorer (IE), Office, SQL Server, important developer tools and Forefront Security client software. Among the updates will be the first for the final, or release to manufacturing, code of Windows 7, Microsoft's newest operating system. The 13 updates slated for next week, eight of them pegged 'critical,' beat the previous record of 12 updates shipped in February 2007 and again in October 2008." Update Reader Kurt Seifried writes to correct the math a bit, pointing to Microsoft's Advance Notification page for the release, which says that rather than 13 flaws, this Patch Tuesday involves "13 bulletins (eight critical and five important), addressing 34 vulnerabilities ... Most of these updates require a restart so please factor that into your deployment planning."