Microsoft

Microsoft yesterday updated its bare-bones preview of Microsoft Internet Explorer 9 (IE9) for the last time, saying that the next release would be a beta build.

Although Microsoft hasn't named a release date for IE9's beta, the six-to-eight week stretch between each Platform Preview may provide a clue: If the company sticks to the same gap between the fourth preview and the beta, the latter should show on or after September 15 - confirming previous messages from Microsoft.

It's the sweltering dog days of summer and a lot of system administrators are out on vacation, but August's Patch Tuesday event is bound to be a hectic one for IT staffs charged with keeping up with Microsoft's monthly security fixes.

Microsoft (NASDAQ: MSFT) plans to release eight "critical" security patches on Tuesday and an additional six "important" patches, the company's security mavens announced on Thursday. In those 14 patches, Microsoft aims to fix a total of 34 security flaws in its products.

When HP’s TippingPoint issued an ultimatum Wednesday to software vendors to fix and reveal to the public software vulnerabilities within six months, Aaron Portnoy, manager of security research at TippingPoint, directed me to a page on the company’s Zero Day Initiative (ZDI) site that lists all the vulnerabilities known to ZDI and to the software vendors but for which a patch hasn’t yet been developed; details of the vulnerabilities are kept under wraps until a patch is available so as not to give hackers a road map to exploiting them.

The words Windows and security have not always been compatible. In the past, Microsoft's quest to make its operating system as easy to manage as possible for the "typical" user has often meant sacrificing adequate safeguards against intrusion and infection. Windows XP's notorious vulnerability to network worms stands as a recent example; Microsoft shipped the operating system with a firewall but initially left it turned off by default.

Microsoft has wasted no time in reminding everyone it's still in the browser wars, previewing Internet Explorer 9's beta version only three weeks after work began on the new software.

Steven Sinofsky, president of Microsoft's Windows and Windows Live division, showed off some of the new features at the company's Professional Developers Conference. Microsoft's usual business-like sobriety characterises the design, but there are some unsubtle similarities with other major Web browsers, which have been rapidly encroaching on IE's previous near-monopoly.

The government has said it will not upgrade its departments' computers from Microsoft Internet Explorer 6 because it would not be 'cost-effective'.

This was in spite of an online petition posted to Number10.gov.uk earlier this year. It received 6,223 signatures that called for the "Prime Minister to encourage government departments to upgrade away from Internet Explorer 6" due to its alleged vulnerability to attack, and because it requires web developers to specially craft sites to support the browser.

Microsoft has signed a licensing deal with anti-hacking outfit Cryptography Research.

The San Francisco outfit specialises in preventing Differential Power Analysis attacks which apparently involve monitoring the fluctuating electrical power consumption of a target device and then using advanced statistical methods to derive cryptographic keys and other secrets from the data collected.

Microsoft has announced that it would roll out an emergency patch for the critical Windows shortcut bug on Monday, August 2.

Microsoft had confirmed the Windows vulnerability two weeks ago. The vulnerability allows hackers to craft malicious shortcuts and execute malware whenever a user views the shortcut or the contents of a folder containing the malevolent shortcut.

Microsoft announced today that it is planning to release a new version of its security mitigation tool for ISVs and Windows users.

Enhanced Mitigation Experience Toolkit (EMET) 2.0, when released in "upcoming weeks," will contain six mitigation protections, according to Microsoft's announcement. The mitigations block general techniques used by hackers that try to exploit vulnerabilities commonly found in software. Version 2.0 will be an update to the Enhanced Mitigation Evaluation Toolkit 1.0.2, which was announced in October.

In an effort to work more amicably with security researchers who feel Microsoft too often ignores them, the software giant announced it is tweaking its security approach regarding when security researchers disclose new exploits to vendors, hackers, and security administrators.

At the same time, Microsoft (NASDAQ: MSFT) released a "Fixit" program that will automatically implement one of the workarounds the company called out to address a security flaw released by hackers in mid-July that takes advantage of a newly discovered hole in the Windows Shell.