Microsoft

Hackers are trying to exploit a critical Windows vulnerability just patched on Tuesday, security researchers said this afternoon -- and the only version of Windows not at risk is the unfinished Windows XP Service Pack 3 (SP3).

Fortunately, attackers' incompetence means that these initial sorties have been unsuccessful, Symantec Corp. said in a brief warning to customers of its DeepSight threat service. "The DeepSight honeynet has observed in-the-wild exploit attempts targeting a GDI vulnerability patched by Microsoft on April 8, 2008," said Symantec in its alert.

The company's batch of Patch Tuesday updates come with fixes for "critical" remote code execution flaws affecting Windows Vista and Windows Server 2008.

Two of Microsoft's newest operating systems—Windows Vista and Windows Server 2008—are vulnerable to serious remote code execution attacks, according to a warning from the software giant.

The "critical" warning comes April 8 as part of Microsoft's April batch of Patch Tuesday updates, which include eight security bulletins covering at least 10 documented software vulnerabilities.

Security experts are urging IT administrators to patch systems affected by a two critical vulnerabilities affecting the core graphics subsystem of Windows revealed by Microsoft late yesterday.

Microsoft released the patch, which was of five given its highest, 'critical' rating and eight fixes in total, as part of its monthly, 'Patch Tuesday' security bulletin.

Microsoft Thursday confirmed swirling rumors by announcing that it is extending the availability of Windows XP Home Edition until mid-2010 for a fast-emerging class of tiny, cheap laptops led by the Asus Eee.

But despite calls for Microsoft to offer a newgeneral reprieve for XP users, the company reiterated that June 30 remains the cutoff date for hardware makers and retailers to install XP on new computers other than the low-cost laptops.

Microsoft has officially denied that it’s working with a Taiwanese manufacturer to develop a Blu-ray drive for the Xbox 360.

On Tuesday Register Hardware reported that the software giant had inked a deal with Lite-On for the development of Xbox 360 Blu-ray drives. It was claimed the drives would be integrated into a smaller and less power-hungry Xbox 360s.

But a Microsoft spokeswoman has since told Register Hardware that the company has denied any such rumours. In a statement, Microsoft said: “No. Lite-On is not manufacturing Blu-ray drives for Xbox 360”.

Microsoft announced today that it plans to issue eight security patches that fix holes in its Windows operating system and Internet Explorer. The announcement came in advance of its monthly "Patch Tuesday" security release scheduled April 8.

Altogether, Microsoft is repairing five vulnerabilities deemed "critical" and three rated "important" in almost every version of its operating systems, including Windows Vista, Windows XP and Windows 2000, as well as Windows Server 2003 and Windows Server 2008, and Explorer.

Mac users have long gloated that the Mac OS is safer than Windows. The gloating should stop: There's plenty of recent evidence that Vista is, in fact, a safer operating system than Mac OS X.

The most public piece of evidence is the recent "Pwn to Own" challenge, in which security pros were issued the challenge of trying to break into three laptops, a Mac, a PC laptop running Vista SP1, and a laptop running Ubuntu.

At the PWN2OWN contest this year, hackers were given the chance to circumvent security defenses in the latest versions of Mac OS X, Windows Vista and in a distribution of Linux. Winners were awarded cash prizes and the laptop they had hacked, but also had to sign a nondisclosure agreement so that the vendor could address a security fix without having to worry about malware taking advantage first.

A hacker picking apart the security model of Microsoft's brand new Windows Server 2008 has found serious design weaknesses that render some of the product's new security protections "useless."

Cesar Cerrudo, founder and Chief Executive Officer of Argeniss Information Security, in Parana, Argentina, says the weaknesses could lead to privilege escalation attacks opens the door for a skilled hacker to take complete control of the operating system.

Late Wednesday, Microsoft released an out-of-cycle critical patch revision in the form of Security Bulletin MSO7-025 in an effort to stave off a barrage of remote code execution (RCE) exploits that popped up less than two weeks after Redmond's March patch rollout.

In the last Patch Tuesday release on March 11, Microsoft issued four critical patches that were said to plug holes related to 12 known vulnerabilities for Excel, Outlook, Office 2000 and Office Web Components.