Microsoft

Microsoft Corp. is once again inviting members of the hacking community into its Redmond, Washington, campus to show the software giant where it's gone wrong.

The company's latest Blue Hat conference kicked off Wednesday with talks on mobile security, hardware hacking, Microsoft's security tools and the underground vulnerability economy.

Microsoft began hosting these events two years ago as a way to foster dialogue between the company's security team and external security researchers, many of whom have been critical of the company's approach to security.

Think malware will fade away with Vista? Sorry. There's about as much chance of the thriving throngs of online criminals packing up shop as there is of Microsoft doing the same.

Seven groups of patches, called updates in Microsoft parlance, were released on Tuesday, fixing a total of 19 bugs. Microsoft rates all seven of these updates as critical, but security experts say that IT administrators should be particularly concerned with the MS07-026 and MS07-029 updates, which fix flaws in Exchange and the Windows DNS (Domain Name System) server.

Last year Microsoft released Office 2007, which included a new version of Outlook that performs significantly worse than its predecessor. ?After upgrading to 2007 it?s just been insanely slow,? said one user who contacted me. ?I can barely write an email, Outlook will hang while I type.? There were several problems, mainly to do with Microsoft?s latest attempt at desktop search and its interaction with large mailboxes.

A program manager on Microsoft's security team wrote up a post-mortem on the .ANI vulnerability and how the bug worked its way from Windows 2000 all the way up into Windows Vista.

Michael Howard wrote a lengthy explanation in Microsoft's newly hatched Security Development Lifecycle (SDL) blog late last week.

Microsoft is to launch its own security portal in July. Named the Microsoft Malware Protection Center, the portal is currently in preview.

Aimed at Microsoft customers, partners and security professionals, the site currently details the most active families and variants of malware affecting its products. Microsoft is also using it as a platform to promote its own security products.

MICROSOFT has released its next-generation Windows Server software for public testing and said the product is on track for a debut in the second half of 2007.

The world's largest software maker said it expects hundreds of thousands of information technology workers to download the test, or "Beta 3," version of the next server operating system code-named ?Longhorn?.

Longhorn, which will replace Microsoft?s server current server operating system Windows Server 2003, is the compliment to its new Windows Vista PC operating system.

Microsoft will phase out Windows XP as an option for brand-name computer makers faster than it has any other operating system, but an analyst said it probably wasn't a decision made to pump up Vista revenues at XP's expense. According to Microsoft's posted timetable, the company will stop licensing Windows XP to OEMs and terminate retail sales of the operating system 31 January, 2008. The time between the general availability of XP's successor, Windows Vista, and that drop-dead date is just 12 months.

Microsoft is sending in the spies after a preview version of Windows Home Server was leaked to TheHotfix.net blog by a user named "Richard" soon after it was released to a small group of testers. In an email to testers, Kevin Beares, the Windows Home Server community lead at Microsoft, told Most Valuable Professionals (MVPs) whose name contain "Richard" that they will not have access to the beta until he finds out who is behind the leak. MVPs are people Microsoft considers helpful in its product group communities, and many MVPs end up being early testers of products.

Microsoft has revealed that hackers are targeting attacks exploiting a vulnerability in the software company's Windows Server DNS Service.

The flaw could allow a cybercriminal to execute arbitrary code with the same SYSTEM privileges as the DNS Service by sending a designed request to a vulnerable system.

The software giant?s Software Security Incident Response Process is already investigating the incident and it says has experienced ?very limited attacks? so far.