Microsoft is investigating new public reports of a vulnerability in Remote Desktop Services. We have not been made aware of attacks that try to use the reported vulnerability or of customer impact at this time, but we are aggressively investigating the public reports.
Microsoft has acknowledged that it is working on a patch for a potentially serious security hole in fully patched versions of Windows XP Service Pack 2.
The software maker's confirmation follows public disclosure of the vulnerability by a private security researcher who goes by the moniker "badpack3t." In an advisory posted at SecurityProtocols.com, the researcher described the issue as a remote kernel denial-of-service flaw affecting XP SP2, with the default firewall turned on.
As Microsoft inches closer to the first beta release of Internet Explorer 7, the company's development advisors have been advising Web site developers and managers to run certain tests now to prevent problems when the beta version does appear.
Sitting down for a personal meeting with Bill Gates this week, 10-year-old Arfa Karim Randhawa asked the Microsoft founder why the company doesn't hire people her age. Under the circumstances, the question wasn't so unreasonable.
Hackers are actively exploiting two serious security vulnerabilities in Windows, Microsoft warned on Tuesday as it released "critical" alerts about the flaws.
One of the problems affects the Microsoft Color Management Module, a component of Windows that handles colors. The other relates to the JView Profiler, part of Microsoft's Java Virtual Machine. The vulnerabilities could be used to commandeer a PC, Microsoft said.
SP research labs (me) has found a remote kernel DoS flaw within Microsoft Windows XP SP2 fully patched, with the firewall on. I have been working with Microsoft to get a patch out for this. I notified them 5/4/2005 about the flaw, and they have been working on it since then. Microsoft told me the patch was going to be released in August. We know its only a DoS, which is kind of boring so this is why we decided to report it to Microsoft. ;-) Here is a screenshot of the crash if your interested. So, be sure to look out for our advisory and PoC the second Tuesday in August.
Microsoft has released three software updates that patch critical security flaws in its products, including a patch for an Internet Explorer vulnerability that was first reported last week. The company also released patches for Microsoft Word and for a feature of the Windows operating system that is used by a number of applications. All three of the patches, which Microsoft calls "updates," are rated "critical," meaning that the flaws they fix could allow malicious code to be installed on a user's computer with very little user action.
Microsoft's MSN business unit is trying to hook customers onto "Kahuna." Kahuna is codename for an upcoming version of Hotmail that will sport a new style of interface, automatic inbox refreshing and a preview pane that will enable Hotmail users to read and respond to e-mail without ever leaving their inbox.
Microsoft is planning fundamental changes to its Office 12 desktop productivity suite that could prevent easy integration with many applications built in VBA (Visual Basic for Applications).
Microsoft said changes in the software, due out next year, were driven by the need to improve security.
Mark Quick, head of technology in Microsoft's Developer and Platform Group, said there were more than 700 third-party applications that use VBA. In addition, many businesses have developed their own bespoke VBA applications.
THE HACKER who turned over Microsoft’s UK website last week has written to the INQ suggesting the Vole should hire him and his mate Rafa.
The hacker, who goes by the handle of Apocalypse, said that he just wanted to show to Microsoft that any server or any company is vulnerable.
"As long people build something, somebody else is two steps ahead," he said.
Apocalypse also implied that if he had the new X-Box 360 with a lot games he would not have done it.
