Microsoft

Microsoft today shipped four security bulletins with patches for 22 serious security flaw and called special attention to a vulnerability in the Windows Bluetooth stack that could allow hackers to remotely take control of an affected computer.

The vulnerability, fixed with MS11-053, headlines a batch of updates that include fixes for gaping holes in the Windows kernel and security problems in the Windows Client/Server Run-time Subsystem.

The Bluetooth stack vulnerability introduces remote code execution risks on Windows Vista and Windows 7, Microsoft warned.

Microsoft has disabled the search results on its Security Centre after malware-spreaders abused the function to promote shady pornographic websites serving Trojans as well as cheap thrills.

Only the Security Section of Microsoft's website was affected by the search-engine poisoning attack. Such attacks are often used to place scareware portals and the like high in the index of searches for terms in the news, such as royal weddings, celebrity deaths and natural disasters.

Microsoft Research and the Systems Groups at ETH Zurich have released the latest version of their research operating system, Barrelfish, under an MIT licence and placed it in a Mercurial repository for public access.

Microsoft expects to release four patches next week to address 22 vulnerabilities in Windows and Office, the company said Thursday.

The bulletins, one of which is graded "critical" and three of which are rated "important, are due Tuesday at about 2 p.m. EST.

The critical patch will address vulnerabilities in the two most recent Windows versions, Vista and 7, according to an advance notification advisory. Two of the important fixes will respond to flaws in all supported versions of Windows.

There has been a lot of discussion in recent weeks about some new variants of the Popureb rootkit that clobber your Master Boot Record (MBR).

According to Microsoft's latest analysis, based on "sinkholes", only just over half of the 1.6 million PCs once infected with the Rustock bot are now clean.

Microsoft has published "relevant portions" of the source code from its Wi-Fi data collection software so that the public can examine it for any privacy concerns. According to Reid Kuhn, Partner Group Program Manager for Microsoft's Windows Phone Engineering Team, this was done to "provide even more transparency" about how the company gathers information through "managed driving", in which Microsoft uses vehicles equipped with mobile phones to gather available data about Wi-Fi access points and cell tower locations.

At the Office 365 launch, Gordon Frazer, managing director of Microsoft UK, gave the first admission that cloud data — regardless of where it is in the world — is not protected against the USA PATRIOT Act.

It was honestly music to my ears. After a year of researching the Patriot Act’s breadth and ability to access data held within protected EU boundaries, Microsoft finally and openly admitted it.

The question put forward:

Microsoft has released some of the source code for the software it uses to collect details of people's Wi-Fi hot spots, so that it can be examined for privacy implications.

In a blog post on Friday, Reid Kuhn, partner group program manager for the Windows Phone engineering team, said the publication of the code should demonstrate Microsoft's commitment to privacy and ensuring the protection of people's information.

Software giant Microsoft has found a rootkit which is so nasty you will have to re-install your operating system to get rid of it.

The Trojan "Popureb" digs so deeply into the system that not even the finest Volish spinners can dig it out. The only way to deal with it is to return Windows to its out-of-the-box configuration,

Writing in the Microsoft Malware Protection Center bog, Chun Feng said that if your system does get infected with Trojan:Win32/Popureb.E, it advises you to fix the MBR and then use a recovery CD to restore your system to a pre-infected state.