Microsoft

Many patches are announced for tomorrow: The Redmond company expects to release 11 security bulletins. Of those 5 are rated critical, 5 important and 1 moderate. The patches belonging to the bulletins will close 25 security vulnerabilities in Windows, Exchange and in Office. Adobe plans to deliver security updates for critical vulnerabilities in Adobe Reader and Acrobat for all supported platforms tomorrow. Additionally, the automatic updater will be activated with the patches so in future updates get installed silent. ...

Microsoft has made the right decision to temporarily turn off Hotmail’s vacation (e.g., out-of-office) reply feature. Flip the switch off permanently, I say. “In our fight against spam, we sometimes have to make hard choices, and we had to make one this week. We discovered that spammers were using Hotmail’s automatic vacation reply feature to send spam from their Hotmail accounts,” Krish Vitaldevara, Windows Live Hotmail lead program manager, blogged late yesterday. I missed the post because of Apple’s iPhone OS 4 launch. I spotted the announcement first at LiveSide about an hour ago. ...

Windows Mobile was never just a consumer product; it was also a significant player in handheld terminals, in-vehicle systems, and ruggedized consoles for business and industry. But that whole branch of business-oriented Windows Mobile devices used to be overseen by Microsoft’s Mobile Communications Business group (MCB), the same group responsible for Windows Mobile-powered consumer devices, despite the fact that they were very different. Yesterday, David Wurster, senior product manager for Windows Embedded, announced that things will no longer be run that way. Now, all of the ruggedized and industry-specific device development will be the responsibility of the Windows Embedded Business group, regardless of their operating system (WinCE, WinMo.) ...

Microsoft has put the PC-using world on notice that next Tuesday there will be 11 bulletins released addressing 25 vulnerabilities in Windows, Exchange and Office. Jerry Bryant, Group Manager of Microsoft’s Response Communications, said: “I also want to point out to customers that we will be closing the following open Security Advisories with next week’s updates: — Microsoft Security Advisory 981169 – Vulnerability in VBScript could allow remote code execution. ...

In March, the Windows team announced the upcoming release of Service Pack 1 for Windows 7, and Windows Server 2008 R2, but did not set a date of availability. At the time, Microsoft’s Brandon LeBlanc said, “For Windows 7, SP1 includes only minor updates, among which are previous updates that are already delivered through Windows Update. SP1 for Windows 7 will, however, deliver an updated Remote Desktop client that takes advantage of RemoteFX introduced in the server-side with SP1 for Windows Server 2008 R2.” ...

As expected, Microsoft has pushed out a mandatory update to the Xbox 360 today, which adds support for USB storage devices, expanding the memory capacity of the five-year old video game console. The update will ostensibly allow any FAT32-formatted USB storage device between 1GB-16GB in size to be used to save profiles, game saves, and downloadable content. There are, however, a number of caveats, which mean users can’t just plug anything in and have it work. ...

Tom Gallagher, senior security test lead with Microsoft’s Trustworthy Computing group, was extensively quoted in news stories today as he described how his group found 1,800 software flaws in Office 2010 by running millions of “fuzzing” tests. According to ComputerWorld, “Microsoft was able to find such a large number of bugs in Office 2010 by using not only machines in the company’s labs, but also under-utilitized or idle PCs throughout the company. The concept isn’t new: The Search for Extraterrestrial Intelligence (SETI@home) project may have been the first to popularize the practice, and remains the largest, but it’s also been used to crunch numbers in medical research and to find the world’s largest prime number. ...

There’s at least one company that isn’t scrambling to get an iPad app ready for launch day, and that company is Microsoft. Stephen Elop, president of Microsoft’s business division, said in an interview with Bloomberg that the company will “wait and see” how iPad sales perform before adapting Microsoft Office 2010 for the device. “We never say never, but we have no current plans [to develop a version of Office for the iPad],” Elop claimed. ...

MS10–018 If you’re using Internet Explorer versions 6 or 7 it wouldn’t be a good idea to miss this one. “Actively exploited” for drive by down loads from malicious web sites sums it up. There’s something in it for IE8 as well. See our post yesterday: “Microsoft out-of-band patch tomorrow”

Microsoft said today it will issue an out-of-band patch tomorrow for a vulnerability in Internet Explorer 6 and 7 that is being actively exploited. “The vulnerability exists due to an invalid pointer reference being used within Internet Explorer. It is possible under certain conditions for the invalid pointer to be accessed after an object is deleted. In a specially-crafted attack, in attempting to access a freed object, Internet Explorer can be caused to allow remote code execution,” Microsoft said in its Security Advisory 981374 earlier this month. ...