End of Microsoft Windows 7 security updates from today

Starting today, January 10th, Windows 7 Enterprise and Professional operating systems will no longer receive security updates. Thus, computers that still run these OS will no longer be protected against critical vulnerabilities. Apart from the operating system itself, browsers (both Edge and third-party browsers), as well as services from other non-Microsoft vendors, such as NVIDIA, have confirmed that they have also stopped offering new security patches in Windows 7. ...

January 10, 2023 路 1 min 路 106 words 路 Omid Farhang

Cross-platform botnet targets SSH-enabled devices

Microsoft researchers found a cross-platform botnet that originates from malicious software downloads on Windows devices & succeeds in propagating to a variety of Linux-based devices by enumerating default credentials on internet-exposed SSH-enabled devices. Microsoft researchers observed that the initial infection points related to the botnet were devices infected through the installation of malicious cracking tools that purport to acquire illegal Windows licenses. The cracking tools contain additional code that downloads and launches a fake version of svchost.exe through a PowerShell command. In some cases, the downloaded file is named svchosts.exe. ...

December 12, 2022 路 1 min 路 109 words 路 Omid Farhang

Gates spends entire first day back in office trying to install Windows 8.1

REDMOND, WASHINGTON (The Borowitz Report)鈥擝ill Gates鈥檚 first day at work in the newly created role of technology adviser got off to a rocky start yesterday as the Microsoft founder struggled for hours to install the Windows 8.1 upgrade. The installation hit a snag early on, sources said, when Mr. Gates repeatedly received an error message informing him that his PC ran into a problem that it could not handle and needed to restart. ...

February 7, 2014 路 1 min 路 175 words 路 Omid Farhang

Microsoft's September Patch Tuesday closes important XSS holes

h-online: On its September Patch Tuesday, Microsoft released two security updates that are rated as important and which close holes in Visual Studio Team Foundation Server 2010 (TFS) and Systems Management Server 2003 and 2007. Both updates fix cross-site scripting (XSS) vulnerabilities in the web interfaces that allow attackers to execute arbitrary code in the victim鈥檚 browser. ...

September 12, 2012 路 2 min 路 239 words 路 Omid Farhang

Final version of Windows 8 leaked online, No Windows Media Player yet

Ubergizmo: Good news for those looking to get their hands on Windows 8 before everyone else does, the final build of Windows 8 has just been leaked online. This news comes a day after it was announced that the final version of Windows 8 had been finished. MSDN and TechNet customers won鈥檛 be able to download their version of Windows 8 until August 15th, an enterprise version of Windows 8 is currently making rounds at different file sharing websites across the web. ...

August 3, 2012 路 1 min 路 210 words 路 Omid Farhang

Update for Windows Update has teething troubles

Microsoft has released an unscheduled, non-patch day update for Windows to update the Windows Update function itself. However, according to reports from readers, the Windows Update Agent update does not always run smoothly; The H鈥檚 associates at heise Security also ran into problems on their test systems. A staggered dissemination of the update has been taking place over the past three to four days. Users who run Windows Update are confronted with a message which says that an update for Windows Update needs to be installed before the system can check for other updates. ...

June 25, 2012 路 1 min 路 198 words 路 Omid Farhang

Critical holes closed in Microsoft's June Patch Tuesday

The H-Online: Microsoft has released seven security bulletins fixing a total of 27 security holes, 13 of them in Internet Explorer. The rest of the patches affect all currently supported Windows versions, the .NET Framework, Remote Desktop, Lync and Dynamics AX. A patch that had been announced for Visual Basic for Applications has yet to be released. ...

June 14, 2012 路 2 min 路 272 words 路 Omid Farhang

Microsoft revokes certificates used to sign the Flame trojan

Avira TechBlog Wrote: Microsoft released Security Advisory 2718704 which revokes some certificated which apparently were used to sign the trojan Flame__. In a blog post, Microsoft explains how they discovered that some components of the malware have been signed by certificates that allow software to appear as if it was produced by Microsoft. The certificates issued by the Terminal Services licensing certification authority, which are intended to only be used for license server verification, were also used to sign code and make it look like as if it was originated from Microsoft. ...

June 4, 2012 路 1 min 路 114 words 路 Omid Farhang

Windows XP in update loop

H-Online: Users of Windows XP are reporting more problems with recent automatic updates. Three security updates for .NET Framework 2.0 and 3.5 are at the center of the problem, labeled as patches KB2518664, KB2572073 and KB2633880 in Windows XP鈥檚 automatic update feature. On affected systems, the installation of these patches proceeds without error but after a short time, the update service says it would like to install them again and will keep reinstalling the patches if allowed. Microsoft鈥檚 general advice in this situation is to reset Windows Update components, though it has yet to offer any specific advice. It is interesting to note that the three patches in question were not released on Microsoft鈥檚 official patch day. ...

May 23, 2012 路 1 min 路 117 words 路 Omid Farhang

Microsoft Patch Tuesday more extensive than anticipated

The H-Online: As previously announced, Microsoft has released seven bulletins to close a total of 23 vulnerabilities on its May Patch Tuesday. The total number of bulletins belies the scope of the patches, however, as the combined update MS12-034 closes various holes in numerous products. The reason for this is a critical hole in the code for processing TrueType fonts that was exploited by the Duqu spyware last year. The hole was closed in the Windows kernel on the December Patch Tuesday; however, Microsoft has since used a code scanner to track down the vulnerable code in numerous other components; among them is the gdiplus.dll library, which is used by various browsers to render web fonts. ...

May 10, 2012 路 2 min 路 279 words 路 Omid Farhang