Welcome to Tech-O-Buzz…

March 15, 2010

Microsoft: Don’t press F1 key in Windows XP

Filed under: Microsoft,Technology — techobuzz @ 11:29 am
Tags: , , , ,

Courtesy: http://www.computerworld.com

Microsoft told Windows XP users today not to press the F1 key when prompted by a Web site, as part of its reaction to an unpatched vulnerability that hackers could exploit to hijack PCs running Internet Explorer (IE).

In a security advisory issued late Monday, Microsoft confirmed the unpatched bug in VBScript that Polish researcher Maurycy Prodeus had revealed Friday, offered more information on the flaw and provided some advice on how to protect PCs until a patch shipped.

“The vulnerability exists in the way that VBScript interacts with Windows Help files when using Internet Explorer,” read the advisory. “If a malicious Web site displayed a specially crafted dialog box and a user pressed the F1 key, arbitrary code could be executed in the security context of the currently logged-on user.”

Last week, Prodeus called the bug a “logic flaw,” and said attackers could exploit it by feeding users malicious code disguised as a Windows help file — such files have a “.hlp” extension — then convincing them to press the F1 key when a pop-up appeared. He rated the vulnerability as “medium” because of the required user interaction.

Windows 2000, Windows XP and Windows Server 2003 are impacted by the bug, said Microsoft, and any supported versions of Internet Explorer (IE) on those operating systems — including IE6 on Windows XP — could be leveraged by attackers. Previously, Prodeus had said that users running IE7 and IE8 were at risk, but had not called out IE6.

Until a patch is ready, users can protect themselves by not pressing the F1 key if a Web site tells them to, said Microsoft.

“As an interim workaround, users are advised to avoid pressing F1 on dialogs presented from Web pages or other Internet content,” said David Ross with the Microsoft Security Response Center (MSRC) engineering staff in a blog entry on Monday.

“The prompt can appear repeatedly when dismissed, nagging the user to press the F1 key,” Ross added.

The security advisory made the same recommendation: “Our analysis shows that if users do not press the F1 key on their keyboard, the vulnerability cannot be exploited.”

Users can also stymie attacks by disabling Windows Help. The advisory explained how to entering a one-line command at a Windows command-line prompt to lock down the Help system.

The company took Prodeus to task for taking the bug public, something it regularly does when researchers disclose a vulnerability or post sample attack code before a patch is available.

“Microsoft is concerned that this vulnerability was not responsibly disclosed, potentially putting customers at risk,” said Jerry Bryant, a senior manager with the MSRC, in an e-mail. By Prodeus’ account, he notified Microsoft of the flaw Feb. 1, about four weeks before publishing his findings.

Microsoft has not set a timeline for a fix, saying only that, “Microsoft will take the appropriate action to help protect our customers.” The next scheduled security patch date for the company is March 9.

Although it does not rate the severity of vulnerabilities in its advisories, Microsoft noted that hackers exploiting the VBScript flaw using Windows Help and Internet Explorer could grab complete control of a Windows system.

Customers running Windows Vista, Windows Server 2008, Windows 7 or Windows Server 2008 R2 are safe from such attacks, Microsoft said.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg’s RSS feed . His e-mail address is gkeizer@ix.netcom.com.

Read more about spam, malware and vulnerabilities in Computerworld’s Spam, Malware and Vulnerabilities Knowledge Center.

Advertisements

August 8, 2009

The Microsoft Mall Invasion Begins

Filed under: Microsoft,Technology — techobuzz @ 4:07 pm
Tags:

The Microsoft PR team tweeted out the first image to Twitpic of the Microsoft Retail Store opening in Scottsdale and Mission Viejo. The stores are slated to open sometime in the fall, with more locations opening after. In July, Microsoft’s master plan for the retail stores were leaked in a presentation. Image above.

Windows 7 Training Kit For Developers

Filed under: Microsoft,Technology — techobuzz @ 4:00 pm
Tags: , ,

The Windows 7 Training Kit for Developers includes presentations, hands-on labs, and demos. This content is based on Windows 7 RTM and it is designed to help you learn how to build applications that are compatible with and shine on Windows 7 by utilizing key Windows 7 features such as:

Taskbar
Libraries
Multi Touch
Sensors and Location
Ribbon
Trigger Start Services
Instrumentation and ETW
Application Compatability
And Application Compatibility topics such as:
Version Checking
UAC Data Redirection
Session 0 Isolation
Installer Detection
User Interface Privilege Isolation
High DPI

July 30, 2009

Microsoft Wave launched

Filed under: Microsoft,Technology — techobuzz @ 7:17 pm
Tags:

Microsoft Wave is a cool new site from our UK team that is something we’ve long been without – a cool site that isn’t trying to sell anything, simply showing the breadth of cool technology that Microsoft is involved in. It’s very much in the spirit of Blue Monster so I was delighted to see that image on the homepage which launched today. I’m also very happy to be one of two featured bloggers from our UK office.

I’ve been giving quite a few “innovation at Microsoft” presentations of late so at the very least this gives me a single site I can point people to following those talks. As of today it has the Microsoft 2019 video, Photosynth, Natal, Worldwide Telescope, Deepzoom and more.

Let us know what you think?

Microsoft and Yahoo: the deal is done

Filed under: Microsoft,Technology — techobuzz @ 7:15 pm
Tags: ,

It’s been a while coming but the long discussed search agreement between Microsoft and Yahoo is here. Remarkably, there is already a dedicated website up for the announcement including a video with SteveB and Carol Bartz.

Full terms at http://www.choicevalueinnovation.com/thedeal/pressroom/Default.aspx and

In simple terms, Microsoft will now power Yahoo! search while Yahoo! will become the exclusive worldwide relationship sales force for both companies’ premium search advertisers.

Microsoft Presents Server Quest II

Filed under: Microsoft,Technology — techobuzz @ 7:13 pm
Tags: ,

Do you want to try a fun and awesome game powered by SilverLight Technology? Head on over to http://www.microsoft.com/click/serverquest/ and see how you handle the challenges of ServerQuest.

Outlook UI tricks : How to copy Outlook Calendar items from one folder to another?

Filed under: Microsoft,Technology — techobuzz @ 7:12 pm
Tags: ,

Have you tried copying all Outlook Calendar items from one folder to another? What is the result that you got?

In Microsoft Office Outlook 2007, Outlook 2003, Outlook 2002, and Outlook 2000, you cannot copy all the items in a Calendar folder when you right-click the folder, you click Copy Calendar, and then you paste in another top-level folder. Instead, this method creates a new subfolder under the destination folder.

To copy all of the items from a Calendar folder to another folder, you must select each item and then copy and paste it to the target folder.

Please refer the KB, so that you can get some alternate ways to do this.

July 19, 2009

Protocol documentation for Microsoft Exchange Server 2010 Beta

Filed under: Microsoft,Technology — techobuzz @ 4:52 pm
Tags: ,

The Microsoft Exchange Server 2010 Protocol technical documentation set provides detailed technical specifications for Microsoft protocols and extensions to industry-standards or other published protocols that are implemented and used in Microsoft Exchange Server 2010.

This allows the user to interoperate or communicate natively with Microsoft Office client and other server products. The documentation is designed to describe each protocol in detail as it is used by the Microsoft Exchange Server. Each protocol specification documents the technical requirements, limitations, dependencies, and Microsoft-specific protocol behavior.

The documentation set includes a set of companion overview and reference documents that supplement the technical specifications with conceptual background, overviews of inter-protocol relationships and interactions, and technical reference information.

You can download it from: Microsoft Download Center

July 14, 2009

Just Out!! Microsoft Assessment and Planning Toolkit 4.0

Filed under: Technology — techobuzz @ 7:17 pm
Tags: , , ,

map40

Download the newly released Microsoft Assessment and Planning Toolkit 4.0 and see how you can use this planning tool for Windows 7 and Windows Server 2008 R2 migration and virtualization projects.

The Microsoft Assessment and Planning (MAP) Toolkit is an agentless toolkit that finds computers on a network and performs a detailed inventory of the computers using Windows Management Instrumentation (WMI) and the Remote Registry Service. The data and analysis provided by this toolkit can significantly simplify the planning process for migrating to Windows® 7, Windows Vista®, Microsoft Office 2007, Windows Server® 2008 R2, Windows Server 2008, Hyper-V, Microsoft Application Virtualization, Microsoft SQL Server 2008, and Forefront® Client Security and Network Access Protection. Assessments for Windows Server 2008 R2, Windows Server 2008, Windows 7, and Windows Vista include device driver availability as well as recommendations for hardware upgrades.

If you are interested in server virtualization planning, MAP provides the ability to gather performance metrics from computers you are considering for virtualization and a feature to model a library of potential host hardware and storage configurations. This information can be used to quickly perform “what-if” analysis using Hyper-V and Microsoft Virtual Server 2005 R2 as virtualization platforms.
For home users and users with a few computers to migrate, use the Windows 7 Upgrade Advisor to understand the readiness of your computer for Windows 7.

YouTube Will Be Next To Kiss IE6 Support Goodbye

Filed under: Technology,Youtube - Google — techobuzz @ 3:01 pm
Tags: , , , ,

Copied from TechCrunch – http://www.techcrunch.com/2009/07/14/youtube-will-be-next-to-kiss-ie6-support-goodbye/
youtube-say-no-support-ie6

Judging by this screenshot taken by an IE6 user who was watching some videos on YouTube, it appears the Google company will be phasing out support for the browser shortly. I don’t have Internet Explorer 6 installed on my computer, so I can’t verify this first hand, but illogical it seems not and a simple Twitter search shows multiple people confirming the news. Heck, some are even downright ecstatic over the news.

Read more on https://techobuzz.wordpress.com/pages/youtube-say-no-support-ie6

Next Page »

Blog at WordPress.com.