Gates spends entire first day back in office trying to install Windows 8.1


REDMOND, WASHINGTON (The Borowitz Report)—Bill Gates’s first day at work in the newly created role of technology adviser got off to a rocky start yesterday as the Microsoft founder struggled for hours to install the Windows 8.1 upgrade.

The installation hit a snag early on, sources said, when Mr. Gates repeatedly received an error message informing him that his PC ran into a problem that it could not handle and needed to restart.

After failing to install the upgrade by lunchtime, Mr. Gates summoned the new Microsoft C.E.O. Satya Nadella, who attempted to help him with the installation, but with no success.

While the two men worked behind closed doors, one source described the situation as “tense.”

“Bill is usually a pretty calm guy, so it was weird to hear some of that language coming out of his mouth,” the source said.

A Microsoft spokesman said only that Mr. Gates’s first day in his new job had been “a learning experience” and that, for the immediate future, he would go back to running Windows 7.

Microsoft’s September Patch Tuesday closes important XSS holes

windows updateh-online: On its September Patch Tuesday, Microsoft released two security updates that are rated as important and which close holes in Visual Studio Team Foundation Server 2010 (TFS) and Systems Management Server 2003 and 2007. Both updates fix cross-site scripting (XSS) vulnerabilities in the web interfaces that allow attackers to execute arbitrary code in the victim’s browser.

As the holes enable an attacker to access the web interfaces at the user’s privilege level, Microsoft has classified them as privilege escalation vulnerabilities. The company notes that, to its knowledge, neither of the holes is being actively exploited for attacks.

Microsoft has also published a number of other patches for Windows, Windows Server and the Malicious Software Removal Tool; it considers these to be non-security-related. The company notes that, unlike its other September updates, users may have to restart their computers after installing these. The updates include a new set of ActiveX kill bits to prevent vulnerable Cisco plugins running.

While this Patch Day has turned out to be moderate, the next one may have far-reaching consequences: in October, Microsoft will use Windows Update to deploy a patch that will invalidate any certificates with an RSA private key length of less than 1,024 bits. Those who manage infrastructures that use such certificates should, therefore, replace them with certificates whose private key has the required minimum length before then. NIST currently recommends an RSA key length of at least 2,048 bits.

Final version of Windows 8 leaked online, No Windows Media Player yet


Ubergizmo: Good news for those looking to get their hands on Windows 8 before everyone else does, the final build of Windows 8 has just been leaked online. This news comes a day after it was announced that the final version of Windows 8 had been finished. MSDN and TechNet customers won’t be able to download their version of Windows 8 until August 15th, an enterprise version of Windows 8 is currently making rounds at different file sharing websites across the web.


Unfortunately, if you were hoping for the Windows Media Player to be included in this version, you’re out of luck as it is the “N” version of Windows 8 which doesn’t come with the Player. Microsoft was forced to create a “N” build of its operating system as the European Commission ruled in 2004 that they need to create a version of Windows OS without the Windows Media Player included. Microsoft has yet to release a comment on the situation yet. Consumers will be able to get their hands on Windows 8 officially starting October 26th. We’ll keep you updated on the situation as more info becomes available and let us know in the comments section below if you plan on downloading the leaked build of Windows 8.

Update for Windows Update has teething troubles

Microsoft_LogoMicrosoft has released an unscheduled, non-patch day update for Windows to update the Windows Update function itself. However, according to reports from readers, the Windows Update Agent update does not always run smoothly; The H’s associates at heise Security also ran into problems on their test systems.

A staggered dissemination of the update has been taking place over the past three to four days. Users who run Windows Update are confronted with a message which says that an update for Windows Update needs to be installed before the system can check for other updates.

Windows_Update_Agent_updateOn some computers, clicking the “Install Updates” button results in a failed installation with error code 80070057 or 8007041B. On heise Security’s test Windows 7 computer, repeatedly attempting the update (click on “Check for updates” on the left) did eventually result in the update being successfully applied. Microsoft has provided a “Fix it” tool for more stubborn cases in Knowledge Base Article 949104.

The update in question upgrades the Windows Update Agent from version 7.4.7600.226 to 7.6.7600.256; it is not, as some readers have feared, a virus. After upgrading, the Windows Update Agent is automatically restarted; users do not need to reboot Windows.

Critical holes closed in Microsoft’s June Patch Tuesday

windows updateThe H-Online: Microsoft has released seven security bulletins fixing a total of 27 security holes, 13 of them in Internet Explorer. The rest of the patches affect all currently supported Windows versions, the .NET Framework, Remote Desktop, Lync and Dynamics AX. A patch that had been announced for Visual Basic for Applications has yet to be released.

The most important updates are bundled in the cumulative Internet Explorer patch (MS12-037), which includes fixes for the holes that were targeted by Pwn2Own exploits. Microsoft is the last of the companies to close the exposed holes that were targeted during the Pwn2Own competition; Google and Mozilla fixed their browsers in March. According to Michael Kranawetter, Microsoft’s Chief Security Advisor in Germany, the IE patch also affects the Windows 8 Consumer Preview, and therefore Internet Explorer 10.

Another urgent update is MS12-036, which concerns denial of service and remote code execution vulnerabilities in the Remote Desktop features built into all supported versions of Windows. The third critical update affects the .NET Framework (MS12-038). The remaining 4 updates are rated “important” by Microsoft and close code execution bugs in Lync and privilege escalation holes in Dynamics AX and Windows.

No patch has so far been released for the critical hole in Microsoft’s XML Core Services that can be targeted via Internet Explorer and Office documents. The vulnerability affects all versions of Windows. Microsoft has released a security advisory and recommends that users apply a “Fix it” solution until a proper patch has been made available. Google says that, on 30 May, it informed Microsoft that this hole is actively being exploited to target Windows systems.

Microsoft revokes certificates used to sign the Flame trojan

windows updateAvira TechBlog Wrote:

Microsoft released Security Advisory 2718704 which revokes some certificated which apparently were used to sign the trojan Flame.

In a blog post, Microsoft explains how they discovered that some components of the malware have been signed by certificates that allow software to appear as if it was produced by Microsoft. The certificates issued by the Terminal Services licensing certification authority, which are intended to only be used for license server verification, were also used to sign code and make it look like as if it was originated from Microsoft.

We highly recommend that all users apply this update immediately.

Read the post here:

To Install this update visit

Windows XP in update loop

WindowsXP040H-Online: Users of Windows XP are reporting more problems with recent automatic updates. Three security updates for .NET Framework 2.0 and 3.5 are at the center of the problem, labeled as patches KB2518664, KB2572073 and KB2633880 in Windows XP’s automatic update feature.

On affected systems, the installation of these patches proceeds without error but after a short time, the update service says it would like to install them again and will keep reinstalling the patches if allowed. Microsoft’s general advice in this situation is to reset Windows Update components, though it has yet to offer any specific advice. It is interesting to note that the three patches in question were not released on Microsoft’s official patch day.

Microsoft Patch Tuesday more extensive than anticipated

windows updateThe H-Online: As previously announced, Microsoft has released seven bulletins to close a total of 23 vulnerabilities on its May Patch Tuesday. The total number of bulletins belies the scope of the patches, however, as the combined update MS12-034 closes various holes in numerous products.

The reason for this is a critical hole in the code for processing TrueType fonts that was exploited by the Duqu spyware last year. The hole was closed in the Windows kernel on the December Patch Tuesday; however, Microsoft has since used a code scanner to track down the vulnerable code in numerous other components; among them is the gdiplus.dll library, which is used by various browsers to render web fonts.

Some of the vulnerable files contained further holes that Microsoft also patched within the same bulletin – meaning that this update fixes a number of other flaws in addition to the original vulnerability. It closes holes in all currently supported versions of Windows (from XP SP3 onwards, including Server), Office, the .NET framework and Silverlight. These “bonus” holes include three privilege escalation problems in the Windows kernel, including flaws in the code for processing keyboard layouts.

Bulletin MS12-029 closes a critical hole in the code for processing RTL documents. It affects Office 2003, 2007 as well as Office Compatibility Packs SP2 and 3. The vulnerability has also been closed in Office for Mac 2008 and 2011. Bulletin MS12-035 addresses two critical holes in the .NET framework.

The remaining four bulletins fix holes that have the second highest threat rating, being classified as “important” by Microsoft. These vulnerabilities affect Office, Visio Viewer 2010, the Windows partition manager and the Windows firewall and TCP stack.

Microsoft and Adobe to address critical vulnerabilities on Patch Tuesday

The H-Online: The Tuesday after the Easter weekend, 10 April, is set to be a busy one for system administrators as Microsoft and Adobe have sent out notifications that they will both be issuing fixes for critical vulnerabilities in their products.

windows updateMicrosoft’s April notification says there will be four critical advisories concerning Microsoft Windows, Internet Explorer, .NET Framework, Office, SQL Server, Microsoft Server and Developer tools, which all lead to remote code execution. A fifth remote code execution vulnerability in Office is marked as important, as is a sixth information disclosure issue in Microsoft’s Forefront United Access Gateway. The critical bulletins will affect all versions of Windows, from Windows XP SP3 to Windows Server 2008R2. One critical bulletin for Internet Explorer covers IE 6, 7, 8 and 9

adobe_logo200Adobe’s prenotification advisory says that high priority fixes for Adobe Reader and Adobe Acrobat 9.5 and earlier 9.x versions for Windows will be released on 10 April. Adobe places a lower priority on fixes that it will be issuing for the same versions of Reader and Acrobat on Macintosh and for Reader on Linux. It also gives that same lower priority to patches for Adobe Reader X and Acrobat X on Windows and Macintosh.

Microsoft’s Patch Tuesday will close a critical Windows vulnerability

windows updateThe H-Security: Next week’s Patch Tuesday sees Microsoft planning to publish a total of six bulletins, including one that addresses a critical vulnerability in all versions of Windows from Windows XP service pack 3 to Windows 7 service pack 1 and Windows Server 2008 R2. The rating means that the hole enables attackers to infect a system via the internet and inject malicious code. Other bulletins will address a privilege elevation flaw which affects the same span of Windows versions.

Microsoft also plans to close an important denial of service vulnerability in Windows Server 2003 SP2, 2008 SP2 and 2008 R2. Another bulletin will address a “moderate” denial of service bug which affects Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1 and Windows Server 2008 R2. Windows developers will find that an elevation of privilege flaw in Visual Studio 2008 and 2010 is also addressed. All versions of another development tool, Microsoft Expression Design, will also receive a fix for an important remote code execution flaw in the application.