Microsoft Global Criminal Compliance Handbook

URL: http://www.stallman.org/archives/2009-nov-feb.html#27%20February%202010%20%28Microsoft%20Global%20Criminal%20Compliance%20Handbook%20%29

27 February 2010 (Microsoft Global Criminal Compliance Handbook )

The Microsoft Global Criminal Compliance Handbook shows just how much info Microsoft will cheerfully give to the police about users.

Microsoft attacking free speech

URL: http://www.stallman.org/archives/2009-nov-feb.html#27%20February%202010%20%28Microsoft%20attacking%20free%20speech%29

27 February 2010 (Microsoft attacking free speech)

Microsoft used the DMCA to shut down the cryptome site, which published leaked material showing how Microsoft facilitates spying on its customers.

Copyright and censorship have been intimately linked for hundreds of years. This illustrates one of the injustices of copyright law in the US and many other countries today.

Shame on Network Solutions. People should move their business to other ISPs as a punishment for its rolling over.

Who's really to blame for the Windows XP Patch BSOD?

URL: http://linuxtoday.com/news_story.php3?ltsn=2010-02-19-022-35-SC-MS

Sure, It's Secure: "More than a week after Microsoft released an XP patch that seemed to cause BSODs (Blue Screen of Death), Microsoft announced that the immediate cause was the Alureon rootkit. Fair enough, but what about the 17-year old Windows security hole that the rootkit was exploiting?"

Microsoft confirms rootkit caused Windows XP blue screens

URL: http://www.engadget.com/2010/02/19/microsoft-confirms-rootkit-caused-windows-xp-blue-screens/

When malware writers fail to generate clean, reliable code, just who can you trust? On the heels of many Windows XP 32-bit users facing blue screen of death errors and unwanted reboots, Microsoft is now confirming that there's a little bit of malicious code sitting at the root of it all. A rootkit, to be specific, one called Alureon that compromises the atapi.sys file and others. This rootkit makes a system call via an address that, after the update, no longer corresponds to the particular call Alureon is trying to make. This is apparently the cause of the BSODs, not the update itself, and so those suffering from similar issues can resolve them by simply replacing corrupted system files via the recovery console. It won't be as much fun as using Microsoft's more popular console, but should at least cure what ails you.

Microsoft confirms rootkit caused Windows XP blue screens originally appeared on Engadget on Fri, 19 Feb 2010 10:46:00 EST. Please see our terms for use of feeds.

Permalink Slashdot  |  Microsoft Malware Protection Center  | Email this | Comments

Windows XP patch fiasco gets even crazier, Microsoft now scrambling for solutions

URL: http://www.engadget.com/2010/02/13/windows-xp-patch-fiasco-gets-even-crazier-microsoft-now-scrambl/

If you ever needed a reason to go Linux, here you go. The noise surrounding this patently obscure Windows XP bug / patch fiasco has just reached a fever pitch, and now we've got engineers within Redmond scratching their heads, too. As the story goes, Microsoft recently patched a security hole that took care of an antediluvian DOS vulnerability, and in doing so, some users began to see BSODs and endless reboots. Today, we've learned that the patch has been yanked, and Microsoft is suggesting that malware is to blame. But here's the skinny -- the patch simply disturbed the malware, which called a specific kernel code that directs your PC to keel over; in other words, any application that calls that same code could theoretically leave your machine in dire straits. And that, friends, probably explains the software giant's following quote:

"In our continuing investigation in to the restart issues related to MS10-015 that a limited number of customers are experiencing, we have determined that malware on the system can cause the behavior. We are not yet ruling out other potential causes at this time and are still investigating."

Rock, meet hard place.

Windows XP patch fiasco gets even crazier, Microsoft now scrambling for solutions originally appeared on Engadget on Sat, 13 Feb 2010 00:33:00 EST. Please see our terms for use of feeds.

Permalink Yahoo! Tech  |  TechNet  | Email this | Comments

Windows Patch Leaves Many XP Users With Blue Screens

URL: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/H3WjF_Fvw2w/Windows-Patch-Leaves-Many-XP-Users-With-Blue-Screens

CWmike writes "Tuesday's security updates from Microsoft have crippled Windows XP PCs with the notorious Blue Screen of Death (BSOD), users have reported on the company's support forum. Complaints began early yesterday, and gained momentum throughout the day. 'I updated 11 Windows XP updates today and restarted my PC like it asked me to,' said a user identified as 'tansenroy' who kicked off a growing support thread: 'From then on, Windows cannot restart again! It is stopping at the blue screen with the following message: 'A problem has been detected and Windows has been shutdown to prevent damage to your computer.' Others joined in with similar reports. Several users posted solutions, but the one laid out by 'maxyimus' was marked by a Microsoft support engineer as the way out of the perpetual blue screens."

Read more of this story at Slashdot.

Microsoft Claims Windows 7 Has No Battery Life Problems, Customers Say Otherwise

URL: http://www.dailytech.com/Microsoft+Claims+Windows+7+Has+No+Battery+Life+Problems+Customers+Say+Otherwise/article17636.htm

Users unsatisfied with Microsoft's response

Microsoft investigating disappearing music from Zune Pass

URL: http://feeds.arstechnica.com/~r/arstechnica/index/~3/inesnYtItH4/microsoft-investigating-disappearing-music-from-zune-pass.ars

According to a post on the Zune Forums, owners of the Zune Pass are having a bit of trouble accessing the music they're paying for with their subscription, as first reported by Engadget. In less than two weeks, the thread in question has passed 50 replies as users complain and list what they can no longer access: specific songs, entire albums, or even everything produced by an artist.

The sixth reply in the thread is thankfully one from a Microsoft representative. "Hey all—we're hearing you! We are investigating your reported missing albums indicated in this post—and will come back to you as soon as we understand why they're missing," Michelle A. of the Zune Product Team writes. "It is extremely helpful that you advise the album title and artist names to us, so that we can include them into our investigation." As a result, the rest of the thread is filled with lists of missing tracks. Apart from the initial response, Microsoft has not posted an explanation of what has gone wrong or how it plans to fix the issue. Customers affected are confused and annoyed as they are constantly seeing errors when trying to play parts of their music collection.

The only way users can still access missing songs is if they previously saved them (Zune Pass subscribers get to choose 10 songs each month to keep). Microsoft's customer service is pointing to record labels pulling music, but the reports from users suggests there's no pattern in the content that is being pulled. We will let you know when Microsoft has an explanation and/or a solution to this issue.

Microsoft Finally To Patch 17-Year-Old Bug

URL: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/ddIHpYpCsBY/Microsoft-Finally-To-Patch-17-Year-Old-Bug

eldavojohn writes "Microsoft is due for a very large patch this month, in which five critical holes (that render Windows hijackable by an intruder) are due to be fixed, in addition to twenty other problems. The biggest change addresses a 17-year-old bug dating back to the days of DOS, discovered in January by their BFF Google. The patch should roll out February 9th."

Read more of this story at Slashdot.

Sumido da mídia, vírus Conficker continua dando trabalho

URL: http://redir.folha.com.br/redir/online/folha/informatica/rss091/*http://www1.folha.uol.com.br/folha/informatica/ult124u690134.shtml

O Conficker, praga virtual descoberta no fim de 2008, segue bastante ativo, de acordo com o relatório "The State of the Internet" (O estado da internet), da Akamai.O Brasil e a Rússia, que no terceiro trimestre de 2009 foram os países dos quais se originou o maior tráfego de ataques virtuais, estão entre os principais países atingidos pelo vírus, que já infectou, segundo estimativas, de 8 milhões a 12 milhões de computadores ao redor do mundo.Entenda a ameaça do vírus ConfickerLeia mais (06/02/2010 - 08h05)

Windows 7 stability fix breaks stability, puzzles Microsoft

URL: http://feeds.arstechnica.com/~r/arstechnica/index/~3/C4p1ke2iucI/windows-7-stability-update-breaks-stability-for-some-users.ars

Last week, Microsoft posted a slew of non-security updates for Windows 7, one of which was titled as follows: "An update is available to improve the stability and the reliability of Windows 7 and Windows Server 2008 R2." Unfortunately, according to a thread on Microsoft TechNet, the update (KB977074) is actually breaking the stability and reliability of the operating system.

"I [j]ust installed this update and my system hangs/freeze[s] at the windows bootup screen," the thread starter wrote. Another user went a little more in-depth: "At shutdown the PC often hangs with a message that a program is still running. Forcing program end does not work. The PC hangs for minutes until I press the PC’s power button. During one startup, a message came up indicating I needed to validate Windows 7. Therefore the PC lost the validation information. The revalidate succeeded. Shutdown problems consistently occur after running media center. Also have problems with recorded TV programs. Intermittently can't burn a recorded TV program to disc. After this failure occurs, a subsequent shutdown produces a hang 100% of the time."

Microsoft Patch Tuesday for February 2010: 13 bulletins

URL: http://feeds.arstechnica.com/~r/arstechnica/index/~3/Ez1ks1HT3HY/microsoft-patch-tuesday-for-february-2010-13-bulletins.ars

According to the Microsoft Security Response Center, Microsoft will issue 13 Security Bulletins addressing 26 vulnerabilities on Tuesday, and it will host a webcast to address customer questions about the bulletins the following day (February 10 at 11:00am PST, if you're interested). Five of the vulnerabilities are rated "Critical," seven are marked as "Important," and the last one is classified as "Moderate." All of the Critical vulnerabilities earned their rating through a remote code execution impact, meaning a hacker could potentially gain control of an infected machine. At least 10 of the 13 patches will require a restart.

The list of affected operating systems includes Windows 2000, Windows XP (x86 and x64), Windows Server 2003 (x86 and x64), Windows Vista (x86 and x64), Windows Server 2008 (x86 and x64), Windows 7 (x86 and x64), and Windows Server 2008 R2 (x86 and x64). In terms of the Microsoft Office suites, only older versions are affected: Office XP, Office 2003, and Microsoft Office 2004 for Mac.

Compared to last month's quiet Patch Tuesday, this one is quite a whopper. The exact breakdown of the bulletins is as follows:

• Bulletin 1: Critical (Remote Code Execution), Windows
• Bulletin 2: Critical (Remote Code Execution), Windows
• Bulletin 3: Critical (Remote Code Execution), Windows
• Bulletin 4: Critical (Remote Code Execution), Windows
• Bulletin 5: Critical (Remote Code Execution), Windows
• Bulletin 6: Important (Remote Code Execution), Office
• Bulletin 7: Important (Remote Code Execution), Office
• Bulletin 8: Important (Remote Code Execution), Windows
• Bulletin 9: Important (Denial of Service), Windows
• Bulletin 10: Important (Elevation of Privilege), Windows
• Bulletin 11: Important (Remote Code Execution), Windows
• Bulletin 12: Important (Denial of Service), Windows
• Bulletin 13: Moderate (Elevation of Privilege), Windows

If you're wondering, the 17-year-old Windows hole we reported on last month is indeed being plugged next week. As for the Internet Explorer flaw disclosed this week, Microsoft understandably isn't ready to patch it yet. What is worrying, however, is that Redmond says it is still working on a patch for the SMB flaw that can be used crash Windows 7 and Server 2008 R2 remotely. That was disclosed three months ago, so the company is lagging quite a bit with that one.

Along with these patches, Microsoft is also planning to release the following on Patch Tuesday:

• One or more nonsecurity, high-priority updates on Windows Update (WU) and Windows Server Update Services (WSUS)
• One or more nonsecurity, high-priority updates on Microsoft Update (MU) and WSUS
• An updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Microsoft Download Center

This information is subject to change by Patch Tuesday; Microsoft has been known to rush patches as well as pull them if it deems it necessary.

Craig Mundie Wants "Internet Driver's Licenses"

URL: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/qgYel_JuOMI/Craig-Mundie-Wants-Internet-Drivers-Licenses

I Don't Believe in Imaginary Property writes "Craig Mundie, Microsoft's Chief Research and Strategy Officer, called for the creation of an 'Internet Driver's License' at the World Economic Forum in Davos, saying, 'If you want to drive a car you have to have a license to say that you are capable of driving a car, the car has to pass a test to say it is fit to drive and you have to have insurance.' Of course, there are quite a few problems with this. For starters, internet use cannot yet cause death or dismemberment like car accidents can; and this would get rid of most of the good of internet anonymity while retaining all of the bad parts, especially in terms of expanding the market for stolen identities. Even though telephone networks have long been used by scammers and spammers/telemarketers, we've never needed a 'Telephone Driver's License.'"

Read more of this story at Slashdot.

IE Flaw Gives Hackers Access To User Files

URL: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/D9eopFZr8AE/IE-Flaw-Gives-Hackers-Access-To-User-Files

snydeq writes "Microsoft warned that a flaw in IE gives attackers access to files stored on a PC under certain conditions. 'Our investigation so far has shown that if a user is using a version of Internet Explorer that is not running in Protected Mode an attacker may be able to access files with an already known filename and location,' Microsoft said in a security advisory. The vulnerability requires that an attacker knows the name of the file they want to access, according to the company."

Read more of this story at Slashdot.

Former VP Says Microsoft is "Failing" Despite Windows 7 Profits

URL: http://www.dailytech.com/Former+VP+Says+Microsoft+is+Failing+Despite+Windows+7+Profits/article17613.htm

Executive blames lack of creativity for the supposed problems at Microsoft, points to RIM, Apple, and Amazon as innovators

Hacking for Fun and Profit in China’s Underworl

URL: http://linuxtoday.com/news_story.php3?ltsn=2010-02-04-022-35-NW-NT

NY Times: “Microsoft and Adobe have a lot of zero days,” he said, while scanning Web sites at home. “But we don’t publish them. We want to save them so that some day we can use them.”