Incoming patches for all IE versions

Subject: General Tech | April 28, 2014 - 12:27 PM |
Tagged: internet explorer, windows, microsoft

We have another IE flaw, one which applies to IE6 though IE11 and officially all versions of Windows since Vista; unofficially it will also effect the non-supported legacy OS versions as well.  This particular issue is not a memory overflow but instead is what is referred to as use-after-free which does make it somewhat harder to craft a webpage to take advantage of.  Corporate users of the Enhanced Mitigation Experience Toolkit should make sure their users are up to date while the rest of us who are using IE should consider Protected Mode or upping your Security to high.  Pop by The Register for a link to the full description of the vulnerability.

Internet_Explorer_7_Logo.png

"The flaw means the browser “may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer"."

Here is some more Tech News from around the web:

Tech Talk

Source: The Register

This is becoming somewhat of a habit Microsoft

Subject: General Tech | April 15, 2014 - 02:44 PM |
Tagged: microsoft, win 8.1, win 8.1 update

The end of support for XP is an annoying but sensible move on Microsoft's part however today's announcement that Windows 8.1 EoL is the Patch Tuesday in May is anything but sensible.  The announcement states that no more updates for Win 8.1 will be released, if a customer wants to receive updates they must still be running Win 8 or upgrade to Win 8.1 Update 1.  The continued support for Win 8 machines seems rather odd and is perhaps intended to mollify corporate users who have not had the 8.1 patch pushed out as Microsoft has removed Win 8.1 Update 1 from their WSUS servers over a week ago making it impossible for corporations to properly upgrade their users to Update 1.   For those who bought a device recently this deadline does not give them much time to apply Update 1, especially when you consider the amount of critical errors installing Update 1 is causing.  Catch the vitriol over at Slashdot and think back to the good old days when all you had to keep track of were the various flavours of Win7.

World Wired Web_4.jpg

"Microsoft TechNet blog makes clear that Windows 8.1 will not be patched, and that users must get Windows 8.1 Update if they want security patches, InfoWorld's Woody Leonhard reports. 'In what is surely the most customer-antagonistic move of the new Windows regime, Steve Thomas at Microsoft posted a TechNet article on Saturday stating categorically that Microsoft will no longer issue security patches for Windows 8.1, starting in May,' Leonhard writes. 'Never mind that Windows 8.1 customers are still having multiple problems with errors when trying to install the Update."

Here is some more Tech News from around the web:

Tech Talk

Source: Slashdot

Microsoft's customers are not always right

Subject: General Tech | April 8, 2014 - 12:53 PM |
Tagged: winxp, microsoft, dumb

With around 95% of the world's ATMs and over 27% of PCs still running WinXP, not counting the ones hiding behind enterprise firewalls, it is rather ironic to refer to XP as dead.  Referring to it as unsupported is certainly more accurate though considering the number of governments and banks around the world which have paid Microsoft to extend support that is not completely factual either.  After 13 years of service, perhaps Microsoft has found a new business model to squeeze a bit more profit from WinXP by charging for updates; if they don't take advantage of it then there are third parties which would be more than happy to profit from those who plan to continue to use WinXP.

This forced upgrade makes some sense for Microsoft as it will lower the legacy workload that XP has caused over 3 new generations of OS but at the same time there is obviously money to be made from supporting large corporations, governments and institutions.  This will also cause a bit of a backlash in the boardroom as the lofty minds in upper management dig their heels in about having to learn a new interface and begin to question what happens when support for the version of Windows they chose to replace WinXP expires and they are again forced to spend huge amounts of money upgrading again.  It is unlikely that a large majority of these companies will make the move to Linux but they may well hear about that OS for the first time and consider testing it in limited fashion.  Two things are for certain; Microsoft has at the least annoyed some very powerful corporate heads and that no one will care when support for Vista ends in 2017.

microsoft-windows-xp-sp3-office-2003-end-of-support_thumb.png

"Introduced by Microsoft in 2001, Windows "eXPerience" was the seventh version of Windows released by Microsoft as a convergent replacement for the short lived Windows 2000 and Windows ME, becoming Microsoft's first consumer PC operating system based on the Windows NT code base."

Here is some more Tech News from around the web:

Tech Talk

Source: The Inquirer

BUILD 2014: Windows Sideloading Changes Announced

Subject: General Tech, Systems, Shows and Expos | April 8, 2014 - 01:11 AM |
Tagged: BUILD 2014, microsoft, windows, winRT

A few days ago, I reported on the news from BUILD 2014 that Windows would see the return of the Start Menu and windowed apps. These features, which are not included with today's Windows 8.1 Update 1, will come in a later version. While I found these interface changes interesting, I reiterated that the user interface was not my concern: Windows Store certification was. I did leave room for a little hope, however, because Microsoft scheduled an announcement of changes. It was focused on enterprise customers, so I did not hold my breath.

And some things did change... but not enough for the non-enterprise user.

tiles2.jpg

Microsoft is still hanging on to the curation of apps, except for "domain-joined" x86 Enterprise and x86 Pro PCs; RT devices and "not domain-joined" computers will only allow sideloaded apps with a key. This certificate (key) is not free for everyone. Of course, this does not have anything to do with native x86 applications. Thankfully, the prospect of WinRT APIs eventually replacing Win32, completely, seems less likely now. It could still be possible if Windows Store has a major surge in popularity but, as it stands right now, Microsoft seems to be spending less effort containing x86 for an eventual lobotomy.

If it does happen, it would be a concern for a variety of reasons:

  1. Governments, foreign or domestic, who pressure Microsoft to ban encryption software.

  2. Internet Explorer's Trident would have no competition to adopt new web standards.

  3. Cannot create an app for just a friend or family member (unless it's a web app in IE).

  4. When you build censorship, the crazies will come with demands to abuse it.

So I am still concerned about the future of Windows. I am still not willing to believe that Microsoft will support x86-exclusive applications until the end of time. If that happens, and sideloading is not publicly available, and web standards are forced into stagnation by a lack of alternative web browsers, then I can see bad times ahead. I will not really feel comfortable until a definitive pledge to allow users to control what can go on their device, even if Microsoft (or people with some form of authority over them) dislikes it, is made.

But I know that many disagree with me. What are your thoughts? Comment away!

Source: ZDNet

Build 2014: .NET Foundation Announced with Open Source

Subject: General Tech, Shows and Expos | April 4, 2014 - 03:42 AM |
Tagged: BUILD 2014, microsoft, .net

Microsoft has announced the creation of the .NET Foundation along with the open source release of several .NET frameworks and languages. This comes a day after the simultaneous unveiling and open sourcing of WinJS, a JavaScript library which brings "Modern"-like interface elements to websites (and web apps). While building block APIs are common, this could help Microsoft's design paradigms gain traction with apps from other platforms.

microsoft-dotnet-foundation.png

.NET has been very popular since its initial release. I saw it used frequently in applications, particularly when a simple form-like interface is required. It was easy to develop and accessible from several languages, such as C++, C#, and VB.NET. Enterprise application developers were particularly interested in it, especially with its managed security.

The framework drove an open source movement to write their own version, Mono, spearheaded by Novell. Some time later, the company Xamarin was created from the original Mono development team and maintains the project to this day. In fact, Miguel de Icaza was at Build 2014 discussing the initiative. He seems content with Microsoft's new Roslyn compiler and the working relationship between the two companies as a whole.

WinJS is released under the very permissive Apache 2.0 license. Other code, such as Windows Phone Toolkit, are released under other licenses, such as the Microsoft Public License (Ms-PL). Pay attention to any given project's license. It would not be wise to assume. Still, it sounds like a good step.

Source: ZDNet

Build 2014: Microsoft Presents New Start Menu

Subject: General Tech, Shows and Expos | April 2, 2014 - 09:53 PM |
Tagged: BUILD 2014, microsoft, windows, start menu

Microsoft had numerous announcements during their Build 2014 opening keynote, which makes sense as they needed to fill the three hours that they assigned for it. In this post, I will focus on the upcoming changes to the Windows desktop experience. Two, albeit related, features were highlighted: the ability to run Modern Apps in a desktop window, and the corresponding return of the Start Menu.

I must say, the way that they grafted Start Screen tiles on the Start Menu is pretty slick. The Start Menu, since Windows Vista, has felt awkward with its split between recently used applications and common shortcuts in a breakout on the right with an expanded "All Programs" submenu handle on the bottom. It is functional, and it works perfectly fine, but something just felt weird about it. This looks a lot cleaner, in my opinion, especially since its width is variable according to how many applications are pinned.

Of course, my major complaint with Windows 8.x has nothing to do with the interface. There has not been any discussion around sideloading applications to get around Windows Store certification requirements. This is a major concern for browser vendors and should be one for many others, from hobbyists who might want to share their creations with one or two friends or family members, rather than everyone in an entire Windows Store region, or citizens of countries whose governments might pressure Microsoft to ban encryption or security applications.

That said, there is a session tomorrow called "Deploying and Managing Enterprise Apps", discussing changes app sideloading in Windows 8.1. Enterprise users are already allowed sideloading certificates from Microsoft. Maybe it will be expanded? I am not holding my breath.

Keep an eye out, because there should be a lot of news over the next couple of days.

Source: ZDNet

Erosion is inevitable, even in Redmond

Subject: General Tech | April 2, 2014 - 06:11 PM |
Tagged: microsoft, Build Conference, win 8.1

What was once called a Service Pack and is now referred to as 'Update 1' will be arriving soon for those few who currently run Windows 8.1.  The feature with the biggest potential to gain this OS market share is Enterprise mode with legacy support for IE11; allowing large corporations to chose Win 8.1 without having to redesign legacy applications and global intranets from scratch.  It's ability to run on 1GB of memory is also attractive to large industries who have no desire to upgrade the hardware on custom DOM machines nor legacy task specific servers.  The Inquirer also mentioned an intriguing feature referred to as a Start Menu and enhanced support for arcane peripherals such the keyboard and mouse.

images.jpg

"MICROSOFT PREVIEWED the long awaited return of the Start Menu in Windows 8.1 during a surprise announcement on Wednesday, alongside a major update for the software."

Here is some more Tech News from around the web:

Tech Talk

Source: The Inquirer

Ruinous Text Format; watch those attachments!

Subject: General Tech | March 25, 2014 - 12:59 PM |
Tagged: rtf, microsoft, outlook, word, fud

Users of Microsoft Word 2003 to the current version on PC or the 2011 version for Mac, which means any version of Outlook or other Microsoft application in which Word is the default text editor may want to avoid RTF attachments for the next while.  There is an exploit in the wild which could allow a nefariously modified RTF file to give an attacker access to the machine which it was opened on at the same level as the user.  This does mean that those who follow the advice of most Windows admins and do not log in to an administrator level account for day to day work need not worry overly but those who ignore the advice may find themselves compromised.  As The Register points out, just previewing the attachment in Outlook is enough to trigger a possible infection.

computer-virus_thumb.jpg

"Microsoft has warned its Word software is vulnerable to a newly discovered dangerous bug – which is being exploited right now in "limited, targeted attacks" in the wild. There is no patch available at this time."

Here is some more Tech News from around the web:

Tech Talk

Source: The Register

Mozilla Dumps "Metro" Version of Firefox

Subject: Editorial, General Tech | March 16, 2014 - 03:27 AM |
Tagged: windows, mozilla, microsoft, Metro

If you use the Firefox browser on a PC, you are probably using its "Desktop" application. They also had a version for "Modern" Windows 8.x that could be used from the Start Screen. You probably did not use it because fewer than 1000 people per day did. This is more than four orders of magnitude smaller than the number of users for Desktop's pre-release builds.

Yup, less than one-thousandth.

22-mozilla-2.jpg

Jonathan Nightingale, VP of Firefox, stated that Mozilla would not be willing to release the product without committing to its future development and support. There was not enough interest to take on that burden and it was not forecast to have a big uptake in adoption, either.

From what we can see, it's pretty flat.

The code will continue to exist in the organization's Mercurial repository. If "Modern" Windows gets a massive influx of interest, they could return to what they had. It should also be noted that there never was a version of Firefox for Windows RT. Microsoft will not allow third-party rendering engines as a part of their Windows Store certification requirements (everything must be based on Trident, the core of Internet Explorer). That said, this is also true of iOS and Firefox Junior exists with these limitations. It's not truly Firefox, little more than a re-skinned Safari (as permitted by Apple), but it exists. I have heard talks about Firefox Junior for Windows RT, Internet Explorer reskinned by Mozilla, but not to any detail. The organization is very attached to its own technology because, if whoever made the engine does not support new features or lags in JavaScript performance, the re-skins have nothing to leverage it.

Paul Thurrott of WinSupersite does not blame Mozilla for killing "Metro" Firefox. He acknowledges that they gave it a shot and did not see enough pre-release interest to warrant a product. He places some of the blame on Microsoft for the limitations it places on browsers (especially on Windows RT). In my opinion, this is just a symptom of the larger problem of Windows post-7. Hopefully, Microsoft can correct these problems and do so in a way that benefits their users (and society as a whole).

Source: Mozilla

Who wouldn't want a touchscreen enabled version of Excel?

Subject: General Tech | March 14, 2014 - 03:01 PM |
Tagged: microsoft, office, office 365, tablet

The newest member of Microsoft's cloudy version of the world's most common productivity software is called Office 365 Personal and it will provide a single license which can be used on a PC or Mac and one tablet.  The subscription will cost less than the current Office 365 Home Premium which allowed up to five devices access but only offered a version of Office dubbed Office Mobile for tablets and phones.  This will not be the watered down version of Office that ships with WinRT on Surface and while The Register was provided some hints on what the new software will look like we won't be seeing any demos until closer to the launch which will take place this Spring.

index.jpg

"Microsoft will soon debut a new formulation of its Office 365 subscription service aimed at individual consumers, the company said on Thursday, and in the process it hinted that new, touch-centric Office apps may be coming soon."

Here is some more Tech News from around the web:

Tech Talk

Source: The Register