• Tag Archives microsoft news

  • Microsoft released eight security bulletins on Tuesday that address dozens of vulnerabilities including a zero-day flaw

    Posted on by admin Comment
    Microsoft Patches 3 Zero-day Vulnerabilities actively being Exploited in the Wild

    As part of monthly patch update, Microsoft released eight security bulletins on Tuesday that address dozens of vulnerabilities including a zero-day flaw reportedly being exploited by Russian hackers to target NATO computers and a pair of zero-day Windows vulnerabilities that attackers have been exploiting to penetrate major corporations’ networks.

    Just a day before yesterday, our team reported you about a Zero-day vulnerability discovered by the cyber intelligence firm iSight Partners affecting all supported versions of Microsoft Windows and is being exploited in a five-year old cyber-espionage campaign against the Ukrainian government and U.S organisations.

    Researchers at FireEye found two zero-day flaws, used in separate, unrelated attacks involving exploitation of Windows kernel, just a day after iSight partners disclosed zero-day in Windows. The pair of zero-day vulnerabilities could allow an attacker to access a victim’s entire system.

     

    According to the researchers at FireEye, the two of three so-called zero-day flaws are being actively exploited in the wild by hackers and are being used as “part of limited, targeted attacks against some major corporations.”

    Microsoft updates for the month of October 2014 Patch Tuesday address several vulnerabilities in all currently supported versions of Windows, Internet Explorer, Office, Sharepoint Server and the .Net framework. Three of the bulletins are marked “critical” and rest are “important” in severity. Systems administrators are recommended to apply the patches immediately for the critical updates.

    The zero-day flaw (CVE-2014-4114) discovered by iSight partners in all supported versions of Microsoft Windows and Windows Server 2008 and 2012 that is being exploited in the “Sandworm” cyberattack, are patched as part of MS14-060. Microsoft rated Bulletin MS14-060 as important rather than critical because it requires a user to open a Microsoft Office file to initiate the remote code execution.

    The vulnerability [exists in Windows OLE] could allow remote code execution if a user opens a Microsoft Office file that contains a specially crafted OLE object,” Microsoft warned in its bulletin. “An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the current user.” (OLE is Microsoft technology for creating complex documents that contain a combination of text, sound, video and other elements.)

    However, the two zero-days discovered by FireEye are patched as part of MS14-058 and are marked critical. They are designated CVE-2014-4148 and CVE-2014-4113.

    We have no evidence of these exploits being used by the same actors. Instead, we have only observed each exploit being used separately, in unrelated attacks,” FireEye explained.

    CVE-2014-4148 exploits a vulnerability in TrueType Font (TTF) processing. TTF processing is performed in kernel mode as part of the GDI and has been the source of critical vulnerabilities in the past as well.

    The vulnerability affects Windows 8.1/Windows Server 2012 R2, Windows 8/Windows Server 2012, Windows 7/Windows Server 2008 R2 (Service Pack 0 and 1) and Windows XP Service Pack 3. It affects both 32-bit and 64-bit versions of the Operating System, but the attacks have only been observed against 32-bit systems.

    However, CVE-2014-4113 is a local Elevation of Privilege (EoP) vulnerability that affects all versions of Windows including Windows 7, Vista, XP, Windows 2000, Windows Server 2003/R2, Windows Server 2008/R2, Windows 8.x and Windows Server 2012/R2.

    Out of remaining bulletins, two are rated critical, both address remote code execution vulnerability in Internet Explorer and Microsoft .NET Framework respectively. Remaining bulletins are rated important in severity, include elevation of privilege bugs, Security Feature Bypass, and a remote code execution flaw.

    Please Visit our Computer News Website and Blog

    for latest computer repair and online news.

    Local and Online Virus removal and computer repairs anytime, anywhere

    Fort Lauderdale, Miami, Boca Raton, Boynton Beach and all South Florida


    📂This entry was posted in Computer News 📎and tagged

  • Microsoft throws old versions of Internet Explorer under the bus

    Posted on by admin Comment

    Come 2016, if you’re not up to date you’re on your own – enjoy your security bugs

    Microsoft has confirmed that it’s ending support for old versions of Internet Explorer, and it’s giving you just shy of 18 months to get up to date.

    Roger Capriotti, director of the IE team, blogged on Thursday that beginning on January 12, 2016, only the most recent version of IE on any supported version of Windows will continue to receive technical support and security updates.

    As of today, that means IE9 on Windows Vista SP2 and Windows Server 2008 SP2, IE10 on Windows Server 2012, and IE11 on any later version of Windows (including Windows Server 2012 R2).

    In fact, the only reason IE9 is still being supported on Vista is because no later versions will run on that little-loved OS. IE9 never won high marks from web devs, and Google, for one, has already discontinued support for it in Gmail and Google Apps.

    “For customers not yet running the latest browser available for your operating system, we encourage you to upgrade and stay up-to-date for a faster, more secure browsing experience,” Capriotti wrote.

    Microsoft is a late convert to web-standards religion, having spent the better part of 20 years releasing browsers that rendered sites in ways that were incompatible with rivals like Firefox, Chrome, and Safari.

    These days, the software giant markets standards compliance as a key feature of IE11, and it has even gone as far as to claim it’s had to build workarounds into its browser to support websites that are coded using the competition’s nonstandard features.

    Redmond even seems to want to atone for its own past bad behavior. It’s now encouraging commercial customers who have built their bespoke web apps for older, patently terrible versions of IE to upgrade to IE11 and use its “Enterprise Mode” to maintain backward compatibility with those standards-shirking browsers.

    Enterprise Mode, which Microsoft shipped with the Windows 8.1 Update and as a standalone patch in April, makes IE11 behave like IE8, even going as far as to announce the old version to websites and ActiveX controls that have been hard-coded for specific browser releases.

    Concurrent with its announcement of the end of support for old IE versions, Microsoft said on Thursday that it will continue to support Enterprise Mode through the full lifecycle of whichever OS IE11 is running on – meaning it will be supported on Windows 7 through January 14, 2020, for example.

    As Microsoft points out, however, most consumers won’t have to worry about much of this – at least until their version of Windows reaches the end of its lifecycle – because they get the latest version of IE installed automatically as a function of Windows Automatic Updates.

    Please Visit our Computer News Website and Blog

    for latest computer repair and online news.

    Local and Online Virus removal and computer repairs anytime, anywhere

    Fort Lauderdale, Miami, Boca Raton, Boynton Beach and all South Florida


    📂This entry was posted in Computer News 📎and tagged

  • Microsoft will Alert Windows XP users to Upgrade

    Posted on by admin Comment

    In case you didn’t know already, Microsoft will be dropping support for Windows XP (SP3) and Office 2003 on April 8, 2014. From this date onwards, Microsoft will no longer provide new security updates, non-security hotfixes, free or paid assisted support options or online technical content updates.

    As such, use of Windows XP after this date (on non-isolated systems) is strongly discouraged. Indeed, to encourage PC owners to upgrade from Windows XP Microsoft will be presenting an official notification on the desktop of those Windows XP customers who are using the Home or Professional editions and who have elected to receive updates via Windows Update.

    The notification will look like this:

    Notification_5F00_64E154AA.jpg

    Note: this is a genuine notification and not a symptom of malware (which often uses similar looking prompts to entice a user to download further malicious software.

    Microsoft have also partnered with Laplink to provide Windows XP users with a free data migration tool called PCmover Express. This tool for Windows XP will copy over your files and settings from your Windows XP PC to a new device running Windows 7, Windows 8 or Windows 8.1. It will be available for download from windowsxp.com soon.

     

    WWW.CCREPAIRSERVICES.COM


    📂This entry was posted in Computer News 📎and tagged

  • Windows 9 to be released in April 2015

    Posted on by admin Comment

    [​IMG]

    If you compare how Windows 8 has been doing until now to how Windows 7 did in its first two years of existence, you will come to the conclusion that it did not do as well.

    Some say it failed as much as Windows Vista did, and while there are certainly similarities between the two operating systems, it is an unfair comparison.

    While Vista and 8 shipped after hugely successful Windows versions, XP and 7 to be precise, the why they failed is different.

    As far as Windows 8 is concerned, it failed because it concentrated too much on the creation of a unified platform, on mobile and touch features, and not enough on the desktop part of the system.

    In addition, decisions to make live for desktop users difficult, by removing the start menu or forcing them to start on the Start Screen interface, added to the frustration of many users.

    And then there is the slowing of the PC market, largely attributed by a shift to mobile and consumption, and by the fact that PC hardware has not seen any evolution in recent time.

    Microsoft did restore some features with Windows 8.1, and the upgrade is seen by many as a baby-step in the right direction.

    What we do know for certain is that a service-pack like upgrade will be released in April 2014 for Windows 8.1. It is not clear if it will introduce any new features or modifications to the operating system.

    The update could however be the last for Windows 8, as Microsoft could release Windows 9 as early as April 2015 according to Paul Thurrott.

    It is a rumor at this point in time, but according to Paul’s unnamed sources, Windows Threshold could indeed be Windows 9.

    Again, this is a rumor and subject to change. It would however make sense to move away from the Windows 8 name as soon as possible due to its performance up to this point. It would also keep the “every second Windows is a good Windows” rule alive, provided that Microsoft is improving the experience for desktop users on Windows 9.

    Two of the previous rumors in regards to Windows Threshold are that it will bring back a full start menu, and that it will allow users to run apps on the desktop in windows.

    According to Paul, Microsoft will deliver three milestone releases prior to the public availability of Windows 9 in April 2015. The company won’t release an early alpha version on this year’s Build conference though as work won’t have started yet on that version.

    Microsoft has a year to deliver Windows 9. Some may say that this is not a long time, and that it is unlikely that Windows 9 will ship with many major changes and feature additions in comparison to Windows 8.

    It is however enough time to further modify the operating system to make it more appealing to desktop users.

    ONLINE COMPUTER REPAIR SERVICES AND NEWS AT

    www.ccrepairservices.com


    📂This entry was posted in Computer News 📎and tagged