Microsoft said Tuesday that its investigation has turned up no evidence that anything in its November security updates should be causing users to encounter a so-called "black screen of death."
"Microsoft has investigated reports that its November security updates made changes to permissions in the registry that that are resulting in system issues for some customers," Microsoft security response communications lead Christopher Budd said in a statement. "The company has found those reports to be inaccurate and our comprehensive investigation has shown that none of the recently released updates are related to the behavior described in the reports."
Microsoft said it was not contacted by British security firm Prevx before that company went public with its claims. Microsoft said it has reached out to them to let them know the results of its investigation.
The company said on Monday that it would look into the matter, but issued an update later in the day saying it could not verify any issues.
"Our support organization is also not seeing this as an issue," Budd said on Tuesday. "The claims also do not match any known issues that have been documented in the security bulletins or (knowledge base) articles.
Update, 3:15 p.m. PT: Prevx posted an updated blog saying that it has done additional testing.
"Having narrowed down a specific trigger for this condition we've done quite a bit of testing and re-testing on the recent Windows patches," the comapny said. "Since more specifically narrowing down the cause we have been able to exonerate these patches from being a contributory factor."
The company also offered up a mea culpa to Redmond and said it also recommends users keep patching their systems promptly. "We apologize to Microsoft for any inconvenience our blog may have caused."
Microsoft has begun a campaign to actively urge users of its 8-year-old Internet Explorer 6 browser to upgrade.
After launching IE 8 in March, Micosoft has concurred with critics that IE 6 is outdated. Many people have dropped the older browser, but the remaining users are often the tough cases--those who don't have a choice because of corporate computing policy or who aren't tech-savvy enough to realize there's a reason to move on.
This eBay 'Web slice'--basically a live bookmark in Internet Explorer 8--is part of Microsoft's effort to get people to upgrade from IE 6.
(Credit: Screenshot by Stephen Shankland/CNET)It's this latter population Microsoft is targeting with a campaign that runs through June 2010 that touts its own IE 8 as a better alternative. The campaign's first visible elements are a video aimed at online holiday shoppers and a Web slice to promote daily deals at eBay. Web slices are basically live bookmarks that can show miniature Web pages in the browser.
"What we're doing with the outreach is help users understand how to protect themselves against social engineering threats that exist and to help people understand how Internet Explorer 8 puts people in control of their own privacy online," said Ryan Servatius, senior product manager for Internet Explorer. Security was one of the big problems with IE 6, and Microsoft now boasts that security features in IE 8 block 2 million malware sites a day.
According to Net Applications' statistics, Internet Explorer 6 is still the most widely used browser, with 23.3 percent share of usage in October, followed by IE 7 at 18.2 percent and IE 8 at 18.1 percent. The newer browsers are gaining on IE 6, but so are rivals including Mozilla's Firefox, Apple's Safari, and Google's Chrome.
Web developers often gripe about having to support IE 6, which doesn't support many modern features for more sophisticated Web sites and even applications. Microsoft acknowledges that it's holding back development of the Internet, too.
"The best thing a user can do to advance the Web is to help move people off IE 6," Servatius said.
Of course, many will upgrade to IE 8 by buying Windows 7. IE 6 was the browser that shipped with Windows XP, which remains entrenched, but there are signs Windows 7 is a more compelling successor than Windows Vista. That could help the corporate customers move away from IE 6, Servatius said.
"As enterprises migrate from whatever operating system they're using today to Windows 7, that's going to help deprecate IE 6," he said. "What we're doing is working both with consumers worldwide and IT professionals to help them understand what the benefits of a modern browser are."
Microsoft said on Monday that it is looking into reports that its latest security updates are causing some serious problems for certain users.
The problem has been dubbed the "black screen of death" because those affected are left with a black desktop and little else on their screen.
.JPG){kind=logo}
"Microsoft is investigating reports that its latest release of security updates is resulting in system issues for some customers," the software maker said in a statement. "Once we complete our investigation, we will provide detailed guidance on how to prevent or address these issues. "
The issue was noted by British security firm Prevx on its blog on Friday, with that company also offering a suggested fix for the problem.
"The symptoms are very distinctive and troublesome," Prevx said. "After logging on there is no desktop, task bar, system tray or sidebar. Instead you are left with a totally black screen and a single My Computer Explorer window."
Prevx suggested that the black screen issue can occur on a wide range of Windows machines from Windows NT through Windows 7. In its blog, Prevx said there appear to be many causes of the black-screen issue, not all of which are related to the security update.
"In researching this issue we have identified at least 10 different scenarios which will trigger the same black screen conditions," Prevx said. "These appear to have been around for years now." As for the latest security update, Prevx said changes to the way registry keys are handled appears to be the reason it is causing black screens.
I've asked Microsoft what it recommends users should do for now and will post its answer here.
Microsoft released its latest security updates on November 10, issuing six bulletins addressing 15 flaws.
Update, 3:35 p.m. PT: A Microsoft representative said that the company continues to recommend that customers "test and deploy" the November security updates.
"Based on our investigation so far we can say that we're not seeing this as an issue from our support organization," the representative said. "The issues as described also do not match any known issues that have been documented in the security bulletins or (knowledge base) articles."
Microsoft on Monday said it is investigating a possible vulnerability in Internet Explorer after exploit code that allegedly can be used to take control of computers, if they visit a Web site hosting the code, was posted to a security mailing list.
Microsoft confirmed that the exploit code affects IE 6 and IE 7, but not IE 8, and it said it is "currently unaware of any attacks trying to use the claimed vulnerability or of customer impact," according to a statement.
The exploit code was published to the BugTraq mailing list on Friday with no explanation.
"The exploit targets a vulnerability in the way Internet Explorer uses Cascading Style Sheet (CSS) information. CSS is used in many Web pages to define the presentation of the sites' content," Symantec wrote in a blog post this weekend.
"The exploit currently exhibits signs of poor reliability, but we expect that a fully functional, reliable exploit will be available in the near future," Symantec said. Symantec urges IE users to keep their antivirus software up-to-date, disable JavaScript, and visit only trusted Web sites, until Microsoft issues a patch for the hole.
Anyone believed to have been affected can visit Microsoft's Consumer Security Support Center, report it to the Internet Crime Complaint Center, and contact the FBI or law enforcement in the particular country, Microsoft said. U.S. residents can also call Microsoft's PC Safety Customer Service and Support number at 1-866-727-2338.
In July, critical holes in IE prompted Microsoft to issue a rare out-of-cycle (in other words, pre-Patch Tuesday) fix.
Microsoft on Friday said it is working on a fix for a vulnerability in the Server Message Block file-sharing protocol in Windows 7 and Windows Server 2008 Release 2 that could be used to remotely crash a computer.
The software giant had said on Wednesday that it was looking at the bug, discovered by researcher Laurent Gaffié, who published proof-of-concept code on a blog.
"Microsoft is aware of public, detailed exploit code that would cause a system to stop functioning or become unreliable. If exploited, this [denial-of-service] vulnerability would not allow an attacker to take control of, or install malware on, the customer's system but could cause the affected system to stop responding until manually restarted," Dave Forstrom, group manager for public relations at Microsoft Trustworthy Computing, said in a statement. "It is important to note that the default firewall settings on Windows 7 will help block attempts to exploit this issue."
Microsoft is not aware of attacks to exploit the hole at this time, he said.
In an advisory, Microsoft criticized the way Gaffié handled the discovery.
"Microsoft is concerned that this new report of a vulnerability was not responsibly disclosed, potentially putting computer users at risk," the advisory said. "We continue to encourage responsible disclosure of vulnerabilities."
The advisory suggests that customers block Transmission Control Protocol, or TCP, ports 139 and 445 at the firewall, as a workaround until a patch is ready.
Microsoft said on Wednesday it is looking into a report of a vulnerability in Windows 7 and Server 2008 Release 2 that could be used by an attacker to remotely crash the computer.
The company is investigating claims of a "possible denial-of-service vulnerability in Windows Server Message Block (SMB)," the Microsoft spokesperson said, adding that the company was unaware of any attacks trying to exploit the hole.
The bug triggers an infinite loop on the Server Message Block (SMB) protocol used for sharing files in Windows, researcher Laurent Gaffié wrote in a posting on the Full-Disclosure mailing list and on a blog.
"Whatever your firewall is set to, you can get remotely smashed via IE or even via some broadcasting NBNS [NetBIOS Naming Service] tricks," Gaffié wrote.
Gaffié also posted proof-of-concept code for the "Windows 7, Server 2008R2 Remote Kernel Crash."
On Tuesday, Microsoft issued six patches to fix 15 vulnerabilities, including a critical hole in the Windows kernel, as part of November's Patch Tuesday.
Microsoft on Tuesday issued six security bulletins fixing 15 vulnerabilities, including a critical patch for holes in the Windows kernel and other Windows and Office components that could allow an attacker to take control of a computer.
The critical bulletin affecting the Kernel-Mode Drivers was publicly disclosed and could be used to create a Web page with malware designed to exploit the hole on systems that visit the page, Microsoft said in a blog posting.
"MS09-065, a bug in the Windows kernel, is this month's most serious issue," said Andrew Storms, director of security operations at nCircle. "The vulnerability allows for remote code execution, and the attack code can be embedded inside MS Office files or be hosted on websites. Simply browsing an infected website will compromise unsuspecting users -- not great for all the holiday shoppers looking to get a jump on their shopping. The novelty value of this bug is likely to attract many researchers. A lot of people will try to be the first to publicly post exploit code."
The two other critical bulletins fix holes in Web Services on Devices API and in License Logging Server. Two bulletins ranked "important" fix holes that pose risk of remote code execution if a user opened a maliciously crafted Excel or Word file.
"It is interesting that a new service that helps with the 'user experience' can cause so much harm," said Jason Miller, data and security team leader at Shavlik Technologies. "The WSDAPI service allows users to easily find devices such as printers and cameras on their network. This vulnerability is also not publicly known at this time."
Software affected by the patches includes Windows 2000, XP, Server 2003, Vista, Server 2008, Office XP, Office 2003, 2007 Microsoft Office System, Office 2004 for Mac, and Office 2008 for Mac, according to the bulletin.
Meanwhile, the Microsoft Malware Protection Center team added two rogue antivirus families to the Malicious Software Removal Tool -- Win32/FakeVimes, which calls itself "Windows System Defender" and "Windows Enterprise Suite," and Win32/PrivacyCenter, which calls itself "Safety Center."
(Credit:
Microsoft)
Microsoft launched its new Forefront Protection 2010 antimalware for Exchange on Monday.
The company also announced at the TechEd Europe conference in Berlin the availability of Forefront Online Protection for Exchange designed for enterprise customers who want Microsoft to host the security solution.
Forefront Protection 2010 for Exchange incorporates malware engines from Microsoft and various partners, providing 38 times faster malware detection and decreasing spam to the point where only one out of 250,000 spam messages gets through, said Joel Sider, senior project manager for Microsoft's Infrastructure division.
Integration with Exchange provides the ability to scan messages and documents simultaneously, while built-in information protection with Active Directory rights management services give users and IT administrators more control over what e-mail and documents can do and who can receive them, he said.
The announcements were made in conjunction with the scheduled launch this week of Exchange 2010, the new version of Microsoft's e-mail and communications server.
Meanwhile, Microsoft said last month it was delaying the release of its Forefront Endpoint Protection 2010 for Windows desktops until the second half of next year.
The company will be rolling out over the next year all the pieces of its Forefront Protection Suite, formerly code-named "Stirling."
Update at 10:09 a.m. PST with comments from Microsoft.
Microsoft said on Thursday it will issue six patches next week for 15 vulnerabilities, including three critical bulletins affecting Windows and two important Office-related bulletins.
Affected software includes Windows 2000, XP, Server 2003, Vista, Server 2008, Office XP, Office 2003, 2007 Microsoft Office System, Office 2004 for Mac, and Office 2008 for Mac, the company said in an advisory.
November's Patch Tuesday is a contrast to the record number of fixes issued last month--13 bulletins for 34 vulnerabilities.
Updated 2:52 p.m. PST to correct that there will be six patches fixing 15 vulnerabilities.
Scammers are targeting social networks with phishing scams and relying more heavily on worms and Trojans to attack computers, according to security trend reports to be released Monday by Microsoft and McAfee.
Phishing attacks saw a big spike in May and June, primarily because of campaigns targeting social-networking sites, according to Microsoft's report covering the first half of 2009. Gaming sites, portals, and Web sites of banks and retailers were also popular targets for phishing attacks, the report said.
Trojans top the list of threats to computer security, according to Microsoft's latest Security Intelligence Report.
(Credit: Microsoft)Trojans, including rogue security software, remained the most prevalent category of threats, while Microsoft statistics show that worms rose from fifth place in the second half of last year to become the second most prevalent category, led by Conficker and followed by Taterf, which targets multiplayer online role-playing games.
During the first half of the year, Microsoft detected and cleaned rogue security software--which displays false antivirus warnings to trick people into paying for software they don't need--from 13.4 million computers. That was down from 16.8 million computers in the second half of last year.
Most of the drive-by download pages are hosted on legitimate Web sites that have been compromised by attackers through intrusion or malicious code posted to a poorly secured Web form, such as a blog comment field. The Trojan Downloaders & Droppers category was the type of malware most often delivered in drive-by attacks, according to Microsoft.
The number of total unique vulnerability disclosures across the industry was down sharply from a year ago. While browser vulnerabilities increased slightly, application vulnerabilities dropped and operating system holes were flat, Microsoft said.
Microsoft software accounted for 6 of the top 10 browser-based holes attacked on Windows XP computers, compared with only one on Vista computers. Of the top 10 browser-based holes exploited on computers running Vista, 2 targeted Adobe Reader and the most significant one targeted Adobe Flash Player. In the third spot was an exploit aimed at Internet Explorer.
Infection rates for Windows Vista were significantly lower than Windows XP, while the rate for Windows Server 2008 was less than Server 2003.
Microsoft released 27 security bulletins in the first half of the year, addressing 85 individual vulnerabilities. Of those, 11 were exploited within the first 30 days after the release of the security bulletin.
As far as computer security consciousness, the U.S. is in the middle, according to George Stathakopoulos, general manager of Microsoft's Trustworthy Computing Group. Japan is at or near the top of the list and Germany is high up too, he said.
"We are average," he added. "We are not one of the cleanest countries, we are dead on in the middle."
McAfee's report showed the U.S. as the top country when it comes to the number of compromised computers that are zombies used in botnets to do things like send spam, followed by China and Brazil. The U.S. also is the top distributor of spam and has the most servers hosting malware, McAfee said.
Spam comprises 92 percent of all e-mail. It jumped 24 percent from a year ago, McAfee said.
