The Archives of The Evil Empire2001 April
| ||
|
30 April: Microsoft issues bounty for OS-less PC buyers
Microsoft may not have succeeded in persuading OEMs and system builders to "decline politely" all perverse requests for PCs lacking a pre-installed (preferably Microsoft) OS, but it's shifted to a new approach. It's now bribing system builders to turn in anyone who bids on naked boxes. 30 April: WinXP activation bug zeros testers' trial period
Some traffic from the Microsoft WinXP beta news groups forwarded to The Register indicates that the company may be in deep doo-doo as regards the operation of Product Activation. It's fragile, it's triggering the termination of testers' eval periods, and Microsoft doesn't know why. 28 April: Windows XP May Be Delayed
Shares of Microsoft fell 2.8 percent in late afternoon trading on reports that the company may have to delay the release of Windows XP. Morning reports said that Microsoft was planning to push the release date back from August to October. 27 April: Anti-piracy company sues Microsoft
InterTrust, one of several companies that provides technology to protect songs and videos from being illegally copied, sued Microsoft on Thursday, saying the giant's music and video software infringes its patent rights. 26 April: Microsoft's XP bundle breaks antitrust law
Microsoft's rivals on Thursday accused the company of continuing to flout U.S. antitrust laws by tying the latest version of its media player software into its new Windows XP operating system. With the lower court's landmark antitrust case still under review by a federal appeals court, a group funded by Microsoft competitors likened the move to Microsoft's decision to weld its Internet Explorer browser into Windows 98, a step that touched off the antitrust charges against the company. 25 April: Microsoft security fixes infected with FunLove virus
A virus infection of security fix files on Microsoft's partner and premier support Web sites has forced the software giant to suspend certain downloads for more than a fortnight. Microsoft issued an alert on Monday, which states that various Hotfix files on its Premier Support and Microsoft Gold Certified Partners Web sites are infected with the FunLove virus. 23 April: Compatibility issues dog Windows XP
As was the case when Microsoft upgraded users from Windows 3.x to 95/98 and then to Windows 2000, software developers and users are finding that what once ran on previous versions won't run wellÑor at allÑon the new XP platform. Applications written for the 9x code base (Windows 95, 98 and Millennium Edition), rather than the NT base of XP, and that do not yet work on Windows 2000 will also be troublesome. "Many of these users will find that things like their older digital camera drivers and scanners won't work right in XP," said a Midwestern ISV. 20 April: IE/OE security leak allows Active Scripting even if it has been disabled
A security advisory by veteran bug hunter Georgi Guninski states that it is possible to execute Active Scripting with the help of XML and XSL even if Active Scripting has been disabled in all security zones. This is especially dangerous in email messages. The problem are XML stylesheets which may contain Active Scripting; they are executed regardless of the settings for Active Scripting in IE/Outlook Express. Microsoft states that they cannot reproduce this security leak with up-to-date versions of IE and OE with all security patches applied. Guninski supplies a web page with a demonstration of the problem. 17 April: Office 95 doesn't make the upgrade
Microsoft Office 95 users will not be able to take the upgrade route to Office XP and will instead have to buy the new software outright. Office 95 is "just too old and we have come a long way," said a company spokeswoman in the United Kingdom. "We are recommending that users jump straight to XP." 16 April: Windows security leak: Double clicking on innocent looking files may be dangerous
Bug hunter Georgi Guninski warns that by double clicking from Windows Explorer or Internet Explorer on filenames with innocent extensions (such as .txt) the user may be tricked to execute arbitrary programs. If the file extension is certain CLSID (e.g. testhta.txt.{3050F4D8-98B5-11CF-BB82-00AA00BDCE0B}) then Windows Explorer and IE do not show the CLSID and only the .txt extension, while the above file is in fact .hta file. Some exploit scenarios include leaving such malicous files on shared resources or sending them in archive by email. 17 April: DoS bug bites Microsoft's first security product
A flaw with Microsoft's first security product leaves it vulnerable to denial of service attacks. The problem arises because Microsoft's Internet Security and Acceleration (ISA) Server's Web Proxy service doesn't handle particular requests if they exceed a certain length, causing the program to crash if its Web Publishing features are enabled. 12 April: MS sabotages MP3 quality under Win-XP
Microsoft plans to severely limit the quality of music that can be recorded as an MP3 file using software built into the next version of its personal-computer operating system, Windows XP. But music recorded in the Redmond, Wash., software company's own format, called Windows Media Audio, will sound clearer and require far less storage space on a computer. Under Microsoft's new restrictions -- which prevent its built-in software from recording MP3 files at fidelity rates higher than 56 kilobits per second -- MP3 music "sounds like somebody in a phone booth underwater," says P.J. McNealy, an analyst who researches Internet audio issues for Gartner Inc. in Stamford, Conn. 11 April: MS confirms confirms WinXP won't support USB 2.0
Microsoft has confirmed that it will not be supporting USB 2.0 in the final release of Windows XP, preferring instead IEEE 1394 - aka FireWire, aka iLink - as the OS' high-speed peripheral bus. 7 April: Houston, Windows Has Problems
The new International Space Station is already suffering from computer problems similar to those experienced on Mir. The space station, which has been operational for less than five months, experiences almost daily computer glitches, according to the commander's log recently published on the Web. Most of the problems appear to be related to Microsoft's Windows NT, while Russian-made software seems to be more reliable. 6 April: Microsoft's virus antidote: Ban attachments
Responding to the rash of e-mail viruses that started with Melissa and I Love You, the Redmond, Wash.-based company is clamping down on the types of file attachments that will work with the newest version of its Outlook e-mail software. Outlook 2002, a new e-mail application included with Microsoft's forthcoming Office XP business software suite due later this spring, will by default reject more than 30 types of files sent as e-mail attachments, according to company executives. 6 April: IE6 beta bug can blank out email
Early testers of Internet Explorer 6 have come across a bug in the browser that can result in them receiving emails with no subject line or message body. Frustrated users have run into trouble receiving emails via either Outlook 2000 and 98, and to a lesser extent Outlook Express. The problem apparently only rears its ugly head when serfers with IE6 beta installed on their machines receive email sent from clients other than Outlook or Outlook Express, such as Netscape 4. 6 April: Xerox bans Windows XP beta after 'major network
outages'
Xerox has warned all 50,000 employees in the US not to install the Windows XP beta on company computers. The printer giant sent round an email on Wednesday telling staff that Xerox had experienced "three major network outages since Friday, March 30, that are directly traceable to the installation of the Microsoft Windows XP Beta (Whistler) code on devices attached to the Xerox production network." 5 April:
MS and Its Terms of Embarrassment
Responding to heavy criticism, Microsoft says the terms of use on its Passport service are outdated, to be ignored, and will soon be changed. But does that mean the software company doesn't want to own you? 5 April: Microsoft neuters Bluetooth
Bluetooth, the wireless technology that is supposed to connect cell phones, handheld computers and other devices in a personal-area network, remains all bark and no bite. Microsoft will not add support for Bluetooth to its next version of the Windows operating system, XP. The lack of support from the software giant isn't fatal, but it will likely slow the technology's once strong momentum. Without Microsoft, Bluetooth adoption becomes more onerous for hardware manufacturers and software developers as the software giant won't deliver a family of device drivers or other software to simplify how the technology gets incorporated. 4 April: Microsoft bungles IE bug fix
Microsoft has come under fire from users who have discovered the company's patch to fix a potentially seriously security problem works only if they upgrade their browsers. As we reported last week, Microsoft issued a patch designed to fix flaws in the way IE renders binary attachments in HTML email. Problems in the way this was implemented in Internet Explorer left the door open for hackers to easily trick users into running malicious code on their machines. Users of older versions of Internet Explorer may be wrongly informed that they are already protected from the flaw when they download the patch. 3 April: IE Hole-Finder in Odd Position
A hacker who discovered a potentially devastating security hole in Microsoft's Internet Explorer says he has found himself in the undesired position of providing technical support to people who cannot install the patch that Microsoft released to fix the flaw. Hacker Juan Carlos Garcia Cuartango discovered a dangerous hole that allows attackers to remotely access and control any computer running any version of the Windows operating system and Internet Explorer. Microsoft released the fix on March 30, but some people have had problems with the patch. Cuartango said he received hundreds of e-mails on Monday from people who could not install the patch and were also unable to reach Microsoft for technical support. 2 April: Win-NT/IIS admins made April Fools by hackers
Several crews got busy on April Fools Day to make a mockery of Microsoft security by targeting Web sites running MS' IIS server over Windows NT/2K for defacement. Among the higher-profile victims were the Walt Disney Company; the Wall Street Journal's WebWatch; British Telecomms; HSBC; the US Navy's Center for Tactical Systems Interoperability (NCTSI); the US Army Training and Doctrine Command (TRADOC); Ringling Bros and Barnum & Bailey Circus; and the American Society for the Prevention of Cruelty to Animals (ASPCA). None of the sites appeared to have been attacked for any reason other than the fact that they were vulnerable. 2 April: IE bug could leave files exposed
A veteran bug hunter has detected another security hole in Microsoft's Internet Explorer Web browser that makes it possible for hackers to view local files and in some cases erase some of the files' contents. Georgi Guninski, a well-known security adviser, posted an alert Saturday warning people that if they visit a Web page using IE 5.5, hackers could read their files, and if the file name is known, those files could be sent to another server. The IE 5.5 bug also affects Microsoft Outlook and Outlook Express e-mail software, according to Guninski, who rated the bug risk "high."
|
