25 May: Microsoft closes security leaks in Media Player
Microsoft has released a patch intended to plug security holes in its Windows Media Player
software that could allow an attacker to run malicious code and access computer files on a
The patch will repair two flaws that affect Media Player versions 6.4 and 7, Microsoft said.
18 May: Group says Microsoft's .NET is next monopoly ploy
Procomp, a group funded by
Microsoft's competitors, charged
Microsoft with planning to use its new
Windows XP operating system and
.NET strategy to extend its monopoly.
The group said Microsoft planned to
use its dominant Windows operating
system and Internet Explorer browser
to force consumers to adopt its new .NET Internet platform.
"Microsoft's current strategy to extend and preserve its monopoly position is
.NET, which can most basically be described as Microsoft Windows for the
Internet," the group said.
In essence, Procomp complained that .NET amounts to an attempt by Microsoft
to "turn the Internet into a big Microsoft subscription service -- taking services
that are currently free and turning them into revenue streams for Microsoft."
16 May: New Microsoft IIS security leak; MS releases patch
Microsoft has released a patch to fix a security flaw in its Internet server software that
could allow a hacker to gain control of a company's Web server in a matter of minutes.
The flaw affects users of Windows NT's Internet Information Server 4.0 and Windows 2000's Internet
Information Server 5.0, the company said.
The vulnerability originated from a flaw that makes the software run an extra security check each time
a user requests a URL, or an Internet address. If a hacker knew what to look for, that person could
use the second check as a window to break into the system.
The flaw is not as serious as
the one in the Internet
Information Server's printing
software that was made public
two weeks ago, security experts say.
16 May: An Outlook worm to jam NSA's Echelon
UK-based anti-virus outfit Sophos is reporting a new variant of the
LoveBug Outlook worm which contains a large amount of hidden text,
apparently designed to attract the US National Security Agency's Echelon
spy satellite network and overload it. Dubbed "VBS/LoveLet-CL" by U.K. antivirus company Sophos, the mass-mailing program infects a
computer system after the PC user opens the e-mail attachment containing the worm. On systems
with Microsoft Outlook installed, the program will mail copies of itself to each entry in the Outlook
15 May: Confusing MS security bulletin aided IIS worm
The sadmind/IIS worm, which has been defacing Microsoft IIS machines so
prolifically during the past ten days, might be getting a little help from a
poorly-worded MS security bulletin.
We were mightily impressed by the large number of IIS machines attacked
by the worm, since a fix has been available for seven months. Following a tip from a Reg reader who fell victim to the worm after
patching his system, it appears to us now that if the patch and several
Windows service packs are not installed in the correct order, the patch might
11 May: It's Office XP or bust
A new licensing program being put in place by Microsoft will force the majority of its
business customers to either upgrade to Office XP before Oct. 1 or
pay a heftier purchase price later, analysts say.
The Redmond, Wash.-based software company on Thursday
revamped its licensing program--in the process raising fees anywhere
from 33 percent to 107 percent for the majority of customers, according
As part of the revamp, Microsoft eliminated the most popular licensing
plan for upgrading to new versions of its software. The new program
guarantees customers access to the latest versions of Microsoft's business software.
But to participate in the
program--to take advantage of
prices--businesses must be
running what Microsoft terms
the "current" version of its
software. For Office, that is
However, if customers don't
upgrade all of their machines to
Office XP before an Oct. 1
deadline, they in essence have
to buy Office licenses at full
price, as if they were new
10 May: Internet worm uses security leaks in Sun and MS IIS server software
New evidence revealed Thursday indicates that a recently discovered worm may have
compromised more than 8,800 Internet servers over the last three weeks.
The worm is called sadmind/IIS
for the two vulnerabilities it
exploits--one in the Solstice
program for Sun Microsystems'
Solaris version of the Unix
operating system and the other
in Microsoft's Internet
Information Server (IIS) for
Windows NT. The worm first
infects Solaris systems and
then uses the compromised
systems to scan the Internet for
new Solaris systems to infect
as well as Windows NT Web
servers to deface.
10 May: Microsoft warns of another problem in Win 2000
Microsoft said that a new
flaw in its Windows 2000 Server
software can lead to a
denial-of-service attack. The bug
was the second denial-of-service flaw
in Windows 2000 announced in
The flaw, which affects Windows 2000
Server, Advanced Server and
Datacenter, is the result of a memory
leak in Window 2000's Kerberos
10 May: New Microsoft licenses may increase costs
Microsoft on Thursday revamped its software licensing program for most
business customers, effectively raising the cost of upgrades by as much as 107 percent,
7 May: Coursey's Top Microsoft gripes
Everyone has things they don't like about Microsoft, both the company and
its products and services. These include things like crashy operating systems, useless
upgrades, support that is expensive or impossible to find, the plethora of features we're forced
to buy but don't use, the company's general inability to play well with others--those sorts of
Today and tomorrow I'm going to run through my list of Top Microsoft Gripes and invite your
suggestions for expanding it.
6 May: Security leak in Microsoft IIS lets hackers restart server
Veteran bug hunter Georgi Guninski has found a security leak in Microsoft IIS that lets a hacker remotely restart all IIS related services using specially crafted request.
If this request is repeated continously this seriously affects IIS performance.
4 May: Three Microsoft sites attacked
Computer intruders managed to gain control of three international Microsoft
home pages on Thursday, replacing the company's data with a simple
message taunting the software giant.
Microsoft's UK, Mexico and Saudi Arabia sites were replaced with messages from the hacker
group Prime Suspectz. The defacements come two days after Microsoft revealed its flagship
Web server software had a serious vulnerability, but it's not known if the intruders used that
vulnerability to attack the Microsoft sites.
3 May: Hacker exploits Microsoft server flaw
A hacker announced that time's up for system administrators who haven't patched Windows
2000 Web servers vulnerable to a flaw revealed by Microsoft two days ago.
The hacker--using the handle "Dark Spyrit"--released a program Wednesday night designed to
exploit the security hole and give anyone with limited technical knowledge the ability to completely
control a Windows 2000 server running version 5 of Microsoft's Internet Information Server (IIS) Web
2 May: Microsoft tells US Air Force to bug off
Microsoft's security patch for Outlook, which is designed to protect users
from the effects of another Love Bug-style virus, has come under fire from
no less a body than the US Air Force.
In a paper to be presented at a security workshop in June, an assistant
professor of computer science at the US Air Force Academy will deliver a
devastating critique of Microsoft's approach to security in general and
Outlook in particular.
1 May: Serious security hole in Microsoft IIS leaves servers open for hackers
Microsoft announced a serious security hole Tuesday in its flagship Web server software
and raced to convince system administrators to patch their Web servers before online vandals
compromise their systems.
The flaw affects Window 2000 server software running version 5.0 of Internet Information Server (IIS).
The hole is in Windows 2000's Internet printing module but can only be exploited if IIS is activated.
The vulnerability affects servers
with Internet printing turned on,
the default setting with the
software. By sending a
specially formatted string of
characters, the printing module
can be made to give the remote
user full access to the Web
Previous | Next