AWS

Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if a specially crafted ticket renewal request is sent to the Windows Kerberos domain from an authenticated user on a trusted non-Windows Kerberos realm. The denial of service could persist until the domain controller is restarted. View the full article

Bulletin Severity Rating:Critical - This security update resolves a privately reported vulnerability in Microsoft DirectShow. The vulnerability could allow remote code execution if a user opened a specially crafted AVI file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. View the full article

Bulletin Severity Rating:Important - This security update resolves several privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow remote code execution if an attacker created a specially crafted SMB packet and sent the packet to an affected system. Firewall best practices and standard default firewall configurations can help protect networks from attacks originating outside the enterprise perimeter that would attempt to exploit these vulnerabilities. View the full article

Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability in Microsoft Windows Client/Server Run-time Subsystem (CSRSS). The vulnerability could allow elevation of privilege if an attacker logs on to the system and starts a specially crafted application designed to continue running after the attacker logs out. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited by anonymous users. View the full article

Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability in Windows Server 2008 Hyper-V and Windows Server 2008 R2 Hyper-V. The vulnerability could allow denial of service if a malformed sequence of machine instructions is run by an authenticated user in one of the guest virtual machines hosted by the Hyper-V server. An attacker must have valid logon credentials and be able to log on locally into a guest virtual machine to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users. View the full article

Bulletin Severity Rating:Critical - This security update resolves four privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow remote code execution if specially crafted packets are sent to a computer with IPv6 enabled. An attacker could try to exploit the vulnerability by creating specially crafted ICMPv6 packets and sending the packets to a system with IPv6 enabled. This vulnerability may only be exploited if the attacker is on-link. View the full article

Bulletin Severity Rating:Critical - This security update addresses a privately reported vulnerability for Microsoft software. This security update is rated Critical for all supported editions of Microsoft Windows 2000 and Windows XP, Important for all supported editions of Windows Vista and Windows 7, Moderate for all supported editions of Windows Server 2003, and Low for all supported editions of Windows Server 2008 and Windows Server 2008 R2. View the full article

Bulletin Severity Rating:Critical - This security update resolves a privately reported vulnerability in Microsoft Windows 2000, Windows XP, and Windows Server 2003. Other versions of Windows are not impacted by this security update. The vulnerability could allow remote code execution if an application, such as a Web browser, passes specially crafted data to the ShellExecute API function through the Windows Shell Handler. View the full article

Bulletin Severity Rating:Critical - This security update resolves two privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if an attacker sent a specially crafted SMB response to a client-initiated SMB request. To exploit these vulnerabilities, an attacker must convince the user to initiate an SMB connection to a malicious SMB server. View the full article

In this week's mailbag: Microsoft, Apple, and brand loyalty, copying information from an old hard drive, accessing SkyDrive from Windows Explorer, disk defragmenters and Windows 7, a Microsoft Sidewinder X5 mouse mini-review, and a question about Windows 7 Anytime Upgrade. View the full article

In the latest episode of the Windows Weekly podcast, Leo and I are joined by ZD blogger Mary Jo Foley fears of a post-Microsoft world. Also on tap: new Windows Home Server "Vail" details, (supposed) Windows 7 battery life issues, Microsoft's efforts to ensure Bing succeeds, the Windows 7 RC expiration, and more... View the full article

Windows Live Messenger doesn't work the same way in Windows 7 as it did in previous versions of Windows. And many, myself included, don't like that it spews unnecessary buttons on the taskbar. Fortunately, there is a way to make Messenger work like it did before. Here's how. View the full article

Windows 7 consolidates the most common sharing tasks--sharing documents, digital media files, and printers--into a single interface called HomeGroup. View the full article

Windows 7 powered a blockbuster quarter for Microsoft, but it didn't help the company's other business units, its corporate customers, or PC makers. View the full article

In this post, I want to share some examples of the progress going on in the SVG Working Group. Microsoft recently joined the SVG Working Group, and other members (Mozilla, Apple and Opera among others) welcomed us warmly. I'm hopeful about the ways that SVG (both its current direction and future potential) could make the web better. We want the spec to be clear, consistent, and predictable for developers. We’re working out ambiguities such as “Pointer events and clip-pathsâ€Â, “CSS Selectors and as well as inconsistencies with stroked-dasharray†and “ and its interaction with the DOM and rendering†so that web developers can write SVG once and know that it will be interoperable across browsers. I have to admit I was a little hesitant at first to get guidance and clarity on a dozen or so items we found to be ambiguous (see public SVG WG discussion threads), however the positive response has been overwhelming.

In this week's mailbag: Windows 7 Family Pack availability, converting video to H.264, Microsoft Security Essentials vs. Windows Defender, Xbox 360 and DVD upconverting, Photo Story on DVD, and the best Windows Server 2008 R2 book. View the full article

At its iPad launch event this week, Apple declared itself a mobile devices company. But Apple also provided clues about how it innovates, a point that many missed. And the iPad isn't about creating new markets at all. View the full article

With Windows 7, Microsoft has realized its goal to replace static folders with virtualized shell locations that aggregate content from a variety of physical locations. This feature is called Libraries. View the full article

In the latest episode of the Windows Weekly podcast, Leo and I discuss Libraries, the Windows 7 feature of the week, a Windows Home Server "Vail" leak, a minor Zune update with major implications, Office 2010 system requirements, a correction to last week's mobile OS market share figures, and, yes, the iPad... View the full article

My latest weekly series is a tie-in with the Windows Weekly podcast, and will provide one new Windows 7 tip each week: If I publish your tip, I'll send you a free copy of Windows 7 Secrets! This week's tip: Hide Unwanted Windows Updates. View the full article

This week's release of a small Zune upgrade did more than just bring the PC software up to version 4.2. It added some unannounced new features and, even more surprisingly, references some mysterious phone devices in its installer files. Is a Zune Phone on the way? View the full article

Microsoft does offer some integration between its Windows Live services and Windows Mobile, courtesy of a pair of native smart phone applications. But there's a lot more that could be done here. View the full article

In this week's mailbag: Paul's Chrome extensions, using an Xbox 360 as a living room set-top box, world electrical adaptors, no SteadyState for Windows 7, XP Mode is 32-bit only, free (and paid) DVD decryption options, and how to change the wallpaper in Windows XP Starter. View the full article

It's pretty clear that Windows Mobile 6.5 is a work in progress, and while there are important changes coming this year, now is not the time to adopt this solution. View the full article

In the latest episode of the Windows Weekly podcast, Leo and I discuss a Bing policy change, an early IE patch, Windows Mobile 7 rumors, Apple supporting Windows 7 in Boot Camp, next week's Apple tablet event, and more... View the full article