Internet Explorer (IE)

No rush to move to Chrome in the enterprise

Paul Mah — Tue, 30 Sep 2008 01:19:23 -0400

Beyond the initial fanfare, it appears that few in the enterprise are actually taking to Google's new Chrome browser at this point in time. The results from Silicon.com's "CIO Jury" poll of 12 CIOs saw a majority of executives saying that teams are not testing Chrome at all. One key sentiment appears to be that there are simply too many business applications certified for Internet Explorer to consider alternatives so soon. I suppose this should come as no surprise, given that competing browsers such as Firefox and Opera never did see many corporations switch over. More interestingly, at least one respondent hoped that the entrance of Chrome would at least force Microsoft to improve its own browser.

To read more about this survey on Chrome:
- check out this Silicon.com article

Microsoft issues massive security updates

Judi Hasson — Wed, 13 Aug 2008 16:54:52 -0400

Microsoft has released patches for 26 vulnerabilities in Windows, Office, Internet Explorer, Windows Messenger and other software. It is the largest update in 18 months and includes 11 bulletins, with six described as "critical." Of the 11 updates, two were most anticipated: a patch for a bug in the Snapshot Viewer ActiveX control, which is bundled with Access, Microsoft's database application, and one for a less-critical flaw in Microsoft Word.

The Snapshot Viewer and Word vulnerabilities have been exploited by attackers. Andrew Storms, director of security operations at security vendor nCircle Network Security, told Computerworld that there were two major themes in the massive update. "There's a lot of file-parsing vulnerabilities here," he said, "and a ton of replacement bulletins."

For details on the Microsoft updates:
- check out this Computerworld.com article

Patch Tuesday in June sees fixes for three critical flaws

Paul Mah — Fri, 06 Jun 2008 04:57:25 -0400

Microsoft will be issuing a total of seven security bulletins on the upcoming Patch Tuesday release on June 10. Three of these patches are considered critical, and will patch Windows components relating to Bluetooth and DirectX, as well as Internet Explorer. The other three bulletins are marked as "important" with the seventh one, marked as "moderate," being the most intriguing.

Instead of replacing any files, the update merely sets a "kill bit." A kill bit is a Microsoft-coined term to denote a flag in the Windows registry used for the sole purpose of disabling specific ActiveX controls. Speculation is that the fix involves a third party component, since Microsoft could have simply described it as an "ActiveX" issue if it is a Microsoft-built component.

For more on Microsoft's Patch Tuesday:
- check out this ChannelWeb article

Faster CPUs on the way

Thu, 08 May 2008 06:59:58 -0400

Researchers at Princeton University have discovered a means to eliminate nano flaws or minuscule defects in computer chips, a breakthrough that could improve chip performance and allow manufacturers to build more powerful and smaller processors. That's good news for CIOs. The industry has made great strides over the years, increasing performance and capacity, and this could be another leap forward, creating more flexibility and opportunities for IT departments. "We are able to achieve a precision and improvement far beyond what was previously thought achievable," said Stephen Chou, Princeton's Joseph C. Elgin professor of engineering.

For more on this development:
- See this CIO Magazine article

For more tech stories from the FierceCIO network:
> Quad-core CPU market heats up
> Windows XP SP3 and Internet Explorer
> BlackBerry 9000 gets reviewed

April Patch Tuesday cometh

Mehan Jayasuriya — Thu, 03 Apr 2008 16:18:44 -0400

Another month, another Microsoft Patch Tuesday. What's in store for us this month? Well, it looks like we'll be seeing eight patches total, five of which will be labeled as "critical". The critical updates will address code execution vulnerabilites in both Windows and Internet Explorer. Affected versions are as follows: Windows Vista, Windows XP, and Windows 2000, Windows Server 2003, Windows Server 2008 and all versions of Internet Explorer. In addition to the critical fixes, the company will patch two "important" vulnerabilites relating to spoofing and unauthorized user privilege elevation attacks in Microsoft Office. More on the patches next week.

For more on the coming patches:
- see this Information Week story

Microsoft releases 11 patches, 6 critical

Tue, 12 Feb 2008 06:59:56 -0500

As we mentioned last week, today is February Patch Tuesday and that means patches, patches and more patches for users of Microsoft software. Looks like there are 11 patches this time around, 6 of which are critical, addressing 17 vulnerabilities in all. A quick run-down of the critical patches:

MS08-008: Addresses a vulnerability in OLE automation that could allow for a remote code execution attack. Affects Windows 2000, Windows XP, Windows Vista, Microsoft Office 2004 for the Mac and Visual Basic 6.
MS08-009: Addresses a vulnerability in Word that could allow for a remote code execution attack. Affects Office 2000, Office 2003 and Office Word Viewer 2003.
MS08-007: Addresses a vulnerability in the WebDAV Mini-Redirector. Affects Windows XP and Vista.
MS08-010: Addresses a vulnerability in Internet Explorer that could allow for remote code execution attacks. Affects IE 5-7.
MS08-012: Addresses a vulnerability in Microsoft Office Publisher that could allow for remote code execution attacks. Affects Microsoft Office Publisher 2000, Microsoft Office Publisher 2002 and Microsoft Office Publisher 2003 Service Pack 2.
MS08-013: Addresses a vulnerability in Microsoft Office that could allow for remote code execution attacks. Affects Microsoft Office XP, Microsoft Office 2003 and Microsoft Office 2004 for Mac.

For more on the latest patches:
- see this ZDnet article

Get ready for February Patch Tuesday

Fri, 08 Feb 2008 06:59:57 -0500

It's that time of the month again: time for Microsoft's monthly Patch Tuesday. This coming Tuesday will bring a total of 12 security bulletins, seven of which are rated "Critical," with the other five labeled "Important." Out of the 12, a whopping nine bulletins are said to address remote code execution vulnerabilities. While most of this bulletins affect Windows and Office, versions of Visual Basic, VBScript, JScript, Internet Explorer, Active Directory, ADAM, IIS and Works are also included among the list of applications set to be patched. IT managers and CIOs, make sure that your IT department is ready.

For more on February Patch Tuesday:
- see this Ars Technica article

Hackers may target your printer

Thu, 31 Jan 2008 06:59:58 -0500

Spam has a new target, and it's your printer. By using a little-known capability found in most Web browsers, Aaron Weaver, a security manager from Pennsylvania, figured out how to hack into a printer. In a research paper published Tuesday on the Ha.ckers.org Web site, Weaver described how he launched the attack successfully with both the Internet Explorer and Firefox browsers. And he has found a way out, too. Because the attack works only on network printers, a printer plugged directly into a PC would not be vulnerable.

The attack is possible because most browsers can connect to the networking port used by most printers to look for new print jobs. So, by using the browser as a stepping stone, attackers are able to connect with something they should never be able to reach: a printer on the local area network. While this type of hack attack hasn't gotten any attention and there are no reports that it's infecting computer sites, Weaver's research uses cross-site scripting attacks and vulnerabilities in the way browsers handle the Internet Protocol.

"There is no precedent for [this hack]," said Robert Hansen, CEO of Web security consultancy SecTheory and owner of the Ha.ckers.org Web site. "But...what he did was marry two different concepts that we've been talking about for a long time." This could be the first step in another bad scenario because if hackers figure out how to send information about their print jobs to the Internet, Weaver's experiment could have far greater security implications. So maybe it's a good idea to turn your printers off for the night or when you are out of the office--because one never knows what might happen if they remain on.

For information on hacking printers:
- Check out this ComputerWorld article

ALSO NOTED: WGA-free IE7 coming for corporate users; Acer to offer pre-loaded Ubuntu;

Tue, 15 Jan 2008 06:59:51 -0500

> Clearwire customers getting Google Apps. Press Release
> Acer to offer pre-loaded Ubuntu. Article
> Thousands more jobs to be cut at Sprint? Article
> WGA-free IE7 coming for corporate users. Article
> iPhone browser dominates on Christmas day. Article

And Finally... HP faces exploding laptop lawsuit. Article

Video: Windows Mobile 6.1 walkthrough

Mon, 10 Dec 2007 06:59:58 -0500

Remember that Windows Mobile 6.1 Motorola Q9 that the Boy Genius Report got their hands on? Well, the little device continues to yield more and more details on the upcoming WinMo 6 update and luckily, the Boy Genius is sharing the wealth. Check out the video link for a full walkthrough of the new OS, featuring demos of new features like:

Copy and paste
Domain enroll in settings menu
New Vista-like home screen
Recently used programs under Start menu
Threaded SMS display
Zoom in Internet Explorer

For the full scoop on WinMo 6.1:
- check out this video walkthrough (via Boy Genius Report)