Old Posted News

[Whatacrock]

Microsoft Announces Windows and IE Security Updates, Windows XP Left Out Again

Microsoft will launch a set of seven different security updates next week, as part of its monthly Patch Tuesday rollout, with Windows XP again to be left out and thus not getting any improvements that could block potential exploits.

In the advance notification for this month's Patch Tuesday updates, Microsoft said that two of the vulnerabilities it found are critical and affect Internet Explorer, Windows, and Office.

The first bulletin is supposed to address a critical security flaw in all versions of Internet Explorer, including the very latest Internet Explorer 11 on Windows 8.1. No other details have been provided right now, as Microsoft still wants to keep users protected until it officially rolls out the patches.

A second bulletin is supposed to repair a critical hole in Windows and Office. The remote code execution vulnerability exists in the majority of versions, with the exception of Office 2013.

The remaining five bulletins are considered to be of a critical severity rating and are supposed to address flaws in Office and Windows, the company revealed.

As you can see, Windows XP is again left out of Patch Tuesday, after the software giant pulled the plug on it on April 8. XP computers won't be getting any other updates, which makes users still running it even more vulnerable because some of the vulnerabilities found in the other Windows versions could also exist on Windows XP.

The difference is that all the other Windows builds will actually get patches, while XP systems are left vulnerable to attacks.

Microsoft has been telling the same thing for months, warning that once support comes to an end, Windows XP computers are very likely to become hackers' preferred target due to the large market share this operating system still owns.

“For starters, it’ll become five times more vulnerable to security risks and viruses, which means you could get hacked and have your personal information stolen,” Microsoft said.

“While it's true that you can keep using your PC with Windows XP after support ends, we don’t recommend it.”

And still, that doesn't necessarily mean that users are ready to give up on Windows XP. Stats released earlier this month indicate that more than 25 percent of the desktop computers worldwide are still running it right now, despite the many warnings released by Microsoft in the last couple of years.

Windows XP's market share, however, is expected to drop significantly in the coming months, especially because many large companies with thousands of computers are projected to complete the transition to a newer operating system by the end of the year.

http://news.softpedia.com/news/Microsof ... 5504.shtml

[Whatacrock]

Chart Shows That Windows XP Users Don't Care About End of Support

If you're still on Windows XP at the time of reading this article, you're not alone. Stats show that last month, more than 25 percent of the world's desktop computers were still running Windows XP, despite the avalanche of warnings launched by Microsoft since one year ago.

A new chart published today by Statista and based on figures provided by Net Applications shows that only little has changed after Microsoft pulled the plug on Windows XP, as only a few users have actually decided to upgrade to a different operating system after the April 8 deadline.

At this point, 25.3 percent of the desktop computers worldwide are running Windows XP, down from 27.7 percent in March 2014, when the operating system was still getting updates and security fixes.

Windows 7, on the other hand, recorded a small growth, which is probably an indication that Windows XP users who decided to upgrade have ignored Microsoft's proposal to switch to Windows 8.1. Windows 7 was last month installed on 50.1 percent of desktop PCs, up from 48.8 percent in March.

As far as Windows 8.1 is concerned, the modern OS version also posted a growth from 4.9 percent to 6.4 percent, while Windows 8 lost users, dropping from 6.4 percent to 6.3 percent.

Microsoft itself obviously wants users to switch from Windows XP to a newer Windows version as soon as possible and pushes Windows 8.1 as the perfect replacement that comes with what it takes to become a secure and fast working and playing environment.

“While it's true that you can keep using your PC with Windows XP after support ends, we don’t recommend it. For starters, it’ll become five times more vulnerable to security risks and viruses, which means you could get hacked and have your personal information stolen,” the company said in a statement.

“Also, companies that make devices like digital cameras, Internet-ready TVs, and printers won’t provide drivers that work with Windows XP, so if you get new devices, they won’t work with your current PC. And over time, the security and performance of your PC will just continue to degrade so things will only get worse.”

A zero-day flaw in Internet Explorer 8, which also runs on Windows XP has already been found, and Microsoft intends to fix it on the upcoming Patch Tuesday rollout next week. Windows XP users, however, won't get a patch, so those who are yet to upgrade will remain vulnerable to attacks trying to exploit this flaw.

http://news.softpedia.com/news/Chart-Sh ... 5137.shtml

[Paul Stenning]

Doesn't surprise me at all. I'm sure if Windows 7 Home Premium was still available as a retail upgrade pack at a sensible price more home users would move to that, but the only option for them now is Windows 8.1, either upgrade or new PC, and many people still don't like it.

Thankfully second hand Windows 7 upgrade packs are available on eBay and that's what I used for upgrading some of my main client's PCs. I'm in the process of doing my sister's laptop right now too.

[Whatacrock]

Microsoft Leaves Windows 7 Vulnerable on Purpose, Keeps Windows 8 Fully Secure

Two security researchers demonstrated at a recent conference that some of the flaws that have been found in Windows 7 and Windows 8 have only been fixed in the latter, with many believing that Microsoft is leaving the world's number one operating system vulnerable to attacks on purpose.

Researcher Moti Joseph, who previously worked for Websense, and malware analyst Marion Marschalek presented a new tool called DiffRay that can scan Windows libraries and compare security vulnerabilities that might exist in Windows 7 and Windows 8.

After scanning a total of 900 libraries with the aforementioned app at the Troopers14 conference, researchers found four security improvements that are only part of Windows 8, but not included in Windows 7, The Register reveals.

The question, however, is why is this happening? While Microsoft hasn't yet issued an official comment on this, some people pointed to the obvious: the company wants everyone to make the move to Windows 8, so it's no longer investing in Windows 7 security, while also making it vulnerable on purpose to make sure that everyone knows that its modern platform is a lot safer.

Microsoft itself has said that Windows 8 is six time more secure than Windows 7 thanks to the new technologies that it features, but nobody knew that Redmond might actually contribute to these statistics by fixing only a number of flaws in Windows 7.

The security researchers who find this, however, claim that it's all just a matter of money, as Microsoft no longer wants to invest in the security system of older software since it already has a newer platform on the market.

“Why is it that Microsoft inserted a safe function into Windows 8 [but not] Windows 7? The answer is money - Microsoft does not want to waste development time on older operating systems ... and they want people to move to higher operating systems,” Joseph explained during the presentation

If Windows 7 is indeed left unpatched on purpose, this means that hackers might easily find zero-day vulnerabilities in the operating system that could then be exploited to access user data and get control of the exposed computer.

“If we get one zero-day from this project, it's worth it,” Joseph continued, adding that it was “scary simple” and very fast to find vulnerability with the application they developed.

Microsoft hasn't yet issued a statement on this, but we've reached out to the company and we’ll update the article when and if we get an answer.

http://news.softpedia.com/news/Microsof ... 5799.shtml

[Whatacrock]

Security Expert Explains Why Windows Is the Most Attacked Operating System

Windows is by far the most attacked operating system on the market right now, with many people pointing to the security offered by Microsoft's flagship product as one of the reasons why lots of users are falling victims to these attempts.

But as far as Ghareeb Saad, senior security researcher with the Global Research & Analysis Team, Middle East, Turkey and Africa at Kaspersky Lab, is concerned, Windows is the target of so many attacks because it's the most popular operating system on the desktop and hackers obviously want to have a higher success rate when scanning for potential targets.

And he does make sense. Windows is currently installed on more than 90 percent of the desktop computers worldwide, statistics are showing, so hackers looking for potential targets are clearly searching for PCs powered by Microsoft's operating system.

Saad says that even though Windows is considered to be an unsecure operating system, which isn't necessarily true, there is no such thing as a completely secure platform right now, as cybercriminals are developing new exploits capable of taking advantage of every single found flaw.

“There's no absolutely safe operating system at the moment. The more popular the software is, the more it is targeted by cybercriminals,” he was quoted as saying by News24.

Mac OS X and Linux systems are often considered to be operating systems that are impossible to break into, but Saad explains that this isn't the case, as several exploits developed to hack into these two platforms have already been developed and made millions of victims across the world.

“The myth about Mac OS security was demolished when in 2012 the quantity of created anti-virus entries grew by 30% in comparison with 2011, and notorious Flashfake Trojan managed to create the biggest Apple botnet which consisted of 100 million devices all over the world,” he pointed out.

Microsoft itself tried to make Windows 8 a lot more secure than its predecessors and now says that it's six times more unlikely to get hacked as compared to Windows 7.

The company is offering Windows Defender as the built-in anti-virus solution that comes with the same powerful features as any other third-party security app that's now available on Windows. Although it's often considered just a basic security program, Windows Defender does have real-time scanning, virus definitions updates and other advanced features that are already party of the majority of software on the market.

http://news.softpedia.com/news/Security ... 5834.shtml

[parkd1]

Windows 8.1 users who haven't yet installed the major update released by Microsoft in April, will stop receiving updates starting tomorrow.

Microsoft had announced that the update which was earlier known as the "Spring" update would be a mandatory update for Windows 8.1 users and had a given a buffer period for users to update to it. After launching the major update in April, Microsoft set a deadline for users in a blog post, which asserted, "Failure to install this Update will prevent Windows Update from patching your system with any future updates starting with Updates released in May 2014 (get busy!)."

However, Microsoft extended this deadline to 10th of June, which gave users another 30 days to update their Windows 8.1 installation. Now, the day has come that Microsoft will stop supporting users who have failed to get their systems running on the latest Windows 8.1. Interestingly, Windows 8 users are not required to be on the latest and greatest version of Windows, although the mainstream support for the OS might end in the near future.

If you have automatic updates turned on, you have nothing to worry about. For those of you who install patches manually, make sure you have the spring update installed, otherwise, you machine could become vulnerable to known exploits.

http://www.neowin.net/news/windows-81-u ... ve-patches

[parkd1]

what happens in win7

Around 50 percent of PC users are on Windows 7, while just 12 percent are running Windows 8.x, yet Microsoft is leaving the more popular OS vulnerable to zero day attacks by choosing to only patch the newest Windows version. That’s the findings of two security researchers who built a tool to compare 900 libraries in Windows 8 with their Windows 7 counterparts.

"If Microsoft added a safe function in Windows 8, why does it not exist in Windows 7? The answer is simple, it’s money -- Microsoft does not want to waste development time on older operating systems. They want people to move to higher operating systems," security researcher Moti Joseph claimed in a presentation at the Troopers14 conference in Heidelberg, Germany.

The DiffRay tool, developed by Joseph and malware analyst Marion Marschalek, compares libraries in the two operating systems and logs any patches found in one but not the other. In a demonstration, embedded below, they found four security functions which were updated in Windows 8 but not Windows 7.

Marschalek said it was "pretty simple, really scary simple" to develop the comparison tool, and warned that hackers, or governments, could use this technique to find and exploit missing patches in Windows 7.

Although the Troopers14 presentation happened last month, The Register only uncovered it a few days ago.

We reached out to Microsoft for comment on the allegations, and a spokesman told us: "We follow an extensive process to develop security updates for all supported devices and services, involving a thorough investigation, update development, and testing for compatibility among other operating systems and applications. We are continually working to improve our products and we encourage researchers to coordinate vulnerability disclosure with Microsoft in order to help protect customers".

http://betanews.com/2014/06/10/microsof ... searchers/

[parkd1]

Adobe has released a major update to its web media player and runtime platform with the release of Adobe Flash Player 14.0 and Adobe AIR 14.0.

The new releases deliver a number of new features and updates: a PPAPI Flash Player content debugger, support for Atom-based Android devices and -- of most interest to end users -- support for the AIR Gamepad API.

The PPAPI Flash Player content debugger gives Flash developers the opportunity to debug content using the PPAPI interface found on Chromium-based browsers. Once installed, developers are directed to chrome://plugins where they should see the debug version of Shockwave Flash should be available to enable.

Also added to version 14 of Flash and AIR are support for anisotropic filtering and a new Stage3D "standard" profile when creating Context3D.

Adobe AIR 14 gains support for Intel Atom-based mobile Android devices via the -arch ADT command line option. The new iOS packaging engine also gains numerous improvements and bug fixes.

Another new addition to version 14 of Adobe AIR is the new AIR Gamepad API, which allows developers to use Android mobiles as either a second screen or game controller for Flash-based games.

Users must simply ensure their Android device is on the same network as the parent computer and be running version 14 of AIR Runtime app on their mobile. At the current time, version 13 is still being touted in the Play Store.

The API provides support for gesture, touch and Accelerometer events, plus vibration and applying skins onto the AIR gamepad screen. To test the feature, once Adobe AIR 14.0 is installed on your Android device, browse to ModelViewer or Hungry Hero in the paired computer’s browser and follow the instructions.

The update is rounded off by a large number of bug fixes, including a range of Windows 8 and 8.1 fixes for Flash Player. Adobe AIR fixes cover both iOS, Android and Windows platforms.

Adobe Flash Player for Other Browsers 14.0 and Adobe AIR 14.0 are both available now as a freeware downloads for Windows and Mac. Also available is Adobe Flash Player for Internet Explorer 14.0 for PCs running Windows 7 or earlier (Windows 8 users are delivered updates through the OS).

http://betanews.com/2014/06/10/adobe-re ... nd-air-14/

[Whatacrock]

Microsoft Fixes 8-Month Old Zero-Day, Leaves Windows XP Vulnerable to Attacks

This month's Patch Tuesday rollout brought us a total of seven different security updates, two of which have been flagged as critical and supposed to address no less than 59 vulnerabilities in Internet Explorer.

While this is pretty surprising given the fact that we're discussing about a single application, this new series of updates also includes a fix for a zero-day flaw reported to Microsoft 8 months ago and publicly disclosed by HP's Zero Day Initiative last month.

In an advisory released today, Microsoft explained that the most severe vulnerabilities patched today would allow an attacker to gain the same privileges as the logged-in user and run malicious code on the target computer.

“The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. An attacker who successfully exploited the most severe of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights,” Microsoft said.

The company explains that this particular flaw has been considered critical on Windows clients and moderate on Windows servers.

“This security update is rated Critical for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11 on Windows clients, Moderate for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11 on Windows servers,” it added.

As you can see, Windows XP is missing from this equation, so the company has indeed pulled the plug on this particular OS version completely, even though more than 25 percent of the computers worldwide are still running it right now, according to third-party statistics.

Redmond warns that every single user that still has Windows XP installed on his computer needs to upgrade to a newer version as soon as possible, be it Windows 7 or Windows 8.1. Upgrading would also bring a new Internet Explorer version as well, which clearly keeps them on the safe side whenever new vulnerabilities in older builds of the browser are discovered.

Today's IE fixes are available for all the other supported Windows versions via Windows Update, so if your computer is connected to the Internet, just wait until all patches are automatically downloaded and installed. If you're running Windows XP, your best options are to either upgrade to a newer OS or change Internet Explorer with another browser.

http://news.softpedia.com/news/Microsof ... 6234.shtml

[parkd1]

On the second Tuesday of every month, Microsoft releases patches for its products and this month is no different. While the Surface 2 and Pro 2 will be getting some enhancements by the way of firmware updates, Internet Explorer is patching a rather large number of vulnerabilities.

Microsoft said on its IE blog today that they are patching 59, yes 59, vulnerabilities; there were two publicly disclosed vulnerabilities and fifty-seven privately reported vulnerabilities. If you needed a reason to make sure you were actively patching your system, this post alone should warrant your attention to do so.

If you are wondering how many vulnerabilities were reported in previous months to help gauge if 59 vulnerabilities was high, for the month of May there were two privately reported vulnerabilities, six vulnerabilities for April, 18 for March and 24 for February.

The good news is that these issues have now been patched and for a machine that is updated, are no longer an issue. While the number is quite high this month in terms of vulnerabilities, we still prefer how open Microsoft is about the process each month and the fact that they do not try to hide these figures.

If you want to learn more about what was patched, you can read the full list here.

As Microsoft works to make Internet Explorer more secure, the company is also pushing the abilities of its browser and has teamed up with ESPN to create a World Cup portal.

http://www.neowin.net/news/microsoft-59 ... ed-in-june