Microsoft Issues Two Unscheduled Patches For IE, Adobe Flash

Microsoft has rolled out two software patches; one is designed to close vulnerabilities in Internet Explorer versions 7, 8 and 9 that leaves the popular browser susceptible to a remote code execution. The other is intended to update protection from similar exploits for Adobe Flash Player in IE 10 on Windows 8.

"Microsoft has a monthly cadence for issuing patches, and anytime they come forward with something that is not regularly scheduled, you know that it involves an important threat," said Marcus Carey, security researcher at Rapid7. "I'm recommending that administrators test the patches in a development environment before rolling them out to make sure that they don't cause unforeseen issues, but assuming that they pass that testing process, they should move on this immediately."

Individuals who have enabled Automatic Updates do not need to take additional action.

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

Microsoft on Wednesday issued a temporary "Fix-it" to mitigate the IE vulnerability, and Microsoft says that anyone who has installed the "Fix-it" can apply the permanent patch on top of the temporary patch without having to uninstall the temporary one.

"Keep in mind that a 'Fix-it' is similar to a bandage, while the permanent patch fixes the root cause of the problem," added Carey.

Although Microsoft maintains that the Internet Explorer vulnerability impacts only a "small number of users," it is also known that the exploit has been loaded into Metasploit and similar testing kits, thereby making it available to a wider range of black-hat hackers, as well as their white-hat counterparts.

The attack typically begins with a malicious website that determines which version of IE the host system is running. It then loads additional software to perform a heap spray and load an iframe. Protect.html is then loaded to trigger the vulnerability, at which point Poison Ivy is downloaded. A successful exploit leads to the ability to execute remote code.

The IE patch also resolves four privately disclosed vulnerabilities that are currently not being exploited, according to Microsoft.

Meanwhile, the company has also released a security patch for Flash Player when used in Internet Explorer 10 on Windows 8. “We are working closely with Adobe to help protect our customers and deliver quality protections that are aligned with Adobe’s s update process,” said Yunsun Wee, director of Microsoft's Trustworthy Computing Group, in a prepared statement.

Security researchers are advising IT administrators and channel partners to move forward with the updates as quickly as possible.

Windows 8 Update: Ballmer redefines the PC

Also: Windows 8 for games, final Office will be an upgrade to Windows RT

Just as the world is coming to grips with the post-PC era the CEO of PC software behemoth Microsoft, Steve Ballmer, seems to be trying to prolong the age by redefining the iconic business machine to include tablets.

In a Seattle Times interview with Janet I. Tu, Ballmer says PCs will sell well next year, but he acknowledges that some of what might be called tablets could also be considered PCs.

MORE: Windows Server 2012 in photos

CLEAR CHOICE TEST: 6 free email servers for small businesses

This includes Microsoft's own new hardware device Surface for Windows 8, which has all the features of a tablet but also includes a fold-down cover that becomes a keyboard. That hardware arrangement, when coupled with the version of Windows 8 for x86 processors that supports all traditional Windows applications, is a laptop PC.

Another version, called Windows RT, supports only modern applications, the name Microsoft has given to apps designed for touch. Windows RT could legitimately be considered a tablet with a keyboard.

Here's what Ballmer said to Tu:

Q: What is Microsoft's plan if Windows 8 doesn't take off?

A: You know, Windows 8 is going to do great.

Q: No doubt at all?

A: I'm not paid to have doubts. (Laughs.) I don't have any. It's a fantastic product. ...

People talk about: "How healthy is the PC market?" There's going to be close to 400 million PCs sold in the next year, which makes it a big market. And whether it's 405 [million] or 395 [million], it's a big market, and Windows 8 will propel that volume.

It also brings us into this world of much more mobile computing and more mobile form factors. I think it's going to be hard to tell what's a tablet and what is a PC.

Ballmer also flirted with setting a price for Surface, which is widely compared to Apple's iPad, but came up short. From the interview:

Q: The iPad has the largest share of the tablet market, but its soft spot, it seems to me, is the price. With the Surface, are you planning to compete with the iPad on price or on features?

A: We haven't announced pricing. I think we have a very competitive product from the features perspective. ...

I think most people would tell you that the iPad is not a superexpensive device. ... [When] people offer cheaper, they do less. They look less good, they're chintzier, they're cheaper.

If you say to somebody, would you use one of the 7-inch tablets, would somebody ever use a Kindle [Kindle Fire, $199] to do their homework? The answer is no; you never would. It's just not a good enough product. It doesn't mean you might not read a book on it. ...

If you look at the bulk of the PC market, it would run between, say, probably $300 to about $700 or $800. That's the sweet spot.

The price is the ballpark range that people pay for an iPad but without a keyboard. It's a different price bracket than that occupied by Amazon's Kindle fire, and the Surface itself has a broader set of capabilities.

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

Windows 8 for games

Microsoft has teamed up with the cloud-based gaming company Agawi in order to stream games to users of Windows 8 devices, the companies say.

The games would be based in Microsoft's Azure cloud and be streamed to whatever Windows 8 device the customer had -- tablet, laptop, PC.

The goal of the partnership is to make it easier for developers to create games that scale without having to worry about how that will be accomplished. That will be taken care of by the Agawi/Microsoft back end, they say.

Agawi demoed some of the games at Cloud Gaming USA this week.

Meanwhile, Microsoft also plans to open an interactive entertainment studio in London this November that will focus on using Windows 8 devices as the underlying technology.

The goal is to build a business that focuses on entertainment-as-a-service that can be sold to users of Windows 8 tablets such as the Surface devices Microsoft is making itself to best show off the new operating system.

The new studio "will allow Microsoft Studios to explore the many creative and business opportunities that developing new games and entertainment experiences on Windows 8 tablet devices and platforms will afford," says Lee Schuneman, who will head up the studio. So far the studio hasn't been named.
Free Surface tablets for Microsoft workers

Microsoft CEO Steve Ballmer promised at the annual company gathering that all 90,000 full-time Microsoft employees will get free Surface tablets, a Windows 8 PC and a Windows Phone 8 phone.

Employees get to use the tablets and phones for whatever they want, but the PCs are for work only, according to posts on Twitter.

Of course there is a top-of-line Surface model that has the processing power of a PC, so the promise of a tablet and a PC could be fulfilled with a single device.
Office preview at Windows 8 launch

When Windows 8 on ARM-based devices -- Windows RT -- launches Oct. 26, the version of Office applications bundled with it will just be preview versions, Microsoft says.

These tablet devices only run applications designed specifically for Windows 8 (Microsoft calls them modern apps) with the exception of specially crafted versions of Word, Excel, PowerPoint and OneNote.

But the final version of these Office apps won't be ready when Windows RT becomes generally available, Microsoft says in a blog.

"After the final edition of Office Home & Student 2013 RT is released in a customer's language, their Windows RT device will be automatically updated with the final edition for free via Windows Update (Wi-Fi connection required)" the blog says. "Customers can expect to get these updates starting in early November through January depending on their language. We'll publish the specific update schedule on October 26."
IE 10 patched for Windows 8 launch

Microsoft says it will patch a Flash vulnerability in the new Internet Explorer 10 that is designed specifically to better support the touch capabilities of Windows 8.

This is a decision that counters what Microsoft said earlier -- that it would wait until after the Windows 8 launch Oct. 26 to patch the browser.

The company must have decided the weakness represented a significant security threat that couldn't be ignored.

Traditionally IE supported flash via plug-ins, but they have been banned with IE 10 and Microsoft has instead built flash directly into the browser.

Microsoft TS: Microsoft Windows Embedded Standard 2009, Development - 70-577 Exam

In order to offer the customers the latest edition of 70-577 exam, Certkingdom staffs make great efforts to make sure that they are always in-touch with the changes in the exam. It is certain that the Certkingdom training materials are the most actual information available for you.

We developed 70-577 practice exam free with the help of our highly certified professionals according to the latest Microsoft updates. Our study guide certification assures you passing your 70-577 exam in your first attempt with high scores and become Microsoft Certification certified professional. You can download certification test and start preparing your 70-577 exam preparation guide not only help you pass your 70-577 exam but enable you to demonstrate the purpose of the 70-577 exam.

Best Microsoft MCTS Certification,
Microsoft MCITP Training at certkingdom.com

It has been specially made from the exam point of view and teaches you the necessary tricks you need to outsmart the rest! Do not take chances with your future! Turn to Certkingdom range of resources including 70-577 Exam Materials, Study material, technical training , training manuals , test papers, Certkingdom exam Questions, 70-577 Study Guide, Braindumps / Dumps , training Questions , study Questions , Practice Exams, study Tests, Certification training Study Notes and Detailed Explanations & Answers, 70-577 Certification Papers, Classes and Study Programs and exam simulators.

Certkingdom Microsoft Certification 70-577 training material provides you with comprehensive Practice Test questions with precise and accurate answers. 70-577 exam practice questions and answers are constantly updated to keep up with the current certification exam. Certkingdom 70-577 Testing Engine provides you with an opportunity to test your knowledge and skills in a simulated, certification-testing environment.

Certkingdom 70-577 examination exam question contains the complete unrestricted dump. This 70-577 examination questions of just one of these, including many exams, so you can easily through the 70-577, no matter you are through to your product certificate or any other today popular authentication. Perfect 70-577, not rely on the exam 70-577 training exercises. Get 70-577 learning guidance, this is actually the best you can use 70-577 PDF format questions and answers, to get through the VMWare 70-577 today.

There are many sites which provide information on Microsoft 70-577 exam and provide you study materials like Microsoft Certification 70-577 dumps and others. To make a good preparation for this highly professional exam you must have a complete knowledge and for that you must use an authentic source. Certkingdom is the best source to prepare for your Microsoft 70-577 exam for 100 percent results.

Many of the websites on the internet offer study material in the form of softwares. An amazing website in this regard is Certkingdom. It offers you enormous help in the form of its software designed with the name of the certification, 70-577 test. It consists of an easy to understand material and is according to exam needs. That is why 70-577 Certkingdom has gained much popularity within a very short period of time.

When it comes to perfect training any free 70-577 examination resources are not give you need. In Certkingdom 70-577 download files from the information filled the most realistic, you can find 70-577 exam preparation. In practice 70-577 Certkingdom. With answers you get from the question is unique. This is why thousands of depend on us to provide the best 70-577 the most cheap training. If your budget 70-577 is limited, you need to complete solutions. Don’t rely on free 70-577 learning guidance or expensive 70-577 training guidelines. The best 70-577 demand training!

Best Microsoft MCTS Certification,
Microsoft MCITP Training at certkingdom.com

RIP Bill Moggridge, Design Father of the Laptop

Moggridge is responsible for designing the folding screen and clamshell design of the modern laptop.

Wiliam "Bill" Moggridge is the man responsible for designing the folding screen and clamshell design of the modern laptop.

The pioneering industrial designer passed away last weekend at the age of 69.

Evolution of the PC

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

Moggridge invented the notion of (and coined the term) interaction design the idea that software and hardware and other products should be designed to satisfy peoples needs and desires.

He also co-founded the renowned interactive design firm IDEO, which continues to champion human-centered design. If there's a simple, easy principle that binds everything together, Moggridge says, its probably about starting with the people.

Background

In 1979, Moggridge began designing the Grid Compass for a startup firm called Grid Systems. It is widely considered to be the first real laptop.

Early portable computers were 26-pound sewing machine-sized beasts. The Grid Compass, however, was truly a breakthrough in mobile computing, with a 12-pound weight and unique fold-over display that made the device more compact. NASA and the military were the primary users of these $8,150 laptops. (With its magnesium case, the durable Grid Compass even made it into space!)

Laptops have been shrinking incredibly since the Grid Compass was released in 1982 but, in the three decades since then, the basic form hasnt changed very much from Moggridges original conception. That' s the sign of a true design genius.

Awards

Moggridge won the United Kingdoms oldest design award, the Prince Philip Designers Prize, in 2010 for the Grid Compass. He was also named a Royal Designer for Industry and won the 2009 Cooper-Hewitt National Design Award for Lifetime Achievement.

From 2010 until his death from cancer on September 8, 2012, the British designer was the director of the Smithsonians Cooper-Hewitt National Design Museum. The museum says Moggridge enhanced its profile as one of the worlds leading authorities on the role of design in everyday life and develop and present exhibitionsboth real and virtual.

Described as tenacious, open, and empathetic by those who knew him, Bill Moggridge will long be remembered as a trailblazing designer and the father of the modern laptop.

Best HP Certification Training and HP Exams Training
and more HP exams log in to Certkingdom.com

Microsoft gives users a patch break, and time to prep for certificate slaying

Use the light Patch Tuesday to get ahead of key invalidation update slated for October, say experts

Microsoft today said it will issue two security updates next week for its Visual Studio development platform and its System Center Configuration Manager, the company's enterprise patch and software distribution console.

The Redmond, Wash. developer outlined the two bulletins, company-speak for its security updates, in today's advance notification.

The light month -- in August, for instance, Microsoft shipped nine updates -- will give IT admins time to prepare for an October update that invalidates all certificates with keys less than 1,024 bits long.

"Customers will want to take advantage of September's quiet bulletin cycle to review their asset inventories," said Angela Gunn of the Trustworthy Computing group, in a Thursday blog post.

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

Microsoft first told users that it was going to disable all digital certificate keys shorter than 1,024 bits in June, saying then that it would issue an update in August to block Windows accessing short keys. Microsoft did ship the update last month, but made it an optional download. On Oct. 9, next month's Patch Tuesday, Microsoft will add the update to the Windows Update stream, effectively pushing it to everyone.

Companies can, of course, delay the October update using patch management software, such as Windows Server Update Service (WSUS).

Andrew Storms, director of security operations at nCircle Security, echoed Microsoft's advice to use the breathing room of this month's light patch schedule to prepare for the October key-length update. "It's crunch time," he said. "It's one of those things that people may have forgotten about, and if [the October update] is approved, then things could break."

Storms posted an entry on nCircle's blog today that included links to several articles and support documents on Microsoft's site that explain the key invalidation update scheduled for next month.

Other security experts backed up Storms.

"For most IT shops, this will be a slow month, providing a great opportunity to...take another look at Security Advisory 2661254 (KB2661254), which will go into automatic-install mode in October," said Wolfgang Kandek, CTO of Qualys, in an email, referring to the key-length deprecation.

Marcus Carey, a security researcher at Rapid7, agreed. "The light patch month in September will allow organizations to prepare for this, which is great as it has the potential to break things if applications are still using outdated certificates," said Carey, also in an email. "It almost seems as if Microsoft is intentionally giving organizations a light patch month so they can focus on updating their legacy certificates."

That's certainly possible, said Storms. "They could have made an administrative decision to delay other updates to give enterprises time [to work on their certificates]," he said.


Microsoft used that same tactic in March 2007, said Storms, when it issued no security bulletins because it wanted to give customers time to apply a Daylights Saving Time update to Windows that had been prompted by widespread changes in the U.S.

Next week's slate will be smaller than in past Septembers, Storms noted: In 2011, Microsoft shipped five updates that month, while in 2010 and 2009, the company issued 10 and five, respectively.

The October update to kill certificates with shorter -- and thus more vulnerable -- keys was triggered by the discovery of Flame, the sophisticated espionage tool discovered by Kaspersky Lab. Flame infiltrated networks, scouted out the digital landscape, and used a variety of modules to pilfer information. Among its tricks was one called the "Holy Grail" by researchers: It managed to spoof Windows Update, Microsoft's update service, to infect completely-patched Windows PCs.

Microsoft reacted by killing off some of its own certificates and beefing up Windows Update's security.

During its investigation into Flame, Microsoft decided to harden the Windows certificate infrastructure. The result was its decision to block access to certificates with keys shorter than 1,024 bits.

"I'd bet that they always wanted to do this," said Storm, "but historically, Microsoft wants to support all their customers, even those with much older systems that rely on shorter keys. Because of Flame, they had a good reason to make this move."

Next week's update, while light, was still interesting to Storms, who noted that Patch Tuesday will not fix any flaws in Internet Explorer (IE), making this the first month in the last four to omit the browser.

In July, Microsoft announced it was ditching IE's every-other-month schedule, and would ship patches when they were ready.

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com