What's New in Microsoft Land: 25th - 29th September 2006

On Monday, Scott Deacon, Microsoft representative wrote on his blog that Microsoft may release a security update for Internet Explorer to fix a serious flaw reported last week.

"Hi everyone, Scott Deacon here again. Wanted to update you on what we've seen to date with the VML issue. Attacks remain limited. There's been some confusion about that, that somehow attacks are dramatic and widespread. We're just not seeing that from our data, and our Microsoft Security Response Alliance partners aren't seeing that at all either. Of course, that could change at any moment, and regardless of how many people are being attacked, we have been working non-stop on an update to help protect from this vulnerability. We've made some progress in our testing pass for the update and are now evaluating releasing this outside the monthly cycle, as we do any time customers are under threat and we believe we can issue an update that meets our quality bar for widespread deployment. So right now we're looking at where we hit that quality bar and if that occurs prior to the monthly cycle then we will release.That last bit is important because we were made aware this morning of a third party "update" for this issue. We think it's great that there are people out there working to help protect our customers. But as we've always said, we cannot endorse third party updates. As a best practice, customers should obtain security updates and guidance from the original software vendor. That's because we carefully review and test security updates and workarounds to ensure that they are of high quality and have been evaluated thoroughly for application compatibility," he said.

This update is extremely important for us. I guess nobody wants to be vulnerable as long as they are browsing the internet. Or should I say, as long as they are using Internet Explorer? Anyway, I have a question: is there anybody that is still using IE?


On Tuesday, the giant launched a second release candidate for Windows PowerShell, "a new command-line shell and scripting language for the system administration and management of applications that run in Windows."

"Windows PowerShell helps accelerate automation and is easy for organizations to learn and to use. Windows PowerShell 1.0 uses Package Installer technology for Windows XP-based and for Windows Server 2003-based installations. The location of the Windows PowerShell installation folder is not configurable," it is mentioned on the download page.
On the Windows PowerShell team blog was mentioned that "this Release Candidate 2 of Windows PowerShell addresses numerous customer requests based on their evaluation of Beta3 and RC1 including: Direct ADSI support to allow IT Pros to more easily administer Active Directory; Improved support for Windows Management Instrumentation through ability to change WMI properties via methods; Additional logical operators (XOR and binary XOR) that make it easier to write sophisticated scripts. Improved help content and help functionality including new views that make it easier to find the right information."


"Microsoft today announced an agreement to acquire Gteko Ltd., a leader in delivering simple solutions to a wide range of PC problems. The acquisition will bolster Microsoft's ongoing efforts to help customers and partners more seamlessly solve PC problems," was published on Wednesday on Gteko.com, the company bought by the giant.

"By the end of the decade, Microsoft will significantly expand its operations in the consumer sector, to which end advanced support solutions are required. Gteko's leadership in providing simple solutions to a wide range of PC problems made this a particularly attractive opportunity for Microsoft," said Moshe Lichtman, President of MS Israel R&D Center. "Joining forces with Gteko is yet another building block in the expansion of our technological operations in Israel and it will help enhance our efforts to work together with other elements in the industry to help provide a superior PC experience for our customers," it is also mentioned.

"Gteko, founded in 1992, is headquartered in Ra'anana, Israel with offices in New York and Tokyo," is the description of the company published on its website.


On Thursday, Microsoft released Forefront Security for SharePoint public beta, "a comprehensive line of business security products providing greater protection and control through integration with your existing IT infrastructure and through simplified deployment, management, and analysis".

"This latest release of Microsoft Forefront security products for businesses is based on Antigen for SharePoint Server, the multi-engine security solution acquired by Microsoft as part of the acquisition of Sybari Software Inc. in 2005. Forefront Security for SharePoint is optimized to provide advanced protection for Microsoft Office SharePoint Server 2007 and Windows SharePoint Services 3.0. Microsoft SharePoint Products and Technologies facilitate easy collaboration across an organization, connecting people, processes and systems within and beyond organizational boundaries. Forefront Security for SharePoint uses the combined power of multiple antivirus engines from leading security providers to protect against viruses, unwanted files and inappropriate content," it is mentioned in the announcement.


On Friday, Microsoft published an advisory saying that the giant "is investigating new public reports of a vulnerability in supported versions of Microsoft Windows."

"Customers who are running Windows Server 2003 and Windows Server 2003 Service Pack 1 in their default configurations, with the Enhanced Security Configuration turned on, are not affected. We are also aware of proof of concept code published publicly. We are not aware of any attacks attempting to use the reported vulnerability or of customer impact at this time. We will continue to investigate these public reports.
The ActiveX control called out in the public reports and in the Proof of Concept code is the Microsoft WebViewFolderIcon ActiveX control (Web View). The vulnerability exists in Windows Shell and is exposed by Web View. We are working on a security update currently scheduled for an October 10 release," it is mentioned.
For now, all that Microsoft can to is to advise customers "to keep their anti-virus software up to date".


Week's Conclusion: finally, a period without many words about Vista. This week started and ended with announcements made by Microsoft about some new updates that will be released to repair flaws detected in IE and Windows Explorer. Hard week.