14 DAY TRIAL // "A Windows shortcut trick, which could allow an executable file to be launched when a user types a Web address into Internet Explorer, is not a security vulnerability," Microsoft said on Monday. A shortcut trick refers to an address typed in Internet Explorer that, instead of launching the required website, will start an executable on the local computer.
Anyone who wants to test this trick must create a shortcut on the desktop and name it with a website address without http:// characters (for example www.softpedia.com). Then, if you start Internet Explorer and you'll type the same address, also without http://, you'll start the program that the shortcut refers to. "It's important to clarify the difference between security problems and legitimate features. A security hole helps an attacker do something they shouldn't be able to do, which is not the case in this instance. Software that the user legitimately has installed on the computer might need exactly this sort of feature provided by IE," said Peter Watson, chief security adviser at Microsoft Australia. "For example, imagine if you needed to run a dial-up connection to connect to a certain site. The dial-up connection might be called 'connect to mysite.com.' You can see in that case how important it is for Windows (or any operating system) to have flexibility for legitimate software," Watson sustained.
On Tuesday, Microsoft has been named in a second lawsuit over its antipiracy Windows Genuine Advantage tool, which is detected as "spyware" on some computers.Engineered Process Controls, Univex and several other parties filed a complaint in U.S. District Court in Seattle, sustaining that Microsoft installed "spyware" on their systems as a "critical security update." The suit is the second after another complaint containing similar allegations was started in U.S. District Court in Los Angeles. "The two lawsuits appear to be similar in the claims and both are without merit. They distort our antipiracy program?and the harm piracy brings to Microsoft and to customers," said Jim Desler, a Microsoft spokesman.
On Wednesday, Microsoft announced its plans to sponsor an open-source project to create applications that will convert Office documents to OpenDocument. The company launched the Open XML Translator project, designed by a France-based Microsoft partner, that will enable users to use Microsoft Office to open and save documents in the OpenDocument, or ODF, format.
"Microsoft isn't seeing a sharp uptick in demand for OpenDocument, but government customers urged the company to provide interoperability between Microsoft's own forthcoming XML Office formats and OpenDocument," said Tom Robertson, the general manager of interoperability and standards at the software giant.
"We wanted to have this project be really transparent. No translation is perfect. There are a lot of trade-offs between Open XML, which is actually full-featured and backward-compatible, and ODF, which is more limited," said Jean Paoli, the general manager of interoperability and XML architecture at Microsoft.
On Thursday, FrSIRT.COM published an alert that announces a hole in Microsoft Excel has been identified that could enable attackers to take control of a PC. "A vulnerability has been identified in Microsoft Excel, which could be exploited by attackers to take complete control of an affected system. This flaw is due to a memory corruption error when handling or repairing a document containing overly long styles, which could be exploited by attackers to execute arbitrary commands by convincing a user to open or repair a specially crafted Excel file," can be read on the website. "In order for this attack to be carried out, a user must first open a malicious Excel document that is sent as an e-mail attachment or otherwise provided to them by an attacker. Opening the Excel document out of e-mail will prompt the user to be careful about opening the attachment," a Microsoft representative said in an e-mail. The entire alert is available here.
As part of the monthly security bulletin release cycle, Microsoft published an advisory that sustains four bulletins for Windows flaws and three for Office will be released on Tuesday. "Four Microsoft Security Bulletins affecting Microsoft Windows. The highest Maximum Severity rating for these is Critical. These updates will be detectable using the Microsoft Baseline Security Analyzer and the Enterprise Scan Tool. Some of these updates will require a restart. Three Microsoft Security Bulletins affecting Microsoft Office. The highest Maximum Severity rating for these is Critical. These updates will be detectable using the Microsoft Baseline Security Analyzer. These updates may require a restart." The entire advisory is available here.
On Friday, Microsoft launched an add-on to Windows XP that will create a password-protected private folder for storing private documents and files. "Microsoft Private Folder 1.0 is a useful tool for you to protect your private data when your friends, colleagues, kids or other people share your PC or account. With this tool, you will get one password protected folder called 'My Private Folder' in your account to save your personal files. Download and have your private folder today!" can be read on Microsoft website.
You can download Microsoft Private Folder 1.0 from Softpedia.
