Microsoft Get Ready for Patch Tuesday. 6 Bulletins

According to Arstechnica there will be 6 Bulletins and each of them are very interesting:

• Bulletin 1: Critical (Remote Code Execution), Windows
• Bulletin 2: Critical (Remote Code Execution), Windows
• Bulletin 3: Critical (Remote Code Execution), Windows
• Bulletin 4: Important (Elevation of Privilege), Virtual PC, Virtual Server
• Bulletin 5: Important (Elevation of Privilege), ISA Server
• Bulletin 6: Important (Remote Code Execution), Office

It looks like there will be another Directx Patch for those who have Directx 7 through 9.0c.  It also seems they will be Patching the Virtual PC and Server and ISA Server.    Microsoft will also be patching 2007 Microsoft Office System Service Pack 1.  They will also Be Releasing 14 different patches for non Critical status.

The vista-users-unaffected.ars” target=”_blank”>Directx Flaw that was reported in May is reportedly being patched and that is why we have these Directx updates that are comming down from Microsoft.

So Now is the time to get Autopatcher updated to the lastest updates and schedule a time next week for you to test and install these updates.   I would recommend updating your anti-virus and Firewall software if you have any, if not it is time to get them and install them.

Electric Company fear Mongering gone wrong!!

I saw this talking going on at Arstechnica and SANS Interenet are Talking about the Elecric Company Fear mongering. Here’s what Ars Says:

It sounds like something straight out of Hollywood. Current and former US security officials have reported that foreign nations have penetrated the cybersecurity barriers surrounding the US electrical grid, water system, and even financial networks. Although no known attempts have been made to activate the booby traps said black hats left behind, such sleeper cells could activate suddenly during a war or crisis, plunging the nation into a disaster only Bruce Willis and that Mac dude could avert.

[Via Arstechnica]

This was posted today with people asking the question Is the Electric company have a viruses or have a worm? I don’t know but these fears are coming from the Wall Street Journal:

WASHINGTON — Cyberspies have penetrated the U.S. electrical grid and left behind software programs that could be used to disrupt the system, according to current and former national-security officials.

[Via Wall Street Journal]

Now let’s talk about this, This is being a talked about on a friends Podcast, The Caffination Podcast. This is where I have figure we should talk about this. I think Sans Internet Storm says it better than I could:

Upcoming Patch Tuesday for February 10, 2009

Microsoft Today has released the list of patches for February. Here’s the List of things they will patch:

• Internet Explorer — Remote Code Execution (Require restart) [ CVE-2009-0075 CVE-2009-0076 ]
• Exchange — Remote Code Execution (No Restart Required) [CVE-2009-0098 CVE-2009-0099]
• SQL — Remote Code Execution (May Require Restart) [CVE-2008-5416]
• Visio — Remote Code Execution (May Require Restart) [ CVE-2009-0095, CVE-2009-0096 and CVE-2009-0097]

The list of affected operating configurations includes Windows 2000, Windows XP (x86 and x64), Windows Server 2003 (x86 and x64), Windows Vista (x86 and x64), and Windows Server 2008 (x86 and x64). Microsoft Exchange Server 2000, 2003, and 2007, Microsoft SQL Server 2000 and 2005, as well as Visio 2002, 2003, and 2007 are also affected.
[Via Arstechnica]

We got several Non-critical updates.  Here’s the List of them, some of these are monthly updates and some are just interesting to look at:

• Update for Windows Mail Junk E-mail Filter [February 2009] (KB905866)
• Windows Malicious Software Removal Tool – February 2009 (KB890830)/Windows Malicious Software Removal Tool – February 2009 (KB890830) – Internet Explorer Version
• Cumulative Update for Media Center for Windows Vista (KB960544)

Admins are shaking in there boots due to the Ms 09-001 Patch

I have to talk about this because this is a big deal.   According to Techworld and I’ll quote:

“This one scares me – a lot,” says Eric Schultze, CTO of Shavlik Technologies. “It is a lot like Blaster and Sasser. It is the same exploit vector. If I am an attacker and I can touch NetBios then I can execute code with no credentials.”

[via Techworld]

Now This is due to the fact of what is happening with an update that came a few months ago the MS 08 – 067 that still people haven’t patched their systems.  According to F-secure the Downadup/Conflicker has grown overnight by a million computers being infected.

Now why are they scared of the recent patch (MS 09-001), because of so many vectors of infection, you don’t need any credentials.  The virus  does not  need to know any passwords or user names to gain access.  Just like the Downadup variant that is hitting the internet right now, this virus tries to access accounts by guessing weak passwords or even putting itself on flash drives or other mobile media to get other systems infected.

Windows 7 will sport Direct X 10 Compliance!

The new feature is called WARP10, for “Windows Advanced Rasterization Platform,” and it’s essentially a DX10-compliant, software-only rasterizer that was written by Microsoft; it runs directly on the CPU. In a situation where a DX10 app needs to run but can’t find DX10-compliant hardware, it will run on WARP10, albeit very, very slowly. Ultimately, you can think of WARP10 as a “software DX10 GPU” that will exist as a fallback in Windows.

[via Arstechnica]

Microsoft kills a fake antivirus tool from 994,061 computers!

According to Arstechnica and I’ll quote:

Win32/FakeSecSen has gone by various names, including Micro Antivirus 2009, MS Antivirus, Spyware Preventer, Vista Antivirus 2008, Advanced Antivirus, System Antivirus 2008, Ultimate Antivirus 2008, Windows Antivirus, XPert Antivirus, Power Antivirus, and Ultra Antivirus 2009. Furthermore, it is skinnable, so each of these variants has a different GUI, although the basic functionality is the same: bother users with warnings of malware until they pay up.

The Microsoft Malware Protection Center recently released some data on how the removal tool performed this month: FakeSecSen was removed from 994,061 machines. That number isn’t the highest Microsoft has recorded before, and the number of removals depends on which malware Microsoft adds each month and how widespread it is.

[via Arstechnica]

This seemed to of happened this month with the usual Windows update.  If you haven’t updated your system just yet you should.   This troublesome fake virus seems to have been killed  from several systems.  This could effectively make it harder for these guys who ever designed this program to make money.  I hope microsoft does even more virus removals in next month.  If you still want to try to get rid of these viruses don’t forget to check out my tips on Virus removal.

Is Hulu the “salad course”?

As I’ve been watching Hulu the last few months.  I’ve come to think that Hulu isn’t offering us the viewers the chance of a full course meals.  They seem to like to stop after the first 2-3 seasons on most of the shows.    I recently contacted Hulu about the Naruto episodes and here’s what they had to say about it:

Thanks for the email. On background, sometime in the coming weeks, Hulu
will get the remaining episodes of Naruto Season 1, and we'll also get
episodes from Season 2-3 in the future as well. 

Please let me know if you have any questions. Thanks.
Brandon Boone

So why does Hulu do this? I have a theory and this is one that most people will agree on. My theory is that the distributors are trying to entice us into buying the rest of the seasons from someplace, like Amazon or Itunes. Now I am going to have to say this is really stupid way of business and will sooner or later create even more of a demand to download these shows illegally. In the past people have always looked for the cheap way to watch there favorite shows.

NBC-Vista copy-protection snafu reminds us why DRM stinks

The serves as a unsettling reminder that broadcasters can give instructions to the software built into DVRs, although they almost never do. Many DVRs and other, similar devices appear to be aware of the content-restriction flags set by broadcasters, even if they’re not programmed to “obey” them by default. Still, broadcasters would love to have the power to stop users from recording their shows, watching them later, and most importantly, skipping commercials when they do it.

[Via Arstechnica]

Yes that is right DRM does stink, I found this article to be a great reminder of how unrealistic it is that we should need DRM. Oh well, I’m just going to have to live with DRM!!

Dell XPS phase-out symptomatic of declining PC gaming sector

Dell currently offers two desktop product lines. The lower tier (Inspiron), is meant for cost-conscious buyers, with entry prices as low as $379, while the upper tier (XPS), further bifurcates into XPS Performance/All-in-One and XPS Gaming PCs. Out of this group, only the XPS Gaming tier is being eliminated, and Dell apparently intends to continue using the XPS brand on mainstream desktops and higher-end laptops. As for the reason why Dell chose to eliminate its XPS gaming division, the numbers below paint a sobering picture.

[Via Arstechnica]

I am asking the question of how stupid could they be, they will loose a bunch of customers because of this. Although most people don’t release how hard the economy is hit with this recession but I will improve sooner or later!!

Is HD Players Really Dead?

Now in an article I read Blue Ray Takes the Lead by a blog called ITola. I was reading this and had to ask myself some questions and try to figure out some answers.

Is HD Players really Dead?

My Answer is : “NO”

I don’t say that lightly for several reasons. Recently today Arstechnica states that Universal and Paramount haven’t changed there stance on switching to Blu-Ray. Now why is that a big deal, it just proves that there is something that Blu-Ray Founders don’t know . Here’s what I know, having thought about this for several days. If cable companies start offering Blu-ray HD movies in there service that is some major bandwitdth. Even though HD DVDS are 15 GB and Blu-ray DVD’s are 20 GB, Blu-ray Movies would take some time to download or stream it. Blu-ray would have to compresse the file into small pieces to even view the movie. Although HD movies are a little smaller they require less bandwitdth and in doing so are faster and easier to watch on Hulu and other sites like that. They have a HD Gallery that is really nice to watch on my intel and seems to work really well for an example of the HD Horton Hears a Who! – Trailer to see what I mean by the HD. I love how they stream it without much of a problem. Now if that was going to be a Blu-Ray HD movie it would be crazy to try to stream it. I think HD will not die, it will however change if needed into a way to stream really good video and movies on the internet. I think we haven’t seen the HD and Blu-ray Wars going way soon. It will continue without much help from anyone. The way I see it, the world will always change and go about it’s business. I know there is always going to be a choice and I hope to see this type of competition more often with players.

Hot, sexy bot sweet-talks personal data out of chatters

Security software company PC Tools warns that the bot can easily be used for malicious purposes. The company said that the program’s ability to mimic human behavior to dupe chatters is worrisome, and could readily be used to collect all manner of information. “As a tool that can be used by hackers to conduct identity fraud, CyberLover demonstrates an unprecedented level of social engineering,” said PC Tools senior malware analyst Sergei Shevchenko in a statement. “CyberLover has been designed as a bot [robot] that lures victims automatically, without human intervention. If it’s spawned in multiple instances on multiple servers, the number of potential victims could be very substantial.”
[Via Arstechnica]

This is really a security issue here. Never give out your personal information online. I just want to post this to remind people not everything online is safe.

Possilbe DNS Redirect

According to a recent report by PCWorld, research teams working out of Google and the Georgia Institute of Technology have discovered a series of open-recursive DNS servers that were classified as behaving “suspiciously.” Open-recursive DNS servers are DNS servers that will answer any lookup request, no matter where it originates. So long as the DNS servers return accurate information—and the vast, vast, majority do—everything is kosher. When open DNS servers don’t return valid information, however, they open the door to an entire world of problems.

This method of poisoning would also allow for cross-site scripting exploits. If a user’s computer is set to allow all JavaScript and cookies from, say, MySpace, the fake MySpace web site would be able to run code as if it was the real web site. This opens the door to all sorts of further exploits and general bad things, all of which might go undetected by the user for quite some time. This type of attack could also be used to build an effective botnet—and more botnets are something we really don’t need.

[Via Arstechnica]

I am really concerned with this little development. Go read the full article and let me know what you think.

Core of “Windows 7″ taking shape: meet the “MinWin” kernel

Eric Traut, one of Microsoft’s chief operating system design engineers, gave a fascinating demo (WMV) recently at the University of Illinois, where he talked about where the Windows core is going and ended with a sneak peek at the kernel of the next version of Windows, known by the exciting codename of “Windows 7.” The demo showed what Windows would look like if it was literally stripped down to the core, showing the kind of work that is going on to optimize the aging NT kernel.

Traut runs a team of about 200 software engineers at Microsoft that is responsible for the core kernel scheduling, memory management, boot sequence, and virtualization technology such as Virtual PC and Virtual Server. The latter technologies are becoming more and more important as servers get more powerful and gain more and more CPU cores, and it was clear from the demonstration that Microsoft is placing significant effort into integrating virtual machine technology into everything that they do. The release of Virtual PC as a free download last year was just the beginning: Windows Server 2008 will ship with significant VM enhancements, and Windows 7 will only carry on from there.