Starting February 24, we will be releasing up to 5 test updates to PCs running the Windows 7 Beta (Build 7000) via Windows Update. These updates allow us to test and verify our ability to deliver and manage the updating of Windows 7. We typically verify servicing scenarios during a beta.

Windows 7 Beta users will be notified that new updates are available beginning February 24 through Windows Update. Even if the user has Windows Update configured for automatic update – these test updates will not install automatically. Users will need to manually install the test updates through Windows Update.

These updates do not deliver new features or bug fixes. The test updates simply replace system files with the same version of the file currently on the system.

For more information, please visit the Microsoft Update blog.

Again, thank you for helping test Windows 7. Your feedback is extremely valuable!

Evilgrade Exploit Toolkit infecting computers that update software online.

We can all agree that software updates are essential for keeping our computer safe and running to the best of its abilities right? What if the software update service was insecure to begin with, where do you go from there?

A malware kit called Evilgrade is currently attacking software update services rendering the update unsafe. According the ZDNet blog, the infection of the systems happen through a man-in-the-middle (DNS, DHCP and ARP spoofing) type of attack where it infects systems through the update process. This allows the attack to happen to a wide range of applications. Below is a list of product updates that may have been attacked.

1. DAP [Download Accelerator]
2. iTunes
3. Java plugin
4. Linkedin Toolbar
5. MacOS
6. notepad++
7. OpenOffices
8. speedbit
9. Winamp
10. Winzip

How would this happen to me?

If you ever use public Wi-Fi access and the DNS cache has been compromised and you choose to update your software then you risk becoming infected. From the reports that we have researched, this is only happening to the software update services listed above. Some reports have stated that Apple has updated their update service to ward off this type of attack. Other companies remain off of this list such as Microsoft due to them anticipating attacks such as these and allowing their updater to install binaries signed by Microsoft which proves to be a safer method for updating software.

Applying the patches and service packs issues by Microsoft Operating Systems are usually seen to be solutions to improve and safeguard Windows users but apparently there are issues surrounding the type of processor that is in use. If you use an Intel based processors, chances are you will not be having much trouble installing and rebooting your system. The real problem really exists when AMD processors are being used and much of this lies in the configuration.

Apparently, to be able to adhere towards the proper specifications, some tweaks have to be done to the main processor of AMD based units to accept the new add-ons and patches offered periodically. Normally, you will have issue after applying the updated patches and this becomes a cause for consideration on whether people should install the service packs or not.

Ideally, installing these patches is a good way to be able to safeguard your computer from threats around the web. But in some cases like this AMD issue, it would be best to be open to proper installation and compatibility issues. In short, as a user you should be able to research and find proper troubleshooting tips so that you can avoid messing up your current system rather than improving it.

There are several issues that can cause a Windows XP computer to not reboot properly after installing Service Pack 3. Most of them affect relatively specific configurations, and most appear to have relatively simple work-arounds. Please: do not do anything rash. I have seen a lot of reports of people who reformat and reinstall when they run into this problem, losing all their data in the process.

Source

Description: This critical security update resolves four privately reported vulnerabilities. The most serious security impact could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Update type: Critical

Release date: December 11, 2007

Applies to: All versions

Knowledge base: support.microsoft.com/kb/942615

Download link: 32-bit | 64-bit

Comments: The four vulnerabilities are:

• Uninitialized Memory Corruption Vulnerability - CVE-2007-3902
• Uninitialized Memory Corruption Vulnerability - CVE-2007-3903
• Uninitialized Memory Corruption Vulnerability - CVE-2007-5344
• DHTML Object Memory Corruption Vulnerability - CVE-2007-5347

Description: This critical security update resolves a privately reported vulnerability in Windows Media File Format. This vulnerability could allow remote code execution if a user viewed a specially crafted file in Windows Media Format Runtime. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Update type: Critical

Release date: December 11, 2007

Applies to: All versions

Knowledge base: support.microsoft.com/kb/941569

Download link: 32-bit | 64-bit

Comments:

Description: A security issue has been identified in ALPC that could allow an attacker to compromise your Windows-based system and gain control over it. This important security update resolves a privately reported vulnerability in the Windows kernel. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.

Update type: Important

Release date: December 11, 2007

Applies to: All versions

Knowledge base: support.microsoft.com/kb/943078

Download link: 32-bit | 64-bit

Comments: