Etc: Microsoft is readying Microsoft Office for the back-to-school season with an Interactive Classroom add-in, a Mathematics add-in, 20 education templates, and teacher how-to materials for OneNote and Office Web Apps.

Microsoft is readying Microsoft Office for the back-to-school season with an Interactive Classroom add-in, a Mathematics add-in, 20 education templates, and teacher how-to materials for OneNote and Office Web Apps.

Read More: The Microsoft Office Blog

Read the comments on this post

Patch Tuesday: Microsoft’s most security bulletins ever!

According to the Microsoft Security Response Center, Microsoft will issue 14 Security Bulletins addressing 34 vulnerabilities on Tuesday. It will also host a webcast to address customer questions the following day.

Eight of the vulnerabilities are rated "Critical" and six are marked "Important." All of the Critical vulnerabilities earned their rating through a Remote Code Execution impact, meaning a hacker could potentially gain control of an infected machine. At least seven of the 14 patches will require (yeah!) a restart.

The list of affected operating systems includes all supported versions of Windows; almost all supported Microsoft Office suites are also vulnerable, including Office 2004 for Mac and Office 2008 for Mac. Those who have upgraded to Microsoft Office 2010 may breathe easy. Silverlight 2 and Silverlight 3 are also on the list, but the latest version, Silverlight 4, is not.

Compared to last month's minor Patch Tuesday, this one is massive. In fact, this is the most bulletins Microsoft has ever released in one month. 

This month's Patch Tuesday does not include a fix for the Windows Shortcut flaw because Microsoft released an out-of-band patch for that one earlier this week.

Along with these patches, Microsoft is also planning to release the following on Patch Tuesday:

• One or more nonsecurity, high-priority updates on Windows Update (WU) and Windows Server Update Services (WSUS)
• One or more nonsecurity, high-priority updates on Microsoft Update (MU) and WSUS
• An updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Microsoft Download Center

This information is subject to change; Microsoft has been known to rush patches or to pull them as it deems necessary.

Read the comments on this post

Etc: The first cumulative update for the SharePoint 2010 product family has been released as six individual packages.

The first cumulative update for the SharePoint 2010 product family has been released as six individual packages.

Read More: Stefan Goßner

Read the comments on this post

Microsoft gives Adobe Reader a Protected Mode

Microsoft has been helping Adobe develop a sandbox similar to the Protected View in Office 2010. Adobe Reader Protected Mode, a sandboxing technology based on Microsoft's Practical Windows Sandboxing technique, is a new mitigation feature scheduled for the next major version release of Adobe Reader. In addition to working with the Microsoft Office security team, Adobe also learned from the Google Chrome team as well as third-party consultancies and other external groups that have sandboxing knowledge and experience.

Adobe Reader Protected Mode will be enabled by default and will ensure that all operations required to display a PDF file to the user are run in a restricted manner inside a sandbox. Actions not permitted in the sandboxed environment, such as writing to the user's temporary folder or launching an attachment inside a PDF file using an external application, are funneled through a "broker process," which has a strict set of policies for what is allowed and what is not. This first release will sandbox all "write" calls, mitigating the risk of exploits that seek to install malware on Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7. In future releases of Adobe Reader, the company hopes to extend the sandbox to include read-only activities to protect against attackers seeking to read sensitive information from the user's computer.

Adobe's products are almost as ubiquitous as Microsoft's, and since Microsoft has been taking security much more seriously ever since Windows XP SP2, it made sense for cybercriminals to target software which had so many vulnerabilities waiting to be discovered. Last year, Adobe Reader took the crown away from Microsoft Office as the software with the most vulnerabilities. Brad Arkin, Senior Director of Product Security & Privacy for Adobe Systems, announced in May 2009 that a major Adobe Reader and Acrobat security initiative was underway: code hardening, incident response process improvements, and a shift to a regular security update schedule.

Microsoft's and Adobe's products compete on many fronts, but it makes sense for Redmond to help its partners in the area of security. The sandboxing approaches that Microsoft has pioneered in Office, including the sandbox for its search subsystem, the MOICE sandbox, and Protected View, are there to improve the overall state of security on Windows. The progress in security made by the Office team can thus be extended to other third-party applications for Windows, protecting the customers that Microsoft has in common with its partners.

Read the comments on this post

Next Page »