MS10-015/KB977165 causing blue screens

Toldja so.

Microsoft confirms that “after installing the February security updates a limited number of users are experiencing issues restarting their computers”

SANS Internet Storm Center identifies the problem as a Blue Screen.

I’m hearing rumors that there’s much more to the story. Stay tuned. And for heaven’s sake, don’t install the February Black Tuesday patches, OK?

UPDATE: Looks like the Blue Screen happens on systems that are infected with a specific rootkit or other type of malware. When MS10-015 is applied, the infected systems suddenly fall over and play dead. Good details on Brian Krebs’ site.

Windows Genuine Advantage lawsuit fizzles out

Gregg Keizer at Computerworld reports that the lawsuit filed in the wake of Windows Genuine Advantage phone home discoveries has been dismissed.

Multiple lawsuits filed in July 2006 claimed that Microsoft mislead users by labeling the WGA software as a security update, and failed to tell customers that WGA collected information from their PCs, then frequently “phoned home” the data to Microsoft’s servers. The plaintiffs later combined their cases and asked the court to grant the joint lawsuit as a class-action.

Last month, the judge denied class action status. Last week the whole thing just fizzled out.

Oh well.

MS-DEFCON 2: Black Tuesday patches are out

And what a crop they are…

As expected, Microsoft has just released 13 Security Bulletins which plug 26 separately identified security holes in Windows and Office. The list is mind-numbing.

According to SANS Internet Storm Center, only one of the Security Bulletins has a known exploit. That Bulletin, MS10-015, covers a 17-year-old security hole in Windows that I described two weeks ago. I wouldn’t worry about it for the moment.

The MS Security Research & Defense page has details about potential attack vectors, and speculation about how soon the bad guys will be able to take advantage of the security holes.

Keep yer shirt on. Let’s see how things shake out. We remain at MS-DEFCON 2: Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don’t do it.

Windows 7 Battery issue – it ain’t the message, it’s the medium

I figured this was a non-event. Shows you what I know.

By now, no doubt, you’ve heard about the Windows 7 warning message “Consider replacing your battery. There is a problem with your battery, so your computer might shut down suddenly.” It’s a new message that didn’t exist in Vista, one that’s causing many people much angst. If you have a laptop running WinXP or Vista, and your battery’s been behaving properly, then you install Win7, and you suddenly get battery warning messages, you’re bound to think that Win7 has gone a bit bonkers.

I first saw the report on Ars Technica, which said that Microsoft was looking into the problem. I haven’t heard much about it – none of you have written to be about it – and figured it was another tempest in a teapot.

Kinda boring, actually.

Suddenly it isn’t boring any more. Why? Because Steve Sinofsky – the head Windows guy – posted a response to the allegations on the Windows 7 Engineering blog. That’s interesting.

This is very interesting: it’s the first post on the Win7 Engineering blog since August 10 – six months ago, long before Windows 7 shipped.

Is it possible that MS is going to use the E7 blog to keep up an ongoing dialog with its customer base?

If so, this is a great, new way to interact with us, keep us advised on the happenings inside the Windows team, in an official, reliable way. The E7 blog helped many of us understand the inner workings of Win7 during the development cycle. Maybe it’ll help while Win7′s out in the real world, too.

I hope it’s just the first post of many.

MS-DEFCON 2: Don’t patch and hold onto your hat

With 13 security bulletins and 26 separately-identified security holes, it’s going to be a wild month. Make sure you have Automatic Updates turned off. Let’s see what happens.

Hotmail “Reply” does not include the text of the incoming message

A friend of mine just wrote with an interesting problem:

I use Hotmail. Up until a week ago, when I forward, or reply, the original text in the incoming email shows up in the new email I’m about to write. Suddenly, last week, the text area on any email I wish to reply to, or forward, is blank! Any attachments are there, but no covering text.

Ends up that Roger hit a bug in Firefox 3.6. There’s a discussion about it on the Firefox support forum. Looks like you have three options: go back to version 3.5.7; use IE for your Hotmail; or wait for Mozilla to fix the bug.

13 Security Bulletins coming

Hooooooo-boy….

Microsoft just announced that it has 13 – count ‘em, a baker’s dozen – 13 Security Bulletins coming up on Tuesday.

They affect both Windows and Office.

Get yourself patched up right now, folks. Then make sure Automatic Updates is turned off, please. The PC you save may be your own…

Another Internet Explorer 0day

Microsoft has released Security Advisory 980088, which describes in sketchy terms another 0day vulnerability in Internet Explorer.

if a user is using a version of Internet Explorer that is not running in Protected Mode an attacker may be able to access files with an already known filename and location. These versions include .. Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on supported editions of Windows XP … Protected Mode prevents exploitation of this vulnerability and is running by default for versions of Internet Explorer on Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008.

The vulnerability exists due to content being forced to render incorrectly from local files in such a way that information can be exposed to malicious websites.

Microsoft is playing it close to the chest (as it should). No known attacks as yet. Makes me wonder how Microsoft found out about it.

Microsoft’s workaround? Basically, disable ActiveX. Of course, you’re using a browser that doesn’t work with ActiveX, right? Such as Firefox or Chrome. Gad. There I go with that broken record again…