Microsoft Enters 2006 with Yet Another Major Security Problem - 06 Jan 2006

Microsoft Enters 2006 with Yet Another Major Security Problem

For months now Microsoft executives have touted 2006 as a year of innovation with an unprecedented number of major product releases. But the new year is starting out on a decidedly low note as Microsoft struggles to overcome bad news about a security vulnerability that affects every single OS it's shipped in the past 10 years. In what is now a familiar situation the company is beset by yet another dangerous software vulnerability and its customers are right in the crosshairs.

Welcome to Microsoft's credibility problem. Late last week the company was confronted by news that a newly discovered vulnerability in the Windows Metafile Format (WMF) image file format a vulnerability that affects virtually every 32 bit Windows version ever made including fully patched Windows Server 2003 and Windows XP systems was both more serious than previously expected and already being exploited by malicious hackers. The software giant responded by saying that it would fix the problem by January 10, 2006 at the earliest, which is the date of its previously scheduled monthly security patch release for January. There's just one problem. This flaw is so serious that security experts now believe we can't wait that long.

On Sunday, security researchers at the SANS Institute Internet Storm Center warned that Windows users shouldn't wait for Microsoft's patch but instead install a third party patch that SANS evaluated over the weekend. To find out more about this patch and grab the free download see the SANS WMF FAQs.

I'm not sure I can recommend installing this patch, but consider this fact. You can be exploited by browsing the Web or even by simply downloading an infected email. It doesn't matter how up to date your antivirus solution is and it doesn't matter which browser you use, although Mozilla Firefox does offer a level of prompting that's not found in Microsoft Internet Explorer (IE).

Scared yet? You should be/ And it's just going to get worse as newer more dangerous attacks are launched in the week before Microsoft issues a patch. My guess is that this isn't the kind of New Year's Microsoft envisioned for Windows.

2006 CES Offers Nerdvana to Largest Crowd Ever

This week North America's largest trade show 2006 International Consumer Electronics Show (CES) kicks off in Las Vegas with over 200,000 attendees. Yes, CES is a mess and it's getting busier every year. And once again, I'll be there covering the show live each day Wednesday through Friday. I'm not sure whether to be excited or scared.

Did I mention that CES is huge? It encompasses a space equal to more than 28 football fields with room for over 2500 exhibitors. Computer companies such as Intel and Microsoft have always had a big presence at CES. But this year's show will be notable because of the new presence of Internet giants such as Yahoo and Google both of which will present their services alongside the eclectic array of car stereo, home theatre, video game, and consumer electronics companies that have always plied their wares at CES.

Intel will use CES to unveil its new consumer oriented marketing scheme which will see the launch of its new corporate logo, a Leap Ahead marketing slogan that will replace Intel. Inside new single core and dual core microprocessors and the Viiv Media Center PC platform, Sony will push Blu-ray, Microsoft will push its Media Center PCs, and Windows Vista Video and flat panel TVs will be everywhere. And companies such as Dell, Intel, Sony, Google, and Microsoft will provide executives for keynote addresses including the CES kickoff keynote from Bill Gates.

For me, CES is the culmination of months of phone calls and email messages from PR firms eager to get exposure for their clients. For the past few weeks I've weathered a blistering attack of dozens of phone calls each day and as CES gets closer and closer, I've marveled that these people are still trying. Even though CES is busy, loud, and huge, it will be a relief to get away from that ringing phone. Stay tuned. My live reports begin tomorrow afternoon.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.