Microsoft sets emergency Windows patch for Monday

As exploits of the shortcut bug climb, company commits to ‘out-of-band’ update
By Gregg Keizer

Computerworld – Microsoft today said it will issue an emergency patch for the critical Windows shortcut bug on Monday, Aug. 2.

The company said that it is satisfied with the quality of the “out-of-band” update — Microsoft’s term for a patch that falls outside the usual monthly delivery schedule — but also acknowledged that it has tracked an upswing in attacks.

“In the past few days, we’ve seen an increase in attempts to exploit the vulnerability,” Christopher Budd, a spokesman for the Microsoft Security Response Center, said in a entry on the team’s blog. “We firmly believe that releasing the update out of band is the best thing to do to help protect our customers.”

Budd said that Microsoft would release the patch on Monday at approximately 1 p.m. Eastern.

Two weeks ago, Microsoft confirmed a flaw in how Windows parses shortcut files, the small files displayed by icons on the desktop, on the toolbar and in the Start menu that launch applications and documents when clicked. By crafting malicious shortcuts, hackers could automatically execute malware whenever a user viewed the shortcut or the contents of a folder containing the malevolent shortcut.

The bug was first described in mid-June by VirusBlokAda, a little-known security firm based in Belarus, but attracted widespread attention only after security blogger Brian Krebs reported on it July 15. A day later, Microsoft admitted that attackers were already exploiting the flaw using the “Stuxnet” worm, which targets Windows PCs that manage large-scale industrial-control systems in manufacturing and utility firms.

Exploit code has been widely distributed on the Internet, and Microsoft and others have spotted several attack campaigns based on the bug.

One of those campaigns apparently tipped the scales toward an early patch.

The Microsoft group responsible for crafting malware signatures to defend customers using the company’s antivirus products, including the free Security Essentials software, said that an especially nasty malware family had added exploits of the unpatched shortcut flaw to its arsenal.

“Sality is a highly virulent strain … known to infect other files, making full removal after infection challenging, copy itself to removable media, disable security, and then download other malware,” wrote Holly Stewart of the Microsoft Malware Protection Center, on the group’s blog Friday. “It is also a very large family — one of the most prevalent families this year. ”

Sality’s inclusion of the shortcut exploit quickly drove up the number of PCs that have faced attack. “After the inclusion of the [shortcut] vector, the numbers of machines seeing attack attempts combining malicious [shortcuts] and Sality.AT soon surpassed the numbers we saw with Stuxnet,” said Stewart.

“We know that it is only a matter of time before more families pick up the technique,” she added.

Other security researchers had spotted Sality exploiting the shortcut bug earlier this week. On Tuesday, Trend Micro reported that the shortcut vector was being used not only by Sality, but also by other malware clans, such as the Zeus botnet-building Trojan.


As exploits of the shortcut bug climb, company commits to ‘out-of-band’ update

By Gregg Keizer

Computerworld – Microsoft today said it will issue an emergency patch for the critical Windows shortcut bug on Monday, Aug. 2.

The company said that it is satisfied with the quality of the “out-of-band” update — Microsoft’s term for a patch that falls outside the usual monthly delivery schedule — but also acknowledged that it has tracked an upswing in attacks.

“In the past few days, we’ve seen an increase in attempts to exploit the vulnerability,” Christopher Budd, a spokesman for the Microsoft Security Response Center, said in a entry on the team’s blog. “We firmly believe that releasing the update out of band is the best thing to do to help protect our customers.”

Budd said that Microsoft would release the patch on Monday at approximately 1 p.m. Eastern.

Two weeks ago, Microsoft confirmed a flaw in how Windows parses shortcut files, the small files displayed by icons on the desktop, on the toolbar and in the Start menu that launch applications and documents when clicked. By crafting malicious shortcuts, hackers could automatically execute malware whenever a user viewed the shortcut or the contents of a folder containing the malevolent shortcut.

The bug was first described in mid-June by VirusBlokAda, a little-known security firm based in Belarus, but attracted widespread attention only after security blogger Brian Krebs reported on it July 15. A day later, Microsoft admitted that attackers were already exploiting the flaw using the “Stuxnet” worm, which targets Windows PCs that manage large-scale industrial-control systems in manufacturing and utility firms.

Exploit code has been widely distributed on the Internet, and Microsoft and others have spotted several attack campaigns based on the bug.

One of those campaigns apparently tipped the scales toward an early patch.

The Microsoft group responsible for crafting malware signatures to defend customers using the company’s antivirus products, including the free Security Essentials software, said that an especially nasty malware family had added exploits of the unpatched shortcut flaw to its arsenal.

“Sality is a highly virulent strain … known to infect other files, making full removal after infection challenging, copy itself to removable media, disable security, and then download other malware,” wrote Holly Stewart of the Microsoft Malware Protection Center, on the group’s blog Friday. “It is also a very large family — one of the most prevalent families this year. ”

Sality’s inclusion of the shortcut exploit quickly drove up the number of PCs that have faced attack. “After the inclusion of the [shortcut] vector, the numbers of machines seeing attack attempts combining malicious [shortcuts] and Sality.AT soon surpassed the numbers we saw with Stuxnet,” said Stewart.

“We know that it is only a matter of time before more families pick up the technique,” she added.

Other security researchers had spotted Sality exploiting the shortcut bug earlier this week. On Tuesday, Trend Micro reported that the shortcut vector was being used not only by Sality, but also by other malware clans, such as the Zeus botnet-building Trojan. Leer más “Microsoft sets emergency Windows patch for Monday”

Microsoft Warns Webmasters: You Might Be Dropped From New Search Formats


Written by Mike Melanson
Both Microsoft and Yahoo have announced that the two companies have begun testing the partnership originally inked a year ago, which will bring Bing search results to Yahoo.

The testing is currently affecting a quarter of Yahoo’s search traffic and, while not site-wide, Microsoft is warning on its blog that webmasters should be diligent in making sure that their sites are showing up in search results correctly, lest they be left behind. To that end, Microsoft is releasing a completely redesigned version of its Bing Webmaster Tools. Leer más “Microsoft Warns Webmasters: You Might Be Dropped From New Search Formats”

América Latina es la región con mayor crecimiento en uso de internet

IAB Chile y comScore han dado a conocer los resultados del State of Internet, estudio anual sobre la situación de internet en Latinoamérica. La medición, realizada a través del panel global de comScore, que incluye a dos millones de habitantes en más de 170 países durante 2009, arrojó cifras respecto de visitas Web, demografía de los visitantes, comportamiento de las audiencias, estado de la publicidad online y consumo de medios, entre otros factores.

América Latina -con un 23%- fue la región de mayor crecimiento en el uso de internet durante el año pasado. Pese a esto, representó sólo un 8% de la audiencia global. Por su parte, Chile, con un crecimiento del 16%, fue el país de menor aumento porcentual en la región, que estuvo encabezada por Colombia (36%) y Argentina (28%).

En cuanto al tiempo de consumo online, Chile se ubicó en el antepenúltimo lugar, con 22,4 horas mensuales de uso. Quienes lideran este ítem son Brasil y México, con 26,4 y 25,7 horas respectivamente. El factor más determinante, en esta área es la disponibilidad y penetración de banda ancha. Por otra parte, las mediciones indican que la mayoría de las audiencias prefiere consumir contenidos en su lenguaje nativo.


IAB Chile y comScore han dado a conocer los resultados del State of Internet, estudio anual sobre la situación de internet en Latinoamérica. La medición, realizada a través del panel global de comScore, que incluye a dos millones de habitantes en más de 170 países durante 2009, arrojó cifras respecto de visitas Web, demografía de los visitantes, comportamiento de las audiencias, estado de la publicidad online y consumo de medios, entre otros factores.

América Latina -con un 23%- fue la región de mayor crecimiento en el uso de internet durante el año pasado. Pese a esto, representó sólo un 8% de la audiencia global. Por su parte, Chile, con un crecimiento del 16%, fue el país de menor aumento porcentual en la región, que estuvo encabezada por Colombia (36%) y Argentina (28%).

En cuanto al tiempo de consumo online, Chile se ubicó en el antepenúltimo lugar, con 22,4 horas mensuales de uso. Quienes lideran este ítem son Brasil y México, con 26,4 y 25,7 horas respectivamente. El factor más determinante, en esta área es la disponibilidad y penetración de banda ancha. Por otra parte, las mediciones indican que la mayoría de las audiencias prefiere consumir contenidos en su lenguaje nativo. Leer más “América Latina es la región con mayor crecimiento en uso de internet”

MetroTwit, nuevo cliente de twitter para Windows


Por @marcosesperon

metrotwit MetroTwit, nuevo cliente de twitter para WindowsExisten multitud de clientes de twitter para instalar en nuestros equipos y gestionar de forma más sencilla nuestra cuenta de microblogging. Estos clientes nos permiten revisar las actualizaciones de nuestros amigos de una forma más cómoda, con accesos directos a las funciones más comunes y en ocasiones con la posibilidad de gestionar varias cuentas simultaneas. Leer más “MetroTwit, nuevo cliente de twitter para Windows”

Google prohibe el uso de Windows en su entorno

Según podemos leer el el Financial Times algunos empleados de Google han informado que la compañía acaba de prohibir el uso del sistema operativo Windows en todos los equipos su entorno corporativo salvo autorización expresa del CIO.

La razón de este movimiento es obtener una mayor seguridad en su sistema y, tras los incidentes del pasado enero en China que fueron identificados como ataques procedentes del gobierno de ese país realizados a través de sistemas Windows comprometidos, Google ha optado por eliminar drásticamente el problema migrando sus equipos a otros sistemas.

Los empleados tendrán la opción de migrar sus equipos a sistemas Mac OS X o GNU/Linux a su elección, a los que se unirá el futuro Chrome OS en cuanto esté disponible. Aunque Windows 7 ha incrementado notablemente la seguridad en el sistema operativo todavía existen agujeros muy enraizados al núcleo del sistema difíciles de corregir que, junto a su elevada cuota de mercado, lo convierten en la plataforma objeto de más ataques recibe en todo el mundo.

Comprometer la seguridad de los equipos de Google no solo afectaría a la empresa sino que se accedería a información privilegiada de los usuarios que utilizamos los servicios del gigante de internet.


Por @marcosesperon

google prohibe windows Google prohibe el uso de Windows en su  entornoSegún podemos leer el el Financial Times algunos empleados de Google han informado que la compañía acaba de prohibir el uso del sistema operativo Windows en todos los equipos su entorno corporativo salvo autorización expresa del CIO.

La razón de este movimiento es obtener una mayor seguridad en su sistema y, tras los incidentes del pasado enero en China que fueron identificados como ataques procedentes del gobierno de ese país realizados a través de sistemas Windows comprometidos, Google ha optado por eliminar drásticamente el problema migrando sus equipos a otros sistemas.

Los empleados tendrán la opción de migrar sus equipos a sistemas Mac OS X o GNU/Linux a su elección, a los que se unirá el futuro Chrome OS en cuanto esté disponible. Aunque Windows 7 ha incrementado notablemente la seguridad en el sistema operativo todavía existen agujeros muy enraizados al núcleo del sistema difíciles de corregir que, junto a su elevada cuota de mercado, lo convierten en la plataforma objeto de más ataques recibe en todo el mundo.

Comprometer la seguridad de los equipos de Google no solo afectaría a la empresa sino que se accedería a información privilegiada de los usuarios que utilizamos los servicios del gigante de internet. Leer más “Google prohibe el uso de Windows en su entorno”

Simple Solutions to Common Windows Problems


Microsoft  WindowsLearn about some free software utilities that will help you fix the most common Windows problems. They are all compatible with Windows XP, Vista and Windows 7.

Fix Windows Problems with Free Tools

Q1. I am trying to delete a file from my desktop but the computer won’t let me do that. Instead, it throws me an error message saying that the file /folder is in use by another program or user. Leer más “Simple Solutions to Common Windows Problems”

The Apple & Microsoft Brand Strategies – What Do You Think?

Yesterday, Apple’s market capitalization eclipsed that of Microsoft. Their rivalry has fascinated me since I was old enough to geek. Apple has always been about control of the experience. Microsoft in its hey-day about control of the industry. Things they are a changing. So what about their brand brand strategies?

Brand Positioning: Microsoft
The Microsoft brand position has always been that of Number One – The market leader. This is a brand position that works for pathetic reasons. People want buy safe so buying from #1 seems like the safe choice. But Microsoft never channeled this dominance into a concrete brand position. They drank too much of their own cool aid and believed their solutions were more competitive than they really were. Being big has led them to being a big mush of meaning, being so many types of software, hardware, services, and systems they have no brand focus. What we here at Distility refer to as “over-branding”. As their dominance has waned, their brand position has deflated to the pathetic “I’m a PC” campaign.

Yes, their are some exceptions like the X-Box, but I’d argue that they essentially created a Masterbrand with X-Box, with “Microsoft” being treated as a lesser endorser brand. There’s a future in that.

What lies ahead for Microsoft as they succumb to second place? I see the Microsoft brand moving to the background so more focused brands like Zune, X-Box, and Windows can be accurately positioned vis-a-vis the competition.

Brand Positioning: Apple
My first Apple was the Mac 512/800. It was the easiest computer I’d ever used. That’s what made it different back then. Every Apple product I’ve used since then has maintained that dramatic difference. Steve Jobs knows the integral role that design can lead in brand differentiation. While they couldn’t be market leaders like Microsoft, Apple became the thought leaders with ease of use their weapon of choice. The “I’m a PC/Mac” campaign was the ultimate expression of that brand position.

Positioning is all about being positioned relative to a competitor, so what happens as the competition gets easy to use? Can Apple sustain this position indefinitely?


Microsoft's Birthday card to Apple on its 30th...
Image by Brajeshwar via Flickr

Yesterday, Apple‘s market capitalization eclipsed that of Microsoft. Their rivalry has fascinated me since I was old enough to geek. Apple has always been about control of the experience. Microsoft in its hey-day about control of the industry. Things they are a changing. So what about their brand brand strategies?

Brand Positioning: Microsoft
The Microsoft brand position has always been that of Number One – The market leader. This is a brand position that works for pathetic reasons. People want buy safe so buying from #1 seems like the safe choice. But Microsoft never channeled this dominance into a concrete brand position. They drank too much of their own cool aid and believed their solutions were more competitive than they really were. Being big has led them to being a big mush of meaning, being so many types of software, hardware, services, and systems they have no brand focus. What we here at Distility refer to as “over-branding”. As their dominance has waned, their brand position has deflated to the pathetic “I’m a PC” campaign.

Yes, their are some exceptions like the X-Box, but I’d argue that they essentially created a Masterbrand with X-Box, with “Microsoft” being treated as a lesser endorser brand. There’s a future in that.

What lies ahead for Microsoft as they succumb to second place? I see the Microsoft brand moving to the background so more focused brands like Zune, X-Box, and Windows can be accurately positioned vis-a-vis the competition.

Brand Positioning: Apple
My first Apple was the Mac 512/800. It was the easiest computer I’d ever used. That’s what made it different back then. Every Apple product I’ve used since then has maintained that dramatic difference. Steve Jobs knows the integral role that design can lead in brand differentiation. While they couldn’t be market leaders like Microsoft, Apple became the thought leaders with ease of use their weapon of choice. The “I’m a PC/Mac” campaign was the ultimate expression of that brand position.

Positioning is all about being positioned relative to a competitor, so what happens as the competition gets easy to use? Can Apple  sustain this position indefinitely?
Leer más “The Apple & Microsoft Brand Strategies – What Do You Think?”