Countdown begins Windows XP to die in 1000 days

Countdown begins: Windows XP to die in 1000 days

Finally, the count down begins for Windows XP. The software giant Microsoft said that it will stop support for Windows XP, the world's most popular operating system, after three years.

Microsoft began countdown to the end for Windows X on Monday, Jul 11 and will be end on 1000th day. The company also said that it will not any kind of support to the old operating system. Microsoft is aiming to boost the sale of Windows 7, the latest version.

"Windows XP had an amazing run and millions of PC users are grateful for it. But it’s time to move on," said Stephen Rose, Microsoft’s senior community manager. "Two reasons: 1- Extended support for Windows XP is running out in less than 1,000 days, and 2- there’s an OS out there that’s much better than Windows XP."

The countdown will end on 2014 and there after Windows XP users will nt get any kind of support or patches from Microsoft. If these users want any support, they would have to upgrade to Windows 7.

On April 8, 2014, security patches and hotfixes for all versions of Windows XP will no longer be available. So bottom line, PC’s running Windows XP will be vulnerable to security threats.

"Many third party software providers are not planning to extend support for their applications running on Windows XP, which translates to even more complexity, security risks, and ultimately, added management costs for your IT department if you’re still managing Windows XP environments," Stephen Rose added.

Meanwhile, Microsoft is planning to launch the next generation operating system, Windows 8, in 2012. The company recently demoed the Windows 8 prototype on a tablet computer and a laptop at the D9 Conference. The exciting feature on Windows 8 is its 'touch interface' that features tile-based Start screen

IE9 exploit puts Windows 7 SP1 at risk

A new exploit for IE9 bypasses all security measures in even the latest fully patched version of Windows 7, according to a French security company Vupen.
The exploit uses an unpatched zero-day vulnerability in Internet Explorer 9 and bypasses all the extra security measures of Windows 7. The latest version of Microsoft's operating system, fully up-to-date with service pack 1 (SP1), is vulnerable. The security hole was reported by the French security company Vupen, that previously discovered an IE8 vulnerability in December of last year.(MS11)

Vupen classifies the exploit for IE9 as reliable, which means it's an effective way for cyber attackers to run malicious code of their choosing on Windows 7 PCs. The exploit manages to break through Windows' additional security layers, such as ASLR, DEP and the sandbox (Protected Mode) in IE9.
"The exploit uses two distinct vulnerabilities. The first one allows execution of arbitrary code within the IE9 sandbox. The second one allows the bypass of the sandbox to achieve full code execution," Vupen's CEO Chaouki Bekra told Dutch IDG news site Webwereld.
The risk of this exploit so far is limited: exploit code has not been spotted in the wild. The vulnerabilities were discovered by researchers from Vupen, who made their own exploit. "We confirmed the exploitability of the vulnerability and we created a code execution exploit which works with Internet Explorer 9 on Windows 7 and Windows 7 SP1," Bekra said.
Bekra stressed that the vulnerabilities have not been publicly disclosed. "Access to our code and to the in-depth analysis of the vulnerability is restricted to our government customers who use the information to protect their critical infrastructures," he said.
IE9 is not much in use by governments or even companies. However, the vulnerability is not limited to the latest version of Microsoft's browser. The security hole is also present in IE8, 7 and 6, for which Vupen has not made a working exploit.
"The flaw affects Internet Explorer 9, 8, 7, and 6, and results from a use-after-free error within the 'mshtml.dll' library when processing a specific combination of HTML and JavaScript code." Vupen advises all IE users to disable JavaScript or use another Web browser which is not affected by the vulnerability.
Vupen's exploit code is only effective on IE9, which can run on Windows 7 and predecessor Windows Vista. IE9 has recently been released and is not yet being distributed through Windows Update. Microsoft will start that rollout in the coming weeks. An exact date for the wider distribution and installation of the latest Windows browser has not been disclosed.
IE9 currently has a market share of 3.6 percent amongst Windows 7 users, according to figures from market researcher NetApplications. Windows 7 itself has a global market share of nearly 25 percent. Windows XP still has a larger installed base.
Measured across all PC users IE9 has a market share of only 1.04 percent, reports NetApplications. Competitor StatCounter doesn't even show IE9 as a separate browser in its market share overview, but puts it in the category "other."

IE9 exploit puts Windows 7 SP1 at risk

A new exploit for IE9 bypasses all security measures in even the latest fully patched version of Windows 7, according to a French security company Vupen.
The exploit uses an unpatched zero-day vulnerability in Internet Explorer 9 and bypasses all the extra security measures of Windows 7. The latest version of Microsoft's operating system, fully up-to-date with service pack 1 (SP1), is vulnerable. The security hole was reported by the French security company Vupen, that previously discovered an IE8 vulnerability in December of last year.(MS11)

Vupen classifies the exploit for IE9 as reliable, which means it's an effective way for cyber attackers to run malicious code of their choosing on Windows 7 PCs. The exploit manages to break through Windows' additional security layers, such as ASLR, DEP and the sandbox (Protected Mode) in IE9.
"The exploit uses two distinct vulnerabilities. The first one allows execution of arbitrary code within the IE9 sandbox. The second one allows the bypass of the sandbox to achieve full code execution," Vupen's CEO Chaouki Bekra told Dutch IDG news site Webwereld.
The risk of this exploit so far is limited: exploit code has not been spotted in the wild. The vulnerabilities were discovered by researchers from Vupen, who made their own exploit. "We confirmed the exploitability of the vulnerability and we created a code execution exploit which works with Internet Explorer 9 on Windows 7 and Windows 7 SP1," Bekra said.
Bekra stressed that the vulnerabilities have not been publicly disclosed. "Access to our code and to the in-depth analysis of the vulnerability is restricted to our government customers who use the information to protect their critical infrastructures," he said.
IE9 is not much in use by governments or even companies. However, the vulnerability is not limited to the latest version of Microsoft's browser. The security hole is also present in IE8, 7 and 6, for which Vupen has not made a working exploit.
"The flaw affects Internet Explorer 9, 8, 7, and 6, and results from a use-after-free error within the 'mshtml.dll' library when processing a specific combination of HTML and JavaScript code." Vupen advises all IE users to disable JavaScript or use another Web browser which is not affected by the vulnerability.
Vupen's exploit code is only effective on IE9, which can run on Windows 7 and predecessor Windows Vista. IE9 has recently been released and is not yet being distributed through Windows Update. Microsoft will start that rollout in the coming weeks. An exact date for the wider distribution and installation of the latest Windows browser has not been disclosed.
IE9 currently has a market share of 3.6 percent amongst Windows 7 users, according to figures from market researcher NetApplications. Windows 7 itself has a global market share of nearly 25 percent. Windows XP still has a larger installed base.
Measured across all PC users IE9 has a market share of only 1.04 percent, reports NetApplications. Competitor StatCounter doesn't even show IE9 as a separate browser in its market share overview, but puts it in the category "other."

Microsoft Security Essentials

Brief Description


Microsoft Security Essentials provides real-time protection for your home or small business PC that guards against viruses, spyware, and other malicious software.

Overview

Microsoft Security Essentials is a free* download from Microsoft that is simple to install, easy to use, and always kept up-to-date so you can be assured your PC is protected by the latest technology.

Microsoft Security Essentials runs quietly and efficiently in the background so you’re free to use your Windows-based PC the way you want—without interruptions or long computer wait times.

Before installing Microsoft Security Essentials, we recommend that you uninstall other antivirus software already running on your PC. Running more than one antivirus program at the same time can potentially cause conflicts that affect PC performance.

*Your PC must run genuine Windows to install Microsoft Security Essential


DOWNLOAD for 64 bit

for 32 bit

Microsoft Security Essentials

Brief Description


Microsoft Security Essentials provides real-time protection for your home or small business PC that guards against viruses, spyware, and other malicious software.

Overview

Microsoft Security Essentials is a free* download from Microsoft that is simple to install, easy to use, and always kept up-to-date so you can be assured your PC is protected by the latest technology.

Microsoft Security Essentials runs quietly and efficiently in the background so you’re free to use your Windows-based PC the way you want—without interruptions or long computer wait times.

Before installing Microsoft Security Essentials, we recommend that you uninstall other antivirus software already running on your PC. Running more than one antivirus program at the same time can potentially cause conflicts that affect PC performance.

*Your PC must run genuine Windows to install Microsoft Security Essential


DOWNLOAD for 64 bit

for 32 bit

MHTML EXPLOIT LATEST MICROSOFT BUG :P

Latest microsoft MHTML exploit is in fashion for hackers ;)

Microsoft is investigating new public reports of vulnerability in all supported editions of Microsoft Windows. The vulnerability could allow an attacker to cause a victim to run malicious scripts when visiting various Web sites, resulting in information disclosure. This impact is similar to server-side cross-site scripting (XSS) vulnerabilities.

MHTML, or Mime HTML, is a standard that allows web objects such as images to be combined with HTML into a single file. The vulnerability lies in how MHTML interprets Multipurpose Internet Mail Extensions (Mime) for content blocks in a document.

On a Blog post Friday afternoon Google Security Team members said “We’ve noticed some highly targeted and apparently politically motivated attacks against our users. We believe activists may have been a specific target. We’ve also seen attacks against users of another popular social site.”

Now we are finding that Microsoft and Google are working to create a fix on the server side so it can reduce the risk of MHTML Vulnerability, while you can check your machine to determine if you are vulnerable by using the test scenario previously posted by Microsoft.

As a workaround user can also disable ActiveX, but this would affect web applications including banking and e-commerce sites that use ActiveX to provide online services.

 May be a sad news for normal users but :D you know what i mean to say enjoy the exploit guys its not patched yet :P

MHTML EXPLOIT LATEST MICROSOFT BUG :P

Latest microsoft MHTML exploit is in fashion for hackers ;)

Microsoft is investigating new public reports of vulnerability in all supported editions of Microsoft Windows. The vulnerability could allow an attacker to cause a victim to run malicious scripts when visiting various Web sites, resulting in information disclosure. This impact is similar to server-side cross-site scripting (XSS) vulnerabilities.

MHTML, or Mime HTML, is a standard that allows web objects such as images to be combined with HTML into a single file. The vulnerability lies in how MHTML interprets Multipurpose Internet Mail Extensions (Mime) for content blocks in a document.

On a Blog post Friday afternoon Google Security Team members said “We’ve noticed some highly targeted and apparently politically motivated attacks against our users. We believe activists may have been a specific target. We’ve also seen attacks against users of another popular social site.”

Now we are finding that Microsoft and Google are working to create a fix on the server side so it can reduce the risk of MHTML Vulnerability, while you can check your machine to determine if you are vulnerable by using the test scenario previously posted by Microsoft.

As a workaround user can also disable ActiveX, but this would affect web applications including banking and e-commerce sites that use ActiveX to provide online services.

 May be a sad news for normal users but :D you know what i mean to say enjoy the exploit guys its not patched yet :P