May 08, 2007, 11:38 AM PDT
Microsoft fixes 19 flaws in seven patches; all are considered critical updates
Posted by: Robert Vamosi

Microsoft has released its May 2007 security bulletin, which includes seven updates: all are listed as "Critical." Two of the patches affect Microsoft Windows, with one critical patch specific to Internet Explorer. Three of the patches affect Microsoft Office, and include Office for Mac 2004 users. To keep your Windows XP SP1 system secure, update to Windows XP SP2 today. All Microsoft security patches for Windows and Office software are available via Microsoft Update or via the individual bulletins detailed below.

MS07-023: Critical

Entitled "Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (934233)," this bulletin affects users of Microsoft Office 2000 through 2007, plus Office 2004 for Mac, and addresses the vulnerabilities detailed in CVE-2007-0215, CVE-2007-1203, and CVE-2007-0214. Successful exploitation could lead to remote code execution.

MS07-024: Critical

Entitled "Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (934232)," this bulletin affects users of Microsoft Office 2000 through 2003, plus Office 2004 for Mac, but does not affect Office 2007. It addresses the vulnerabilities detailed in CVE-2007-0035, CVE-2007-0870, and 2CVE-007-1202. Successful exploitation could lead to remote code execution.

MS07-025: Critical

Entitled "Vulnerability in Microsoft Office Could Allow Remote Code Execution (934873)," this bulletin affects users of Microsoft Office 2000 through 2003, plus Office 2004 for Mac, but does not affect Office 2007. It addresses the vulnerability detailed in CVE-2007-1747. Successful exploitation could lead to remote code execution.

MS07-026: Critical

Entitled "Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (931832)," this bulletin affects users of Windows Exchange 2000, Exchange Server 2003, and Exchange Server 2007, and addresses the vulnerabilities detailed in CVE-2007-0220, CVE-2007-0039, CVE-2007-1213, and CVE-2007-0221. Successful exploitation could lead to remote code execution.

MS07-027: Critical

Entitled "Cumulative Security Update for Internet Explorer (931768)," this bulletin affects users of Windows 2000 through Vista and Internet Explorer versions 5.01 through 7, and addresses the vulnerabilities detailed in CVE-2007-0942, CVE-2007-0944, CVE-2007-0945, CVE-2007-0946, CVE-2007-0946, and CVE-2007-2221. Successful exploitation could lead to remote code execution.

MS07-028: Critical

Entitled "Vulnerability in CAPICOM Could Allow Remote Code Execution (931906)," this bulletin affects users of CAPICOM and BizTalk Server 2004, but does not affect BizTalk Server 2000, 2002, and 2006. It addresses the vulnerability detailed in CVE-2007-0940. Successful exploitation could lead to remote code execution.

MS07-029: Critical

Entitled "Vulnerability in Windows DNS RPC Interface Could Allow Remote Code Execution (935966)," this bulletin affects users of Windows Server 2000 and 2003, but does not affect Windows 2000, Windows XP (SP2), and Windows Vista. It addresses the vulnerability detailed in CVE-2007-1748. Successful exploitation could lead to remote code execution.

Permalink | 2 comments

• Read also: security, software, Microsoft, Office, Windows, Internet Explorer
• Email to a friend | Print this post

September 11, 2006, 3:28 PM PDT
Microsoft's new search, maps come to life
Posted by: Elsa Wenzel

Microsoft's new Windows Live search engine is officially driving the software giant's online services. Today, Windows Live Search begins to replace MSN Search, while the Live.com portal page and Windows Live Local's maps become final products. Google remains on top in the world of Internet search, but its assortment of Web-based products, such as the Writely word processor, lack the integration that Microsoft has built into its Windows Live collection.

And Windows Live Search attempts to add interface innovations that Google Search lacks. Along the right, a list of related searches, similar to those within Ask.com's layout, narrows down a query so that you can home in on, say, Turtle Island instead of Ninja Turtles. Along the top of the screen, Windows Live also links to lookups within Images, News, Local, QnA, and more. By visiting Live.com, you can start searching or sign in to build a personal portal that lets you subscribe to RSS feeds from within search results, and organize content within tabbed pages.

We like Live search's dynamic display of images. You can hover over thumbnails to read the dimensions and URL of origin. Don't think a result is relevant? Click a Feedback link to tell Microsoft so. Click an image, and you can view the Web page that it came from without leaving the window. On top of that, Live's Scratchpad lets you rename and save pictures to create your own collection--similar to the customization offered by Windows Live Local. If only we could scribble all over Web pages and save our notes.

Well, actually, Microsoft is attempting to allow just that with Windows Live Local. Redmond is planning to let you doodle on your maps with lines and shading, so that, say, you can mark up the secret route to a hidden hot springs, or a favorite dog-walking path. In addition to its business listings, Local will embrace white pages lookups so that you can find people, too. And close-up Bird's-Eye views are coming for 25 more cities, including Portland, San Diego, Phoenix, and El Paso. To see what we've tested so far, check out our 10 favorite Windows Live apps.

Permalink | 1 comment

• Read also: Web 2.0, software, Internet services, mapping, search
• Email to a friend | Print this post

June 12, 2006, 12:19 PM PDT
Yahoo Web mail worm considered a very low threat
Posted by: Robert Vamosi

Symantec issued a warning about a new worm that exploits a known Java-based vulnerability in Yahoo Mail. Yahoo Mail customers should be suspicious of e-mail sent from av3@yahoo.com, with the subject line "New Graphics site" with body text that reads "this is a test." Symantec warned on Monday that Yahoo customers need only open the message to read its content to become infected; no need to open any attached files. Once active, the worm spreads to all yahoo.com and yahoogroups.com e-mail addresses found on the victim's computer. Despite the potential for widespread damage, the worm is not spreading very quickly and is considered to be a very low threat. For more details on this worm, see Symantec's alert regarding JS.Yamanner@m.

Permalink | 9 comments

• Read also: Security, Internet services
• Email to a friend | Print this post

May 12, 2006, 9:20 AM PDT
Facing your e-mail
Posted by: Elsa Wenzel

Know how when you meet someone in person for the first time after e-mailing back and forth, they look different than you'd imagined? Google's plans to match your e-mail account with a face could put a stop to that. Expected within the next week, you'll be able to attach a photo to your Gmail account so that message recipients will spot your mug in their in-boxes. Google Pictures will let you display different pictures to different people and show when you're online. Instant- messaging apps have let users express themselves with GIFs, JPEGs, and animated avatars for years now, but this is a first for e-mail. Google's been announcing a bunch of tools this week that add social networking features to its many free services.

Permalink | 2 comments

• Read also: web 2.0, software, internet services
• Email to a friend | Print this post

May 10, 2006, 5:12 PM PDT
Google Desktop 4: you can take it with you
Posted by: Elsa Wenzel

Google announced an update to its controversial Desktop app today, along with several new online services. The latest beta download, Google Desktop 4, offers shortcuts to the sites and tools you use the most based on its interpretation of your online habits and hard drive contents. You can use your personalized Google Desktop on multiple PCs and also now synchronize Google Gadgets with more than computer.

Privacy critics worry that Google Desktop gets too personal. To use the most advanced features, you must permit Google to track every step you take on your computer. And users slammed the earlier Google Desktop 3 because it crashed so much. I, for one, uninstalled that version after two months of tinkering, because my work PC had become sluggish and froze daily. Sans Google Desktop, my machine was back to normal. We're curious to explore how the version 4 beta will behave; despite the frustrations, we found its predecessor handy at times.

Today, Mountain View also unwrapped Google Trends, which lets you see what's hot on the Web at a given moment. As with tools like BlogPulse, Trends charts the popularity of your search term among other Google users. It also lists regions where people sought the same query.

Due for public consumption next week, Google Notebook is designed to let you save snippets of search results. The new Google Co-Op enables people to tag, share, and customize their searches.

Permalink | 4 comments

• See product information for Google Desktop 4
• Read also: software, Internet services, Web 2.0
• Email to a friend | Print this post

April 07, 2006, 11:51 AM PDT
Address bar security hole within IE
Posted by: Robert Vamosi

Security vendor Secunia announced a new security hole within Internet Explorer, one that could help phishers find their marks. The flaw exists because of the way the browser loads Web pages and Macromedia Flash animation. Microsoft is studying the report and suggests disabling Active Script within Internet Explorer as a workaround. A new round of Microsoft Security Patches will be issued on Tuesday, April 11, 2006, with at least one security patch addressing cumulative fixes for Internet Explorer. To find out if your browser is vulnerable, Secunia has a test URL available. For more on this flaw, see Joris Evers' coverage on News.com.

Permalink | 1 comment

• Read also: security, software, Internet services
• Email to a friend | Print this post

April 07, 2006, 10:54 AM PDT
Google Toolbar 2 beta for Firefox
Posted by: Robert Vamosi

Today Google released a new Google Toolbar 2 beta for Firefox users. With search built into Firefox, you might wonder why it's necessary to have a toolbar, but often I want to search Google News or Google Images and not the default Google search engine; the new toolbar allows me to direct my search queries to those companion sites directly. The Google Toolbar 2 beta for Firefox includes AutoLink, AutoFill, WordTranslator, SpellCheck, PageRank Display, Highlight Search Terms, and Word Find Buttons, and it adds RSS subscriptions, plus a preview of a new Safe Browsing (antiphishing) feature. Another new feature automatically opens your Gmail accounts whenever you click mailto links within a given page. See this support page for details on the individual features.

Permalink | 1 comment

• Read also: security, software, Internet services
• Email to a friend | Print this post

March 08, 2006, 9:38 AM PST
Microsoft's new search and newsfeeds
Posted by: Elsa Wenzel

Lagging behind Google and Yahoo, MSN Search is the third-most-used Internet lookup tool. Microsoft hopes to catch up to its rivals, as it revamps and renames its search as Windows Live, dropping the MSN label. While MSN Search is still available, Microsoft plans to eventually merge and replace it with Windows Live. Public testing of the Windows Live beta becomes available at Live.com at 11 a.m. Pacific today. This set of tools adds image searching and allows you to build a sophisticated personal portal with RSS newsfeeds. Interface goodies include a nifty slider bar and scrolling, which aim to reduce the number of pages you click through when perusing search results. Check back soon today when we'll have a slide show highlighting the features.

Permalink | Post a comment

• Read also: Software, work, Computers, desktops, internet
• Email to a friend | Print this post

January 11, 2006, 3:39 PM PST
Google Video just not good
Posted by: Tom Merritt

So after its stealth launch yesterday, I decided to give Google Video a whirl. I was especially heartened by the news that Google Video would work with iPod. Everyone has been trashing the Google Video interface because it's not pretty, but I was OK with it. The drop-down menu got me where I needed to go: Deep Space Nine videos.

However, the interface failed me when I got to the list of available DS9 videos: all it listed were the titles of the episodes and the title screen, which is the same for every episode. It gave me no information on what season an episode was from or what episode number within that season it was. I'm a fan, but I don't have all the titles memorized. There's also no description of the episodes. So I picked a nice-looking title at random. Once I clicked on the name, I got a bit more info about the episode, but not much.

So I clicked the button to buy the episode, and it prompted me for my Google login. I gave it, and it promoted me for my login again. Three times it did this until I started to doubt I had my password right. I tried a different password, and it told me the password was wrong. I even logged out of Gmail and back in to make sure I had the right password. I went back and tried two more times, and finally, it worked. I got a Confirm Download button with the information that this video would work only in Windows XP and would require an Internet connection to watch. Wait. What about the iPod? I went ahead and spent the two bucks to see what would happen. It started downloading the Google Video player, which I thought I already had, and then went about playing the video.

Since I wanted to see if I could move the file onto my iPod anyway, I clicked a link to manually download the video without downloading the player. It did so in 2 seconds, hardly enough time to download a 45-minute episode. I went into the Google Help screens and found that next to the download button, it's supposed to give you a drop-down menu of the available format options, one of which would be iPod video. Deep Space Nine had no options. In fact, it had no drop-down menu. And even if there were one, you wouldn't get that drop-down menu until after you've paid for the video. So I guess I should have read the tea leaves of "require Internet connectivity" to mean, "no iPod version available." But it would have been nice to spell it out.

I looked through other options, such as Charlie Rose interviews, old I Love Lucy episodes, the Twilight Zone, and more to see if I could find one that mentioned iPod video, but none of them did--at least not before you've paid. I wasn't willing to keep on droppin' Hamiltons to find out. I did find a free video from The Screen Savers TV show back in 2000 that gave me an iPod video option with the download. So at least it's not a total lie.

In the meantime, I'll stick with iTunes for paying for video content. It's the same price, and believe it or not, Apple, of all things, gives me more flexibility with my content than Google. This is the first crack in Google's once very shiny armour. I hope the company fixes it soon. And CBS? You might want to strike a deal elsewhere just to hedge your bets.

Permalink | 1 comment

• Read also: Internet Services
• Email to a friend | Print this post

December 19, 2005, 8:26 AM PST
Google launches Gmail Mobile
Posted by: Allen Fear

It's only been a few weeks since the release of a mobile version of Google Local. Now, Google has launched a version of Gmail for cell phones called Gmail Mobile. The new service automatically resizes the Gmail interface for handsets and lets you send and receive e-mail from your cell phone. Gmail Mobile is free, and it's capable of handling file attachments, such as photos. According to Google, Gmail Mobile will work on most cell phones and other handheld devices that are equipped with a wireless data plan. You can view a list of compatible phones on Google's Web site.

Permalink | 4 comments

• Read also: Internet services
• Email to a friend | Print this post