 |
The seriousness of the drive-by security flaw in animated cursor handling in all recent Windows versions that was revealed last week prompted Microsoft to today release an “out-of-band” patch instead of waiting until the regular Patch Tuesday next week. The patch also fixes some other security vulnerabilities as well. Download the appropriate version by following the link or just running Windows Update.
Microsoft’s Windows Live OneCare PC security package has been getting some bad press lately and it didn’t improve today – Windows Live OneCare eats Outlook mail for lunch:
A recent update to the Microsoft antivirus engine for Windows Live OneCare will quarantine the PST file used to store e-mail messages for Microsoft Outlook, preventing access to messages, appointments, tasks and journal entries. It affects versions of Outlook, including Outlook 97 and 2000, and Outlook Express running on Windows XP when the .pst file contains an infected attachment. Microsoft will issue an update on Patch Tuesday, March 13, 2007.
Follow the link for some terse directions on how to solve the problem in the meantime or head over to AppScout for more details including this observation:
OneCare is aimed at the home and non-technical user – maybe not for you, but for your Granny. So, how well do you think Granny could follow the instructions above to keep OneCare from cannibalizing her email?
Good question, but Microsoft is undaunted and is getting ready for OneCare 2.0:
According to Microsoft, OneCare Live 2.0 will include all the security features of OneCare Live 1.5 and will be able to be licensed for as many as three PCs per household. OneCare Live 2.0 will also include wireless connection setup and security features, a boot-time optimizer, automated monthly computer usage and security reports, online photo backup functionality (for an additional charge), unified monitoring and maintenance of networked PCs, printer sharing, and automated PC tune-ups.
…
The OneCare Live 2.0 beta will begin in late April, and Microsoft plans to ship the final version of OneCare Live 2.0 in third quarter 2007. You can sign up for the beta at Microsoft’s Web site.
You can sign up for the beta here. Neil Rubenking also has more details on the new features in OneCare version 2.0.
The Patch Tuesday good news is that Microsoft won’t be distributing any security patches next Tuesday:
Microsoft is not planning to release any security updates on Tuesday, one of only a handful of times the company won’t have security patches available since its monthly security updates began in 2003, Microsoft said Thursday.
The bad news is that there are a number of exploits for which patches just aren’t ready:
Microsoft is currently working on patches for known vulnerabilities in Internet Explorer 7, Office 2007′s Publisher 2007, and the Windows Vista OS, but they are not ready for release at the moment, said a spokesman from Microsoft’s public relations firm Thursday.
According to eEye Security there are “five known zero-day holes in Microsoft products” that will remain unpatched until at least next month. There’s no need to feel abandoned though as there will be some updates distributed come Tuesday – just no security updates.
Joris Evers at CNET reports that Microsoft pulls four planned patches:
Microsoft has pulled four bulletins from its announced list of Patch Tuesday fixes, but did not specify why it was backpedaling on the security releases.
It now plans to issue four security bulletins on Tuesday, rather than the eight originally announced, the software giant said Friday in an updated notice on its Web site.
…
On Thursday, Microsoft listed eight bulletins it intended to issue next week in its monthly patch cycle. It appears to have pulled two bulletins for Windows, one for Windows and Visual Studio and one for Windows and Office. These patches will now likely be released on a future Patch Tuesday.
The Redmond, Wash.-based software giant did not provide any explanation for pulling the bulletins only a few days before their scheduled release.
Is there any other thing that day in and day out provides worse publicity for Microsoft than security patching?
