Microsoft News Tracker

A variety of Microsoft news items from this week that did not find a post of their own.

EU Asks Microsoft Rivals About Word, Excel Dominance:

European regulators are questioning Microsoft Corp.’s competitors on whether the company is using its dominance in word processing and spreadsheets to thwart rivals, weighing whether to open a new front in the antitrust dispute.

Danger, Will Robinson! Related: EU Extends Microsoft’s Deadline to April 23 to Answer New EU Charges on Licenses.

Yahoo ups the ante for free email with unlimited storage offer. Maybe they make it up on volume? Perhaps more importantly, they also opened up the Yahoo mail APIs to third party developers.

Microsoft warns of zero-day Windows bug. Even worse, it’s a drive-by for all Windows versions including Vista with tainted Web sites or email causing an immediate infection. The problem is due to a glitch in animated cursor handling and third parties are already releasing their own fixes while waiting for Microsoft. A fake IE7 download email is also making the rounds. I got one and was flattered that admin@microsoft.com wrote to personally ask me to download IE7 when I have been avoiding it like the plague.

Microsoft’s announcement of the Xbox 360 Elite was rather an anticlimax after all the leaks. The key point is that the targets for the Elite are the upscale gamers and home entertainment users courted by Sony with the PS3 while Microsoft disdains those “childish” gamers buying the Nintendo Wii. (That’s Nintendo you hear laughing all the way to the bank.) There’s also another opinion that the primary target is really Wall Street, but I digress.  Meanwhile, Sony’s PS3 looks to be getting a new 80GB hard drive and apparently sold well after its European launch.

Zune finally got its 1.3 update and Zune market share slipped again in February.

BizTalk 2006 R2 Beta 2 will be available on Monday.

Microsoft added Netflix founder Reed Hastings to the board of directors and maintained the dividend at $0.10.

Microsoft beta tests Tahiti, yet another collaboration application, this one apparently destined for Office Live.

SoftGrid roadmap: SP1 for 4.1 expected in April/May and along with a tech preview of 4.2. 4.2 RTM and availability “some time around July.”

The PowerShell admin scripting language will ship in Windows Server Longhorn.

A flurry of miscellaneous Microsoft News:

Judge backs $1.5 billion patent decision against Microsoft in the first Alcatel-Lucent case decided in late February.

Microsoft joins OpenAjax Alliance standards group as rumored back in January. See also the OpenAjax Alliance website.

Microsoft offers a new Vista discount plan for consumers:

For customers who acquired a full or upgrade version of Windows Vista from retail or pre-installed, we’ve got a pretty sweet deal.  We’re announcing the Windows Vista Additional License program, which provides the ability to install the same edition of Windows Vista on any other additional computers you may own.  The program allows customers to purchase up to 5 additional licenses for PCs they own at 10% off the suggested retail price.

Although slightly more realistic than the Family Discount Plan, it has the same basic problem - the vast majority of consumers will only acquire Vista via a new PC purchase.

Meanwhile, Vista is reportedly bad for the PC business. Wait, someone else says it’s great. Hold on a sec, maybe it’s in between.

Dell launches low-cost PC in China running either Windows XP or Linux. No Vista. Well, Microsoft will still get paid for XP.

Virtualisation causes IDC to cut server forecast. Virtualization allows customers to buy fewer, bigger servers. Both units and revenue are predicted to be down from prior forecasts. There should also be a similar effect on Microsoft’s server revenue.

House Bill Would Free Up TV Airwaves for the Microsoft mystery device.

Microsoft Disappoints Zune Users Waiting For Firmware Update, particularly since it is supposed to fix a “skipping” problem on purchased music.

Windows Live Search Italy gets owned by a truly skillful malware deployment combined with search engine optimization. Check out the screenshots too. The problem of bogus websites in search results is a problem for all search engines though, as some Microsoft researchers demonstrated.

Gregg Keizer at TechWeb via Yahoo:

Symantec raised its overall Internet alert Friday on the news that a zero-day vulnerability in Microsoft Word was being exploited by hackers hoping to hijack PCs.

“Currently, observed attacks are limited to attacks against select targets,” Symantec warned in a bulletin to customers of its DeepSight Threat Management System.

The attack is successful against the newest version of Microsoft’s word processor, Word 2003, but only crashes Word 2000 and Word XP, without leading to a computer compromise.

More details on the specific exploit by following the link, but the net is that any Word 2003 document you receive from external sources should be viewed with suspicion until Microsoft provides a fix.

(Via Ed Bott) A flaw in the way WMF files (Windows Metafiles) are processed by Windows means that even fully patched versions of (at least) Windows XP and Windows Server 2003 are wide open to attack from exploits currently circulating on the Web that drop and run previously known Trojan Horse programs. Exploits using this flaw are “zero day” since there was no advance warning and “drive-by” in that merely browsing a website or opening email with a malicious WMF file will infect a system.

F-Secure has more and notes that paradoxically, the Firefox browser version 1.5 is safe because it has an apparent bug in how WMF files are handled. There’s more from F-Secure here and possible workarounds are discussed in Juan Carlos Perez’s article at InfoWorld which also contains this observation:

However, the number of attacks could increase dramatically if malicious hackers find more automated ways to target systems, such as using e-mail, instant messages or file sharing, according to Ken Dunham, director of the rapid response team at VeriSign Inc.’s iDefense.

Attacks so far have been limited to installation of adware and spyware on compromised machines, but “you’re probably going to see Trojans and more sinister code develop and emerge in the next few days,” Dunham said in an interview.

Microsoft is investigating.

In today’s Patch Tuesday release, Microsoft issued two security updates, one of which was deemed “critical.” That one, MS05-054, is a cumulative patch for Internet Explorer which provides four fixes, including one for a bug that permitted drive-by malicious downloads. Microsoft did not, however, fix the cross site scripting flaw that had briefly exposed Google Desktop until Google did a workaround.

Available as usual via Microsoft Update or Windows Update or the enterprise equivalents.