Microsoft has released an advisory confirming a previously unknown vulnerability in the way Windows processes shortcut files. The critical bug is trivial to exploit, affects all versions of Windows and allows for arbitrary code execution.

The vulnerability (CVE-2010-2568) came to Microsoft’s attention after Belarusian antivirus vendor VirusBlokAda discovered a new piece of USB malware that was actively exploiting it in the wild. The bug allows an attacker to create a special shortcut file (.lnk), that will execute an executable, when the folder containing it is opened in Windows Explorer, or another file manager able to process shortcut icons.

The Microsoft advisory is a bit confusing, the “Executive Summary” section stating that “malicious code may be executed when the user clicks the displayed icon of a specially crafted shortcut. More »

This milestone in the product lifecycle of XP has generated a range of questions, some easier to answer than others. Below you will find a list of frequently asked questions along with answers, some right from Microsoft. Hopefully, the FAQ will be sufficient to provide guidance for customers that need to make the transition from XP SP2 to more recent releases of Windows.

1. How will XP SP2 customers be impacted by end of support for the service pack?

Microsoft software products evolve constantly, with major products receiving upgrades dubbed service packs. In the case of XP SP2, the upgrade was indeed massive, with some company employees noting that Service Pack 2 for Windows Vista’s successor could easily have been considered an entirely new Windows release. The software giant only offers support for Service Packs for 12 to 24 months after a new release. This period varies, and is connected with the product family. In the specific case of XP SP2, July 13th, 2010 will mark two years since the release of Service Pack 3. More »

July 13, 2010 will bring with it the death of Windows XP Service Pack 2, a landmark upgrade in the history of Windows, of a magnitude that will probably never be reached again by any service pack. Essentially, when Microsoft released Windows XP Service Pack 3 (SP3) on April 21, 2008, it also signed the death sentence for its predecessor.

Per the Windows lifecycle, all service packs reach end of support within 12 or 24 months after a new service pack is offered. This, however, has no bearing on the overall support commitment for XP. This means that customers currently running Windows XP will be able to continue doing so provided that they upgrade to the latest service pack, revealed Eric Ligman, Global Partner Experience Lead Microsoft Worldwide Partner Group.

“The terms of the Service Pack Support policy do not impact the Mainstream Support phase or Extended Support phase dates for Windows XP as a product. Windows XP transitioned from the Mainstream Support phase to the Extended Support phase on April 14, 2009,” Ligman said. “During the Extended Support phase for Windows XP (April 14, 2009 – April 8, 2014), Microsoft will continue to provide paid support and security updates at no additional charge. More »

Microsoft has reached the end of the road when it comes down to the evolution of Windows XP through major updates. Moving onward, the Redmond company will focus exclusively on Windows Vista and Windows 7 with service pack releases. Specifically, if you are running Windows XP and still hoping for an SP, then by all means, don’t hold your breath. Or, if you were indeed holding your breath, then this is about the right time to exhale and move beyond the aging operating system. Windows 7 is now just a few days short of one month away, seeing how general availability is planned for October 22nd, 2009.

No more service packs for Windows XP, what does it mean? It means that SP3 was the last service pack for 32-bit (x86) XP and the SP2 was the last major update for 64-bit (x64). Immediately after the availability of SP3 for x86 XP, Microsoft confirmed officially that it was the last service pack for Windows Vista’s precursor. However, a potential SP3 seemed to be in the cards as far as x64 XP was concerned.

In fact, this is not the case at all. Microsoft offered official confirmation of the fact that it was not, nor would it be in the future, developing a third service pack for 64-bit XP. “We have received inquiries from our customers and partners on whether or not there will be a need for a Service Pack 3 for Windows Server 2003. More »

Microsoft has warned users of Windows XP Service Pack 3 of an issue that can lead to digital pictures becoming corrupted when handled with the default image viewers available as components of the operating system. According to the Redmond company the problem is limited to XP SP3. Microsoft has explained that when using Windows Picture or Fax Viewer to manage TIFF images, in the eventuality that a specific picture is rotated either clockwise or counterclockwise, that document will become corrupted.

“When a TIFF image is rotated in Windows Picture and Fax Viewer, the image is outputted. Then, the image is recompressed again,” Microsoft revealed. “This problem occurs because Windows Picture and Fax Viewer outputs a TIFF file in CCITT Group 3 format with 1D encoding. Therefore, when Windows Picture and Fax Viewer opens a TIFF file in CCITT Group 3 format with 2D encoding, the file is corrupted.”

CCITT stands for the International Telegraph and Telephone Consultative Committee. As far as TIFF images go, More »