After more than half a year of work, Microsoft has reached an important stage with its plans to refresh the resources offered under the Windows Driver Kit umbrella to developers. Jim Travis, group content publishing manager Windows Hardware and Devices, explains that the end of March was synonymous with the republishing of all the Windows Driver Kit documentation on MSDN Library. The move is designed to align the source docs to the same XML-based content management and authoring system leveraged by the Windows SDK team. However, Travis underlined that the refreshed documentation was not only set up to kick up a notch the authoring and content management system for Microsoft, but to also benefit developers by offering them updated syntax and header information, enhanced abstracts for search results, and better content formatting.

“The kit documentation contains over 32,000 topics. The former system, which we called CAPE, used a hybrid of Microsoft Word and a very loose XML schema. Without a straightforward way to map between XML elements in the old and new schemas, transforming that much content introduced all sorts of issues. It took at least 30 people to get us to the point where we’re comfortable republishing this content, and much of what they had to do ended up being painstaking, manual, page-by-page repairs,” Travis stated. More »

Following the downloading and deployment of over 1.5 million Beta copies of the Microsoft hypervisor-based virtualization technology in testing environments, Windows Server 2008 Hyper-V was released to manufacturing at the end of June 2008. However, even as early as the Release Candidate stages of the solution, the Redmond company was offering tools designed to integrate with Windows Vista computers, and to permit the remote management of Windows Server 2008 machines with the Hyper-V role. At the end of 2008, the software giant also made available for download management resources for the RTM version of Windows Server 2008 Hyper-V.

“This update package installs the management tools for the release version of Hyper-V technology on a computer that is running Windows Vista Service Pack 1 (SP1). This update package includes the following items: the Hyper-V Manager Microsoft Management Console (MMC) snap-in (the Hyper-V Manager MMC snap-in provides management access to servers that are running Hyper-V); [and] the Virtual Machine Connection tool (you can use this remote connection tool to establish an interactive session on a virtual machine host),” Microsoft informed. More »

On December 9, Microsoft made available for download the last bouquet of security updates for 2008. the company released no less than eight security bulletins, six of them Critical and two rated as Important. Hot on the heels of the last round of patches for the year hitting Windows Update, the December 2008 Security Release ISO Image went live on the Microsoft Download Center. Via the Security Release ISO Image for the current month, the software giant is providing a single package for all the security updates designed for its Windows client and server operating systems, including Windows Vista Service Pack 1 and Windows XP Service Pack 3.

“As far as vulnerability counts go, this is the largest patch release since Microsoft started the ‘Patch Tuesday’ program back in late 2003. The release contains eight bulletins covering 28 vulnerabilities,” Symantec’s Robert Keith revealed.

“Of those issues, 23 are rated ‘Critical’ and affect Word, Outlook, Internet Explorer, Visual Basic ActiveX controls, GDI, Windows Search, and Excel. All of the ‘Critical’ issues this month require some sort of user interaction, whether visiting a Web page that contains malicious content or viewing a malicious file. The remaining issues affect GDI, Windows Search, SharePoint, and Windows Explorer; they range in importance from ‘Important’ to ‘Moderate.’” More »

The exploit for a vulnerability affecting the Server Service on all supported versions of Windows has been included in a commercial malware kit, available for sale. MS08-067 is labeled with a maximum severity rating of Critical, and the security bulletin is designed to patch vulnerable Windows operating systems, which could allow for remote code execution via a successful attack involving a specially crafted, malicious RPC request. The vulnerability affects the latest Windows client and server operating systems, including Windows 7, Windows Vista Service Pack 1 and Windows XP Service Pack 3.

“Probably the most widely reported topic in the Chinese Security community this month will be the availability of a commercial MS08-067 attack pack, customized for Chinese users. On October 26th, 2008, exploit code was posted on to a well-known public repository site. In a few days, malware kit author, WolfTeeth, was quick to sell a MS08-067 port scanning tool with attack capability to his ‘customers,’ using free code from the Internet,” revealed Haowei Ren and Geok Meng Ong, from the McAfee Avert Labs.
The security issue is rated Critical on Windows Server 2004, Windows XP (including SP3), and Windows Server 2003, and just Important on Windows Vista (SP1) and Windows Server 2008. Microsoft made available MS08-067 as an out-of-band release in October 2008. During the same month the company issued the first security patch for Windows 7, designed for the pre-Beta Build 6801 Milestone 3 release. More »