Microsoft has released an advisory confirming a previously unknown vulnerability in the way Windows processes shortcut files. The critical bug is trivial to exploit, affects all versions of Windows and allows for arbitrary code execution.

The vulnerability (CVE-2010-2568) came to Microsoft’s attention after Belarusian antivirus vendor VirusBlokAda discovered a new piece of USB malware that was actively exploiting it in the wild. The bug allows an attacker to create a special shortcut file (.lnk), that will execute an executable, when the folder containing it is opened in Windows Explorer, or another file manager able to process shortcut icons.

The Microsoft advisory is a bit confusing, the “Executive Summary” section stating that “malicious code may be executed when the user clicks the displayed icon of a specially crafted shortcut. More »

July 13, 2010 will bring with it the death of Windows XP Service Pack 2, a landmark upgrade in the history of Windows, of a magnitude that will probably never be reached again by any service pack. Essentially, when Microsoft released Windows XP Service Pack 3 (SP3) on April 21, 2008, it also signed the death sentence for its predecessor.

Per the Windows lifecycle, all service packs reach end of support within 12 or 24 months after a new service pack is offered. This, however, has no bearing on the overall support commitment for XP. This means that customers currently running Windows XP will be able to continue doing so provided that they upgrade to the latest service pack, revealed Eric Ligman, Global Partner Experience Lead Microsoft Worldwide Partner Group.

“The terms of the Service Pack Support policy do not impact the Mainstream Support phase or Extended Support phase dates for Windows XP as a product. Windows XP transitioned from the Mainstream Support phase to the Extended Support phase on April 14, 2009,” Ligman said. “During the Extended Support phase for Windows XP (April 14, 2009 – April 8, 2014), Microsoft will continue to provide paid support and security updates at no additional charge. More »

A free download manager designed to integrate seamlessly with Windows 7 is now available from Microsoft. Dubbed the Microsoft Download Manager, the utility is designed, as the label implies, to help users administer their downloads beyond the boundaries of the browser.

More often than not, downloading very large files can be problematic, especially in the context of an unreliable connection. It is precisely in scenarios like these that a download manager will carry out any download tasks to the end, unlike browsers missing this functionality.

“The Microsoft Download Manager enables you to download files from the Internet in a more reliable and faster way than using a browser alone. Using the Download Manager makes it easier to download large files such as an application or multimedia files,” Microsoft explained. More »

Microsoft is enriching the collection of language packs available for Internet Explorer 8 RTW. At the end of April 2009, the Redmond company promised that it would deliver the IE8 gold language packs aimed specifically at Windows XP and Windows Server 2003 in mid-May. With the release of the two Multilingual User Interface packages for the two operating systems, the software giant managed to live up to its promise. The IE8 MUI packs are designed to play nice with the 32-bit and the 64-bit versions of Windows XP SP2, Windows XP SP3, and Windows Server 2003 SP2.

Vishwac Sena Kannan – IE International program manager, and Jatinder Mann – IE Setup program manager, explained that end users would have to tailor the IE8 MUI pack to the specific language and architecture of their operating systems. In this regard, they will first need to install the IE8 bits in English, and only after deploy the MUI pack matching the OS MUI pack already deployed. More »

Since 2007, Microsoft has been offering free copies of Windows XP and Windows Vista for download, in order to make up for a handicap specific to the Windows client, namely the fact that two different versions of Internet Explorer cannot be installed and run simultaneously on the same operating system. While it is cooking the first Release Candidate build for Internet Explorer 8, the Redmond company is also supporting Internet Explorer 7 and Internet Explorer 6, a context in which it is a pain for developers to test their content on all versions of IE.

The situation has caused Microsoft to come up with the Internet Explorer Application Compatibility VPC images, a solution designed to circumvent the limitations of IE running on Windows via virtualization.

With the Internet Explorer Application Compatibility VPC images, Microsoft is offering developers no less than four free copies of Windows packaged as Virtual Hard Disk Images and designed to integrate with the company’s free virtualization offerings. The four VHD downloads feature a new release date, just ahead of the end of 2008, although the launched products are similar to those made available in August 2008, following the availability of Internet Explorer 8 Beta 2. More »