The first service pack for Windows 7 and Windows Server 2008 is still over half a year away from finalization, but Microsoft is bound to start patching it soon enough. At the end of the past week, the software giant confirmed a Critical zero-day vulnerability affecting all supported editions of Windows client and server. At the same time, the Redmond company also points out that Windows 7 Service Pack 1 (SP1) Beta and Windows Server 2008 R2 SP1 Beta are also impacted by the 0-day security flaw, and that early adopters testing the two releases need to take the necessary measures to protect their machines against attacks.

In the FAQ associated with Security Advisory (2286198), the Redmond company asks “How are the Windows 7 Service Pack 1 Beta and Windows Server 2008 R2 Service Pack 1 Beta releases affected by this vulnerability?” only to answer “Windows 7 Service Pack 1 Beta and Windows Server 2008 R2 Service Pack 1 Beta are affected by the vulnerability. Customers running these beta releases are encouraged to apply the workarounds described in this advisory.” More »

Microsoft plans to ship a file conversion tool to give Office 2003 users a chance to protect against exploits rigged into .doc, .xls, .ppt documents. The tool, called MOICE (Microsoft Office Isolated Conversion Environment), is a direct response to the nonstop zero-day attacks that use rigged Word, Excel and Powerpoint documents to plant call-home Trojans on government and corporate networks.

Microsoft has already built new protection mechanisms into the Office 2007 software suite but customers running older versions of Office are at the highest risk. The statistics are telling: Since January 2006, Microsoft has shipped 20 bulletins covering code-execution holes in Office 2003. Over that same period, only 2 bulletins were shipped for Office 2007. More »

Okay, so Apple PCs are still a lot safer than Windows PCs, but the next time an Apple owner smugly reminds you of the fact, just ask him or her whether they’ve installed the security update issued in April 19th. This fixes no less than 25 security flaws in OS X and it includes three patches for ‘Zero Day’ bugs, and vulnerabilities that would allow hackers to gain access to data. So far this year Apple has issued at least one security update each month and whilst the level of threat and number of attacks are nowhere near the level PC owners have to put up with, it does appear that Apple owners may no longer be as safe as they once used to be. More »