Five-Year-Old Windows Design Flaw Comes Back to Haunt Vista
Windows Vista, Microsoft’s latest operating system, has been continually applauded as an apex of security and an epitome of user protection when it comes down to the Windows platforms available on the market.
windows -
comments -
27.11.2007 New Windows 7 Logo Design
It seems that the email on “translucency” sent out by Steven Sinofsky, Senior Vice President, Windows and Windows Live Engineering Group, back in 2007, got lost in translation on its way to Microsoft China. Remember the leaked images featuring the new Windows 7 boxes?
windows -
comments -
20.5.2009 Windows Vista Custom PC Design
Microsoft and Dell recently partnered up to create a super-cool custom PC in celebration of Microsoft releasing Windows Vista to manufacturing earlier this month.
windows -
comments -
21.11.2006 The Ultimate Windows Vista Computer Design
Fest your eyes on the Ultimate Windows Vista computer design concept. The image included on the left, as well as the ones at the bottom of this article are a part of the Carbon Design Group’s portfolio.
common -
comments -
17.9.2007 Microsoft: Windows XP Failures Are by Design
Nothing but bad design is responsible for Windows XP failures. The consistent volume of logon failure events in Windows XP, when the operating system is not part of a domain, is generated by the design of the overall log in process.
windows -
comments -
12.11.2007 Lexon Design Roswell Calculator
Let your co-workers have that boring ol? office calculator; you can show off a much cooler space-age version. The cleverly-named Roswell Calculator by Lexon Design has a super-sleek aluminium body with round keypads.
common -
comments -
Microsoft Expression Design Beta 2
Expression Design is a professional illustration and graphic design tool that lets you build compelling elements for both Web and desktop application user interfaces.
download -
comments -
19.3.2007 IE8 RTW Compatibility View Design
The Beta version of Internet Explorer 8 shipped with a big Emulate IE7 button next to the Home button on the Command Bar.
microsoft -
comments -
22.6.2009 Microsoft Demos Graphic Design Tool Suite
Microsoft Corp. Wednesday demonstrated its new toolset aimed at helping software graphic design experts and developers work better together.
common -
comments -
Winner Of Microsoft PC Design Competition Announced
At the CES conference in Las Vegas this week, Microsoft chief Bill Gates announced the winner of the Start Something PC competition.
The main prize of $50,000 was won by Prashant Chandra, an Indian born designer. Chandra's design might best be described as a 'clam-shell' tablet PC, designed around the idea of a backpack.
microsoft -
comments -
8.1.2006 Capture and Edit Screen Shots with All-in-one Design Tool – PicPick
Previously we have mentioned FireShot that works as Firefox and IE extension to let you capture and edit screenshots from web pages easily.
common -
comments -
15.6.2009 Are You Protected? - Design and Deploy Secure Web Apps with ASP.NET 2.0 and IIS 6.0
Web applications are among the most common computing services that are exposed to the Internet, and thus they pose an inviting target to anyone who wants to break into your network to steal sensitive information, tamper with your data, or otherwise compromise your system.
Ensuring the security of a Web application is a serious task, and requires consideration throughout the design, development, deployment, and operation phases. It should not be viewed as something that can be slapped onto an existing application, or achieved simply by applying existing platform security features.
microsoft -
comments -
2007 Office System Document: User Interface Evaluation Design Guidelines
This information is provided to assist sofware developers in evaluating the scope of the UI Design Guidelines for the 2007 Microsoft Office suites prior to accepting the Office UI Licensing agreement.
microsoft -
comments -
7.1.2007 Windows 7 UAC has a second flaw
Long Zheng of I Started Something has uncovered a flaw in Windows 7's UAC that means malware can elevate itself to administrator privileges.
windows -
comments -
4.2.2009 MS Warns of Exploit for Windows Flaw
Microsoft on Tuesday acknowledged the existence of exploit code that could crash vulnerable Windows computers through a flaw in image file handling. The company had provided a patch for the problem as part of its November Patch Tuesday security update.
microsoft -
comments -
30.11.2005 Microsoft Patches Windows Cursor Flaw
As expected, Microsoft has released security update MS07-017, which patches a critical vulnerability in Windows Animated Cursor Handling. The company says it was working on the fix since December, and has posted it early due to reports of attacks.
download -
comments -
4.4.2007 Cybercrooks exploiting new Windows DNS flaw
Cybercrooks are using a yet-to-be-patched security flaw in certain Windows versions to attack computers running the operating systems, Microsoft warned late Thursday.
windows -
comments -
13.4.2007 Zero-day flaw hits Windows XP
A new zero-day flaw has been reported in a system component of Microsoft's Windows XP.
windows -
comments -
19.9.2007 Flaw in Windows 7 and Vista could allow remote reboot
Security experts warned Tuesday that a vulnerability in Microsoft's implementation of the SMB2 protocol can be exploited via the net to crash or reboot Windows Vista and Windows 7 systems.
windows -
comments -
8.9.2009 Windows 7 RTM is not affected by zero-day flaw
Microsoft has issued a formal security
advisory in response to the latest flaw discovered within its Windows operating systems, shedding a bit of light on the issue.
windows -
comments -
9.9.2009 DoS Flaw Found in Windows XP, Server
Security firm Secunia warned Thursday of a new flaw within Windows XP and Windows Server 2003 that could cause a denial of service issue. The vulnerability can be exploited to cause a buffer overflow, which in turn would cause Windows to crash.
windows -
comments -
3.6.2006 No fix until June for Windows Home Server flaw
Microsoft dashed the hopes of users waiting for a fix to the Windows Home Server data-corruption issue Monday--the patch will not be available in its official form until June.
windows -
comments -
11.3.2008 Microsoft patches critical Windows kernel flaw
Microsoft patched critical vulnerabilities in the Windows kernel that could be remotely exploited by an attacker to gain control of a computer. In all three bulletins patching eight Windows flaws were released Tuesday as part of Microsoft's monthly patching cycle.
microsoft -
comments -
11.3.2009 Microsoft knew of Windows .ANI flaw since December 2006
A private security research outfit says it notified Microsoft about the animated cursor (.ani) code execution vulnerability since December 2006, a full four months ahead of yesterday’s discovery of Internet Explorer drive-by attacks.
windows -
comments -
2.4.2007 Security flaw hits Safari for Windows only hours after release
Thanks to marct for this article. Security researcher Aviv Raff claims to have found the first security vulnerability in Apple's Safari browser on Windows only hours after the software was released.
common -
comments -
12.6.2007 Apples carpet-bomb Safari flaw can wreak havoc on Windows
A researcher has created a proof-of-concept site that graphically demonstrates the risk Windows users face when using Apple's Safari browser.
common -
comments -
10.6.2008 New Security Flaw Discovered in IE
Security firm eEye released a
notice on Thursday saying it had discovered a new flaw within Internet Explorer on both Windows XP and XP SP2.
microsoft -
comments -
EXCLUSIVE: New security flaw in IE
A new flaw in Internet Explorer could be exploited to launch spoof-based attacks, or access and change data on vulnerable PCs, security experts have warned.
The problem lies in the way Microsoft has implemented a JavaScript component in its Web browser, security researcher Amit Klein wrote in a research document. Internet Explorer does not validate some data fields provided by a PC when the component, called XmlHttpRequest, is used, he wrote.
microsoft -
comments -
Attackers Use BBC to Exploit IE Flaw
Security firms are warning Internet users of a new method of attack that attempts to fool people into clicking on links to supposed BBC News stories. However, the page visited is a forged copy, and a keystroke logger is installed on the victim's computer through a vulnerability in Internet Explorer.
microsoft -
comments -
1.4.2006 Microsoft denies flaw in Vista
Microsoft has confirmed that Vista can be affected by malware from 2004, but argues this is not a flaw in the operating system.
windows -
comments -
5.12.2006Microsoft dismisses Windows 7 UAC security flaw, continues to insist it is "by design"
Long Zheng: I’m not too sure if Microsoft is on the same page as I am, but a Microsoft spokesperson has emailed me in response to the
Windows 7 UAC security flaw I wrote about and demonstrated
yesterday. In summary, Microsoft claims this is “not a vulnerability”, is intended behavior and again indicates will not be changed.
No, your eyes are not playing tricks on you. They’re (again) indicating it will not be fixed in the final version of Windows 7.
winbeta.org -
31.01.2009Flaw leaves Microsoft looking like a turkey
Microsoft engineers worked frantically over the US Thanksgiving holiday to fix a design flaw in Windows that has exposed millions of computers to
hijacking by computer criminals.
By exploiting the design flaw a lone miscreant could take control of vast numbers of home or
office PCs around the world in a single attack. They could read data, steal passwords and monitor internet use or use them to distribute spam or
viruses.
The bug was demonstrated at the Kiwicon hacker conference in New Zealand last week by an ethical hacker, Beau Butler.
winbeta.org -
23.11.2007MS: Ability to Co-opt Pop-ups a 'Design Consideration'
The ability for a Web page to
wrest control of the source of
content for a pop-up browser
window that appears beside it
is not a design flaw or
vulnerability in Internet
Explorer 7, but instead
"an important design
consideration...to provide a
consistent customer
experience," Microsoft
said Tuesday...
betanews.com -
31.10.2006Windows 7 UAC has a second flaw
Long Zheng of I Started Something has uncovered a flaw in Windows 7's UAC that means malware can elevate itself to administrator privileges. This
news comes after a previously discovered flaw in Windows 7's new tiered UAC system that meant malware can disable UAC silently. Zheng has stated
"a second UAC security flaw in the Windows 7 beta's default security configuration allows a malicious application to autonomously elevate
themselves to full administrative privileges without UAC prompts or turning UAC off", which is bad news for Microsoft. It is also bad news for all
the people currently running the Windows 7 beta, leaving them with a security risk.
Read full story.....
neowin.net -
04.02.2009DoS Flaw Found in Windows XP,
Server
Security firm Secunia warned
Thursday of a new flaw within
Windows XP and Windows Server
2003 that could cause a denial
of service issue. The
vulnerability can be exploited
to cause a buffer overflow,
which in turn would cause
Windows to crash...
betanews.com -
03.06.2006Windows Firewall Flaw Hides Open Ports
Microsoft earlier this week confirmed a flaw exists in the way the user interface for its Windows Firewall handles bad entries in the Windows Registry, but said the problem was not a security vulnerability. An exception could be created that would open a hole in the Windows Firewall...
betanews.com -
02.09.2005New Variant of Critical IE
Flaw Found
A new flaw has been found in
Internet Explorer by security
firm Secunia through research
into another vulnerability
present in the browser. The
issue was initially believed
to be a successful exploit of
a problem discovered last
week, however Microsoft said
it was actually a new flaw...
betanews.com -
02.05.2006Cybercrooks add Windows flaw to arsenal
Attackers have added another,
yet-to-be-patched Windows flaw
to their arsenal, experts
warned Saturday.
Cybercrooks have started
exploiting a flaw in the
Windows Shell only days after
sample attack code for the
vulnerability surfaced. Web
sites that exploit the
vulnerability are popping up
and attempt to load malicious
software onto vulnerable
Windows PCs in a way that is
undetectable to users, experts
said.
"There are
professionals at work using
the exploit code," security
firm Websense said in an
alert. The miscreants taking
advantage of the flaw appear
to be part of the same group
that in December used another
Windows flaw to hoist spyware
onto PCs, Websense said. That
flaw stemmed from the way
Windows handled Windows
Metafile, or WMF images.
Microsoft warned of
the Windows Shell flaw on
Thursday. The flaw affects
Windows 2000, Windows XP and
Windows Server 2003, and could
be exploited via the Internet
Explorer Web browser through a
component called
WebViewFolderIcon, the company
said. Windows Shell is the
part of the operating system
that presents the user
interface.
neowin.net -
01.10.2006Serious Flaw Hits Symantec
AntiVirus
Security research firm eEye
warned Thursday that a
high-risk code execution flaw
exists within Symantec's
Norton AntiVirus 10.x.
According to an advisory
posted on eEye's Web site,
the flaw does not require any
user interaction to be
exploited...
betanews.com -
26.05.2006No Fix for Critical Windows
98, Me Flaw
Microsoft has encountered a
critical vulnerability in
Windows 98, 98 SE and Windows
Me that it simply cannot fix,
the company acknowledged
Friday. The flaw affects
Windows Explorer and after
investigating the issue,
Microsoft said it would need
to reengineer a significant
amount of the operating
system...
betanews.com -
09.06.2006Critical Flaw Found in
Apple's iTunes
Security firm eEye Digital
Security on Thursday warned of
a critical flaw in Apple's
iTunes software that could
allow for remote code
execution, and has rated it as
a high-risk vulnerability. The
flaw affects both iTunes for
Windows and Mac OS X on
"various" versions of
the software...
betanews.com -
19.11.2005Microsoft Confirms New
Critical IE Flaw
Microsoft has confirmed the
existence of a critical
Internet Explorer flaw that
could put millions of IE users
at risk of code execution just
by visiting a malicious Web
site. The flaw was first
reported this week by Danish
security firm Secunia...
betanews.com -
24.03.2006Five Fixes Enroute, New IE
Flaw Found
Microsoft said Thursday that
it plans to release five
security patches as part of
its monthly Patch Tuesday
program next week, including a
fix for the
"CreateTextRange"
flaw. Meanwhile, security firm
Secunia disclosed yet another
flaw affecting Active
Scripting in IE...
betanews.com -
07.04.2006Firefox Flaw a Hoax, Admits Speaker
One of the speakers at a
Toorcon security conference
session last weekend has
admitted that claims he and an
accomplice made regarding an
"unfixable" flaw in
Firefox, and a video of the
two purportedly exploiting
this flaw, were a
not-so-elaborate hoax...
betanews.com -
04.10.2006MS Warns of Exploit for
Windows Flaw
Microsoft on Tuesday
acknowledged the existence of
exploit code that could crash
vulnerable Windows computers
through a flaw in image file
handling. The company had
provided a patch for the
problem as part of its
November Patch Tuesday
security update...
betanews.com -
30.11.2005Microsoft to Fix Critical
Windows Flaw
As part of it's monthly Patch
Tuesday next week, Microsoft
says it will fix a critical
flaw affecting Windows, along
with two non-security related
updates on Windows Update and
a third available through
Microsoft Update. The company
offered no other details on
the upcoming patches...
betanews.com -
05.11.2005Microsoft Fixes Critical
Windows Flaw
As part of its monthly Patch
Tuesday security bulletin,
Microsoft has released one fix
covering two critical
vulnerabilities in Windows.
The flaw affects the operating
system's graphics rendering
engine, and could lead to a
remote attacker taking control
of a system through the use of
malformed WMF and EMF images...
betanews.com -
09.11.2005MS Discloses Limited WMF
Vulnerability
Microsoft disclosed another
Windows Metafile vulnerability
Tuesday, saying an attacker
could execute code as the
logged-in user. The company
discovered four ways that the
flaw could be exploited,
however it stressed the latest
flaw is very limited in scope...
betanews.com -
08.02.2006Windows Server activation flaw negates activation requirement
A flaw in how Microsoft Windows Server 2008 calculates the time remaining until it must be activated could enable users to potentially run the server
for years before activation. The defect is a consequence of Microsoft failing to assess its virtualization strategy, says an analyst...
winbeta.org -
18.02.2009Windows 7 From Idea to Feature: A view from Design
Steven Sinofsky: This post is jointly written by Samuel Moreau the manager of the user experience design team for the Windows Experience, Brad Weed,
Director of User Experience Design and Research for Windows and Windows Live, and Julie Larson-Green, the VP of Program Management for the Windows
Experience. With the number of comments that describe a specific feature idea, we thought it would be good to give you an overview of how we approach
the overall design process and how ideas such as the ones you mention flow into our process. Also for those of you attending the PDC, Sam will be
leading a session on the
design principles of Windows 7.
winbeta.org -
21.10.2008
