Microsoft's week involved a giant Patch Tuesday, the release of Kinect for Windows SDK beta and alerts about a phone scam.
Microsoft's relatively quiet week saw a significant Patch
Tuesday and a new phase of life for its popular Kinect hands-free game
June's Patch Tuesday tackled some 24 bugs across 16
bulletins. It wasn't quite as big as April's session, but certainly covered a
lot of ground: in addition to patching Windows, bulletins targeted
vulnerabilities in all supported versions of Internet Explorer, Microsoft
Office, SQL Server, Forefront, .NET/Silverlight, Active Directory and Hyper-V.
Microsoft rated nine of those patches as "critical" and
seven as "important." In a June
on the Microsoft Security Response Center blog, the company
cited four of those critical updates as particularly important: MS11-042,
targeting two issues in the DFS client for all versions of Windows; MS11-050, a
patch for 11 bugs in all versions of Internet Explorer; MS11-052, aimed at
another Windows operating system issue; and MS11-043, meant to repair the SMB
Client on Windows.
Security IT administrators should pay particular attention
to fixing the Internet Explorer issues, according to Joshua Talbot, security
intelligence manager for Symantec Security Response. "The slew of Internet
Explorer vulnerabilities presents a significant attack surface for
cyber-criminals to poke at," he
, citing how a similar IE flaw was used in "at least one" of the
recent, well-publicized data breaches.
Microsoft's Patch Tuesday also targeted the "cookie-jacking"
vulnerability in HTML5 (MS11-037), which could allow a malicious Website to
swipe cookies from users. Despite the availability of proof-of-concept code,
the apparent inability for direct code execution makes this particular patch
"important" as opposed to "critical."
Microsoft is also aiming to fix a denial-of-service
vulnerability in Hyper-V (MS11-047) on Windows Server 2008 and 2008 R2, which
could let an attacker on a guest virtual machine execute a resource exhaustion
denial-of-service on the host and affect other virtual machines.
When it came to code, though, this week wasn't all about
patching vulnerabilities: Microsoft also released its Kinect for Windows SDK
beta, bringing the motion-control and voice-recognition technology to
developers and researchers.
Microsoft had originally designed the Kinect controller,
which was released in November 2010, as a way to play Xbox 360 games via
gesture and the spoken word-hoping to appeal, in the process, to the same sort
of casual gamers who had made the Nintendo Wii and its unconventional
controllers such a massive hit.
Kinect turned out to be a massive hit, too, selling some 10
million units worldwide by March.
However, tech pros soon found a way to hack the Kinect's 3D
camera, which translates the movements of a user's body to a digital avatar.
Videos soon began to appear on YouTube, demonstrating the next-generation
hardware at work controlling robots or allowing people to paint 3D images in
At first, Microsoft publicly disapproved. Just as quickly,
however, the company decided to pull an about-face and claim it had always
intended Kinect to be open to modification.
the SDK beta's arrived
. Its system requirements include a Kinect for Xbox
360 sensor; a computer with a dual-core, 2.66-GHz (or faster) processor; a
Windows 7-compatible graphics card with support for DirectX 9.0c capabilities,
and 2GB of RAM.
Required software includes Windows 7, Visual Studio 2010
Express (or other 2010 edition), and Microsoft .NET Framework 4.0.
Microsoft itself intends to incorporate advances in 3D
sensing for products beyond gaming. In late 2010, the company acquired Canesta,
a maker of 3D-image sensor chips and camera modules that can be embedded in a
variety of consumer products, including laptops and vehicle dashboards.
In totally unrelated news, Microsoft also issued a warning
this week against fake tech-support and phone scams.
"The callers pretend to be from Microsoft and try to sell
the victim something, direct them to a specific Website, asked for remote
access, to install software, a credit card number, or run a bogus security scan
that showed an infection," Eric Foster, group manager for Microsoft Windows
Marketing, wrote in a June 16 posting on The
The scam seems to be taking place in English-speaking
countries. A survey by Microsoft's Trustworthy Computing Team found that, out
of 7,000 people surveyed, some 1,000 had received calls-with 22 percent falling
for the scam.
Foster's blog post offered a series of tips for avoiding
phone scams. "We want to remind you will never receive a legitimate call from
Microsoft or our partners to charge you for computer fixes," he wrote. "Please
remember to question any unsolicited email or call."