Microsoft had a fairly quiet week, marked by Patch Tuesday and additional indications that Windows 8 tablets are in development.
While Microsoft’s March 2012 Patch Tuesday was light on actual bulletinswith six in totalsecurity researchers nonetheless advised companies to fix the only “critical” one as fast as possible.
That critical bulletin, MS12-020 (Windows), addresses an issue in Remote Desktop Protocol (RDP). While Microsoft insisted in a March 13 posting on the Microsoft Security Response Center blog that it “know[s] of no active exploitation in the wild,” it also advised that “customers examine and prepare to apply this bulletin as soon as possible.” As it stands, the vulnerability allows an attacker to achieve remote code execution; Microsoft is offering a one-click, no-reboot “fix-it” that “enables Network-Level Authentication, an effective mitigation for this issue.”
Of the five other bulletins, two are rated “important” and relate to Expression Design (MS12-022) and Visual Studio (MS12-018). Two other “important” ones apply to different configurations of Windows and Windows Server, and focus on Kernel (MS12-018) and Domain Name System (DNS) (MS12-017). The last, rated “moderate,” deals with DirectWrite (MS12-019).
Outside analysts hammered home the importance of patching the RDP issue. “Last fall we saw the RDP worm Morto attacking publicly exposed Remote Desktop services across businesses of all sizes with brute-force password guessing,” Kurt Baumgartner, senior security researcher for Kaspersky Lab, wrote in a March 13 posting on Securelist, “The Morto worm incident brought attention to poorly secured RDP services. Accordingly, this Remote Desktop vulnerability must be patched immediately.”
Meanwhile, news (and rumors) about the upcoming Windows 8 continued to trickle into the blogosphere. Slated for final release sometime in late 2012, the upcoming operating system features a start screen of colorful, touch-friendly tiles linked to applications, the better to operate on tablets.
Nokia design chief Marko Ahtisaari told the Finnish magazine Kauppalehti Optio that “we are working” on a tablet, according to Reuters. That came days after a March 12 article in DigiTimes suggested that Nokia would launch a Windows 8 tablet sometime in the fourth quarter of 2012, complete with a 10-inch screen and a Qualcomm dual-core chipset. DigiTimes’ information came from unnamed sources among “upstream component suppliers” who predicted that “Nokia’s venture into the tablet PC market will also further intensify competition among non-iPad tablet PC vendors.”
Nokia and Microsoft already have a tight relationship centered on Windows Phone, which replaced Symbian and other homegrown platforms as the former’s primary mobile operating system.
On the cloud front, Microsoft lowered the price of its Office 365 cloud-based productivity software. “As we rapidly add customers, the cost to run Office 365 becomes more efficient,” Kirk Koenigsbauer of the Office division wrote in a corporate blog posting March 14. “With these efficiencies, we’re able to pass on savings to make it even more affordable for customers of all sizes to move to Office 365.” Specifically, Microsoft is instituting price cuts of up to 20 percent for “most of our Office 365 for enterprise plans.”
For the past few years, Microsoft has pushed an “all-in” cloud strategy centered on porting a variety of products to the cloud, including Office. While that initiative has yet to translate into significant revenues on the scale of Windows, it allows Microsoft to establish a sizable presence in an arena also targeted by rivals such as Google.