- IE Patch: Too little, too late? An out-of-cycle patch may have been released after the damage has been done.
- Research This: Microsoft marks the 15th anniversary of its Research division by looking ahead to the future.
Vista Moves One Step Closer
One month after Microsoft made the first Vista release candidate (RC1) available, the company has released a new interim build of the operating system, eWeek Senior Editor Peter Galli reports.
On Sept. 22, Microsoft released build 5728 to its usual testers as well as to 100,000 of the participants in its Customer Preview Program.
The build was delivered to testers via TechBeta, TechNet, TAP and MSDN, while the 100,000 CPP participants were chosen at random to get even greater diversity in the feed-back, Microsoft officials said.
The release keeps Microsoft on track to ship Vista to businesses and OEMs in November and to the general public in January 2007, though exact dates have not been announced.
The build provides technical users and application developers an opportunity to test against the most current build of Vista, and gives Microsoft feedback on the install and upgrade process. Build 5728 also includes ongoing “fit and finish” work.
The latest builds and testing will be needed to smooth the migration path for users, which nevertheless looks to be rocky, according to eWeek Labs.
Tests of Vista builds 5568 and 5600 (the official RC1 build) show that neither build has changed much from the 5536 release reviewed in late August.
eWeek Labs recommends that administrators opt instead for a clean install rather than an upgrade, teamed perhaps with Vista’s Windows Easy Transfer utility for carrying over files and settings from the previous install. Not only is a clean install much faster than an upgrade, eWeek Labs tests show, but the significant changes in how Windows Vista handles software installation bring the possibility of compatibility issues that might not be immediately apparent.
For a slide show view of some of Vista’s new features, click here.
IE Patch: Too little, too late?
Microsoft switched to monthly patch releases to ease the burden on users who couldn’t keep up with weekly or even daily updates. But the company had to break with policy this week with a an out-of-cycle update to fix a critical and widely exploited vulnerability in the Vector Markup Language.
Even with the emergency patch, some security experts say that the company has reacted too slowly, reports eWeek Senior Writer Ryan Naraine, as bulletin MS06-055 comes a full eight days after virus hunters first spotted the zero-day attacks circulating on porn sites hosted in Russia.
“This reminds me so much of the WMF attacks earlier this year,” said Roger Thompson, chief technology officer at Exploit Prevention Labs, in Atlanta. “It came out of left field, ran undetected for a week or three, and by the time the official, emergency patch came out, the damage was done. In eight days, the bad guys replenished their botnets, made their money and moved on to the next zero-day. Now the industry is struggling to clean up and chase the copycats,” Thompson said.
The release of Microsoft’s update follows the emergence of a high-profile volunteer group called ZERT (Zeroday Emergency Response Team) that created a third-party fix as a stop-gap measure to help mitigate the threat. The ZERT group has withdrawn its patch and is pointing users to Microsoft’s official fix.
The incident follows the latest Patch Tuesday on Sept. 12 when Microsoft was forced to release for the third time a code execution bug found in Internet Explorer.
The flaw, which exists in the way IE handles long URLs when visiting Web sites using HTTP 1.1 protocol and compression, was flagged by eEye Digital Security, the same company that had its name zapped from the flaw credits when the update shipped for a second time on Aug. 24. The latest bulletin credits eEye with finding the additional bug.
On a more positive note, Microsoft marked the 15th anniversary of its Research division with a look to the future. The way Microsoft sees it, Research today means corporate survival tomorrow.
“I hope that fifteen years from now there will still be the same vibrant environment we have now, where we have been able to build a stable research environment. If we can do this for the next 15 years the sky is the limit. I get surprised every morning by the research that is taking place,” Rick Rashid, Microsoft senior vice president of Research, said at an event at Microsoft headquarters in Redmond, Wash., on Sept. 26.
Microsoft Research has grown to more than 700 researchers at five laboratories worldwide. The researchers also share their findings and new discoveries, having published more than 3,700 academic papers across 55 fields, Rashid said.
At the event, Microsoft Research officials demonstrated a number of cutting-edge technologies that are under development. A technology known as TouchLight is a transparent display that uses computer vision technology to enable new applications in gesture-based user interfaces, video conferencing, augmented reality and ubiquitous computing.
Other demonstrations included using visualization technologies to provide ways to visualize and explore the world, such as combining maps from Windows Live Local with other maps of bus routes or bicycle trails to create entirely new hybrid maps.
Another demo showed streaming intelligence technologies that combine Web services, machine learning and sensors to help mobile devices make useful predictions and inferences, such as helping cell phones decide whether to interrupt users based on whether they’re in an important meeting or simply stuck in traffic.
Send your tips into Microsoft Watch.
If you experience any difficulties with receiving your issues of Microsoft Watch, please click
Microsoft Watch Information
Copyright 2006 Ziff Davis Media Inc. All Rights Reserved. Ziff Davis Media Inc., 28 East 28th Street, New York, NY 10016. The Microsoft Watch newsletter and Code Name Tracker are intended for the individual use of the recipient only, unless licensed. Reproduction in whole or in part without permission is prohibited. Microsoft Watch is an independent publication, not affiliated with or authorized by Microsoft Corporation.