In a surprise move, Microsoft said today it is releasing the reference source code for the .NET Framework libraries, a key step toward opening up the proprietary development platform.
Developers will be able to review and debug .NET source code with Visual Studio 2008 and .NET Framework 3.5. Released under the Microsoft Reference License, developers are able to view, but not modify or distribute, the reference source code.
Read the full Microsoft Takes Step Toward Opening .NET 3.5 Framework
Microsoft expects to release seven security patches with four “Critical” and three “Important” bulletins as part of its upcoming Patch Tuesday release.
The critical patches affect Windows Server Service Packs for 2000 and 2003 versions as well as Internet Explorer, versions 5 through 7 and Outlook Express for Windows 2000, 2003 and Windows XP.
The common thread of the four “critical” patches is their remote code execution (RCE) implications, a risk consideration that has been pretty consistent over the last few patch release announcements. Microsoft suggests using Baseline Security Analyzer to flesh out any potential bugs or problems.
Meanwhile, the three “important” issues are more varied in nature, with two bulletins affecting almost all Windows OS and server versions, including multiple service pack releases of Windows 2000 and 2003, XP and Vista. A third patch is related to Windows SharePoint Services.
The first important bulletin, given its breadth in affecting every Windows OS program, bears watching. That bulletin pertains to the prospect of denial of service attacks, which are attempts to make IT resources unavailable, locking users out of programs and applications.
The second important item deals with spoofs, also known in techie world as “masquerade ball” attacks, where a hacker as a user or malicious program passes his/itself off as another user/program using erroneous data and gaining unwarranted Read and/or Write access. This would affect all OSes except XP and Vista.
The last important patch affects all versions of SharePoint services and remedies concerns over potential elevation of privilege attacks, where malicious users can change profile settings, usurp access configurations and gain greater entry into the system than intended.
Of the total seven bulletins, three will require restarts.
As it does most months, Redmond will also release another update to the Microsoft Windows Malicious Software Removal tool and has plans to release three non-security, high-priority updates on Microsoft Update and Windows Server Update Services and one non-security, high-priority update for Windows on Windows Update.
Although things can still change, Thursday’s advance notification points to a pretty busy Tuesday.
Microsoft on Tuesday in the US released seven security updates with patches for 11 security vulnerabilities, most of which affect the Windows operating system.
The software maker originally planned to release only six security bulletins as part of its monthly patch cycle. However, it added a seventh to deliver a fix for two flaws that affect the Windows Media Format, including one zero-day bug, a company representative said in a statement.
Microsoft also provided a patch for a zero-day vulnerability that affects Visual Studio 2005 developer tools. This security hole was disclosed last month and, contrary to the Windows Media issue, has already been used in cyberattacks, the company said.
However, there were no fixes Tuesday for a pair of known flaws in Microsoft Word that are also being exploited in malicious software.
“While we see Microsoft making an attempt to patch zero-day vulnerabilities, they are still struggling to keep up with the continuous influx of zero-day attacks,” said Amol Sarwate, a research manager at vulnerability management company Qualys. “Microsoft is making a genuine effort. However, users are still exposed to attacks via the unpatched Word vulnerabilities.”
Particulars of patches The Windows Media issues are addressed in bulletin MS06-078, one of three “critical” security updates published by Microsoft on this “Patch Tuesday.” The other high-risk vulnerabilities lie in Internet Explorer and in Visual Studio 2005.
Somebody could exploit the Windows Media flaws by tricking a user into opening a rigged media file or stream, Microsoft said. “An attacker who successfully exploited this vulnerability could take complete control of an affected system,” it said.
Four vulnerabilities in Internet Explorer expose Windows PCs to a similar risk. Somebody could exploit the holes in the Web browser creating a malicious Web site, Microsoft said. None of the IE flaws had been previously disclosed, it said.
Deemed less serious by Microsoft are problems that affect the Windows Simple Network Management Protocol service, the Windows Client-Server Run-time Subsystem and the Windows Remote Installation Services, the company said. These were all rated “important” — one notch less serious than Microsoft’s highest rating of “critical.”
A vulnerability in the Outlook Express mail client was also tagged as “important”.
Though Microsoft rates the SNMP flaw “important”, it should still be considered very serious for business users, said Gunter Ollmann, director of IBM Internet Security Systems’ X-Force unit.
“Although SNMP is not a default service, it is the de facto standard for monitoring critical business assets,” Ollmann said in an e-mailed statement. “Because SNMP uses user datagram protocol, which doesn’t require a handshake, internal attackers can spoof an identity and gain complete control of the network.”
Microsoft offers a summary of its patches on its Web site. The fixes will be delivered via Automatic Updates in Windows and are available on Microsoft’s Web site.
More on zero-day threats security:
Microsoft has announced it will license third-party developers to build applications that have the look and feel of Office 2007 on a royalty-free basis.
The overall concept is to give users the ability to have a common user interface between Microsoft and third-party applications but, if the past is any indication, will also help Microsoft sell Office 2007 in the marketplace. Common UI elements and components means lower training costs and can help customers make an easier transition to the new Office.
High on the list of changes to Office’s interface is the so-called Ribbon that provides users with more contextual control of application operations. But the license also covers other UI features such as galleries and the Mini Toolbar.
Besides the royalty-free license, Microsoft is also going to provide comprehensive design guidelines to help independent software vendors (ISVs) create programs that are consistent with Office 2007, the company said in a statement. However, the company is not licensing any code so ISVs are on their own on that point.
The license will be available as a simple click-through agreement on the licensing Web site, according to Microsoft’s statements.
More information on the royalty-free Office 2007 UI license is available here, although the license itself and the design guidelines have not been posted yet.
Microsoft Corp. has no plans to add a controversial Windows Vista antipiracy feature directly to its Office 2007 suite, but will consider offering it as an add-on system, the company said Tuesday. In an e-mail through its public relations firm, Microsoft said although it has not built its Software Protection Platform (SPP) into Office 2007, it is considering adding it to its Office Genuine Advantage (OGA) Program.
Read the original article here.
Microsoft Office 2007 packs more improvements into the world’s leading application suite than any previous upgrade. For most users, the big question isn’t whether to upgrade but when. Experts, beginners, and corporate users all get major benefits from the upgrade. The only downsides I could find are minor ones that will probably disappear in the first service pack. Once you get past the few minutes needed to navigate the new Ribbon interface, you’ll wonder why Microsoft waited so long to get so many things right. The code has been released only to manufacturers. Enterprise customers should be able to download the software by November 30, and boxes should hit the shelves early next year.
The Ribbon interface gives quick access to dozens of features that used to be hidden behind labyrinthine menus, and it also displays even quicker keyboard shortcuts. Microsoft Outlook finally gets built-in indexing and RSS feeds. The SmartArt graphics engine makes dazzling organization charts, pyramid charts, and other visuals for displaying verbal data. Corporate users get access to server-based slide libraries, collaborative workspaces for storing and sharing documents, and improved document-security and document-comparison features.
A new, fully documented XML-based document format gets our vote for doing away with openings to macro viruses. Our hats go off to Microsoft also for eliminating the usual headaches of sharing files among versions. And good news for those who’re making the change but have to work with others who aren’t: When a user of an Office 2003 setup (with all recent updates) double-clicks on an Office 2007 file for the first time, a prompt offers to download a converter package that lets the 2003 version open and save files in the new format. It’s a large download (about 27MB) but a vital one, and the filters work as expected.
The new interface doesn’t force you to rethink the underlying logic of your work, because Word, Excel, PowerPoint, Outlook, Publisher, Access, Project, InfoPath, Visio, and OneNote all work basically as they did before—only more easily. Word, Excel, PowerPoint, and Outlook are the only programs to get the full interface upgrade. Actually, Outlook gets the new interface upgrade only in its content-creation screens.
The new suite feels right from the start. I tested some massively complex Word and Excel files from earlier versions, and they opened quickly and without formatting or other hiccups. When you click in different parts of a document such a table or chart, the interface responds instantly with options that you need, and a right-click brings up a menu of the formatting and other options that you almost certainly wanted. The new slider bar for zooming in and out appears in the lower window border and becomes addictive the first time you use it.
Different versions of Office 2007 come with different application sets, ranging from a Basic version limited to Word, Excel, and Outlook, to an Enterprise version with everything. A new addition is the easily managed collaborative workspace software Groove 2007, which lets groups of users create menus of shared documents and messages. OneNote also gets shared access to the unstructured information formerly available only to single users. FrontPage is history, replaced in high-end Office packages by SharePoint Designer, a site editor for corporate-scale SharePoint collaboration services. We won’t miss FrontPage because a sleek, up-to-date standalone Web site editor—Microsoft’s Expression Web—is now in late beta.
Thanks to the new interface, features such as fonts and page margins are blissfully easy to manage through galleries of prebuilt settings. Similar galleries give instant access to new features such as spreadsheet cells that automatically display chart-style color bars. If you’re starved for editing space, Ctrl-F1 hides the ribbon entirely. Word also gets a real-time word count—something editors and writers have wanted for years. The ribbon still has some annoying wrinkles, such as the bafflingly illogical placement of macros on Word’s View menu. Unlike the menu-modifying features in Office 2003, the new version doesn’t offer any built-in and easy way to modify the XML file that defines the Ribbon, although you can expect third-party and Microsoft tools to arrive soon.
Outlook’s new To-Do Bar gives a one-glance list of pending tasks, and Outlook can now send text messages to phones and PDAs via four cooperating mobile services (expect more to sign up later). Outlook also lets you access and modify shared calendars, contacts, and tasks stored on a SharePoint server. Word includes a convenient building-blocks feature for reusing items such as boilerplate text and cover pages, plus a simple interface for posting to blogs. Excel’s charting adds subtle colors, and pivot tables are easier than ever. An Excel spreadsheet can be posted in HTML format on a SharePoint server and dynamically modified in a Web browser. PowerPoint can include slides stored on a server, and the slides in your presentation can be updated to match the version on the server.
After strolling up the easy learning curve for the new interface, I found Office 2007 smoother and clearer than any earlier version, with surprisingly few wrinkles still waiting to be smoothed out—for example, the different ways in which applications support server-based libraries of reusable material, and the lack of customization tools for the interface. Office 2007 is Microsoft’s finest hour in a very long time. I hope the upgrade from Windows XP to Vista can be as smooth as the upgrade from Office 2003 to 2007.
Individual Office Apps
Microsoft Word 2007
Pros: Galleries of standard layouts combined with the ribbon interface make formatting tasks easier than ever. Improved document comparisons. Privacy controls instantly remove revisions and other metadata.
Cons: Non-experts will still be baffled by Word’s obscure inner logic (copy/paste produces different results depending on whether you copy the normally invisible paragraph mark; document “sections” and “fields” remain confusing).
Bottom line: Some annoyances remain, but almost everything in Word 2007 is clearer, easier, and better.
Microsoft Excel 2007
Pros: Dazzling new graphics and charting, with dozens of advanced features easily accessible from the ribbon. Better visual feedback for complex features such as pivot tables. Million-row spreadsheets support massive datasets.
Cons: None of significance.
Bottom line: Excel 2007 is as fast and powerful as ever, with vastly increased capacity and new graphics that convey information, not just style.
Microsoft Outlook 2007
Pros: Full indexing for messages. New ribbon interface for message-handling. RSS, voice mail, and SMS options. Tightly integrated shared calendars, contacts, and tasks.
Cons: Still slightly overwhelming. Less powerful than Act in contact management. Time-zone handling still problematic.
Bottom line: The best overall business-level messaging and contact software, though probably too big for personal and casual users.
Microsoft PowerPoint 2007
Pros: SmartArt diagramming represents a quantum leap in slide design and overall impact. Shared slide libraries promote up-to-date consistency across an organization.
Cons: Requires third-party add-ins for advanced video-based features.
Bottom line: We sometimes wish presentations would disappear altogether, but PowerPoint 2007 does them better than anything else.
Random Programming Tips 