A brief blog here about the release of Service Pack 3 for Windows XP.

You can find several articles online about this, however our resident blogger Corrine has an article crammed with info at her blog Security Garden:

• Windows XP SP3 Released - article by Security Garden

You can also find several posts about this from around the world which we feed into our NewsBot Centre:

• Windows XP Service Pack 3 and IE
• Microsoft Releases Windows XP Service Pack 3

Incidently we have had several reports from our forum members of some troubles. They’ll be researched and passed on to the relevant bodies. In the meantime if you have had trouble with SP 3 for XP or IE sniggers, then go and discuss it in our forum here.

After reading Sandi’s blog post yesterday — posted while she is on Holiday — I kept refreshing the IE Team Blog watching for the announcement of the re-release of IE7 for Windows XP. The announcement was finally made this morning {bold added in the quote}:

“Because Microsoft takes its commitment to help protect the entire Windows ecosystem seriously, we’re updating the IE7 installation experience to make it available as broadly as possible to all Windows users. With today’s “Installation and Availability Update,” Internet Explorer 7 installation will no longer require Windows Genuine Advantage validation and will be available to all Windows XP users. If you are not already running IE7, you can get it now from the Internet Explorer home page on Microsoft.com, get a customized version from a third-party site, or, if you haven’t already received it via Automatic Updates, this version will be delivered to you as we described previously. If you are already running IE7, you will not be offered IE7 again by Automatic Updates.

Additionally, we’ve made minor changes to IE7 for Windows XP based on customer feedback:

• The menu bar is now visible by default.
• The Internet Explorer 7 online tour has updated how-to’s. Also, the “first-run” experience includes a new overview.
• We’ve included a new MSI installer that simplifies deployment for IT administrators in enterprises. Learn more about it here.

Thanks,

Steve Reynolds
Program Manager”

Actually, I think this bears repeating: “Internet Explorer 7 installation will no longer require Windows Genuine Advantage validation and will be available to all Windows XP users.” With this change, even if you do not have WGA installed, there is no excuse now for Windows XP users not upgrade to IE7. Do it today to take advantage not only of the additional security features, but the other major improvements to Internet Explorer.

Before installing IE7, please see the instructions for Preparing for and Installing IE7.  If you have any questions or concerns before installing IE7, post your questions/concerns in the Microsoft Windows ® (98 - ME - 2K - XP - Vista) Forum.

Remember - “A day without laughter is a day wasted.”
May the wind sing to you and the sun rise in your heart…

As was reported in How Windows Update Keeps Itself Up-to-Date Microsoft customers who use the Windows Update received an update to the service. Unfortunately, this change has affected customers who repaire their systems using a Windows XP CD. This method or repairing the system replaces all system files (including Windows Update) on the machine with older versions of those files and restores the registry.

The problem, as explained by Nate Clinton (Program Manager, Windows Update) is

“the latest version of Windows Update includes wups2.dll that was not originally present in Windows XP. Therefore, after the repair install of the OS, wups2.dll remains on the system but its registry entries are missing. This mismatch causes updates to fail installation.”

If you are affected, contact Product Support Services. In the U.S. and Canada, help with security update issues or viruses can be obtained at no charge using the PC Safety line (1-866-PC-SAFETY). For locations outside the U.S. and Canada, go to http://support.microsoft.com/security for the number in your area.

See the blog post by the Windows Update Team and Microsoft Knowledge Base Articles:

• KB 943144: Updates are not installed successfully from Windows Update, from Microsoft Update, or by using Automatic Updates after you repair a Windows XP installation

• KB 916259: The Windows Update Web site and the Microsoft Update Web site do not scan for updates when you repair a failed installation of Windows XP Service Pack 2 or of Windows XP Service Pack 1

Care to discuss Windows Update, this issue or similar topics? Discuss it with us in the forum topic.

Remember - “A day without laughter is a day wasted.”
May the wind sing to you and the sun rise in your heart…

There was a brief outage Friday evening into Saturday (24-25 August 2007) of the Microsoft Windows Genuine Advantage (WGA) server where Windows Vista validations were failing on genuine systems. The issue has been resolved and anyone affected needs to re-validate, followed by a shutdown/restart to ensure the genuine features have been restored.

Windows Genuine Advantage blog post:

“We’ve been receiving reports on our forum and through customer service starting last night that Windows Vista validations have been failing on genuine systems. It looks now as though the issue has been resolved and validations are being processed successfully.

Customers who received an incorrect validation response can fix their system by revalidating on our site (http://www.microsoft.com/genuine). We encourage anyone who received a validation failure since Friday evening to do this now. After successfully revalidating any affected system should be rebooted to ensure the genuine-only features are restored.”

We hope you didn’t run into this problem.  Discuss Windows Vista Validation problems in our fourm.

Corrine

Remember - “A day without laughter is a day wasted.”
May the wind sing to you and the sun rise in your heart…

As reported by the FBI:

“For Immediate Release
DATE: July 23, 2007

INTERNATIONAL INVESTIGATION CONDUCTED JOINTLY BY FBI AND LAW ENFORCEMENT AUTHORITIES IN PEOPLE’S REPUBLIC OF CHINA RESULTS IN MULTIPLE ARRESTS IN CHINA AND SEIZURES OF COUNTERFEIT MICROSOFT AND SYMANTEC SOFTWARE

A joint investigation conducted by the FBI and authorities with the People’s Republic of China’s (PRC) Ministry of Public Security (MPS) has resulted in multiple arrests and the seizure of more than a half billion dollars worth of counterfeit software, announced J. Stephen Tidwell, Assistant Director in Charge of the FBI in Los Angeles, and Steven Hendershot, the FBI’s Legal Attache in Beijing, China.

The operation, codenamed “Summer Solstice,” began in 2005 and since then, law enforcement in both countries have worked closely by sharing information to jointly investigate multinational conspiracies by groups who manufacture and distribute counterfeit software products around the world. This unprecedented cooperative effort led to the arrest of twenty five individuals, the search of multiple businesses and residential locations, asset seizures by the Chinese government worth over $7 million, and the seizure of over 290,000 counterfeit software CDs and COAs (certificates of authenticity) in China. The counterfeit software has an estimated retail value of $500 million. In addition, Agents with the FBI’s Los Angeles Field Office executed 24 searches and asset seizure warrants, yielding approximately $2 million in counterfeit software products, in addition to assets seized by the U.S. government worth over $700,000.

Operation Summer Solstice encompasses multiple investigations currently being conducted by the FBI in Los Angeles and the MPS, Economic Crime Investigation Department (ECID), in which criminal organizations responsible for manufacturing and distributing counterfeit software have been identified in both Shanghai and Shenzhen; as were distributors located in the United States.

As much as I protested WGA (Windows Genuine Advantage) being added to Windows XP, I have no objections to it being included as a part of Windows Vista. My reasoning? WGA was not part of XP when the license was purchased and the initial software caused many headaches. However, with a brand new operating system in Windows Vista, it is known that WGA is included from the start.

Complete report at Federal Bureau of Investigation.
Via Todd Bishop’s Microsoft Blog
Discuss it here with us.

Remember - “A day without laughter is a day wasted.”
May the wind sing to you and the sun rise in your heart…

Microsoft Announced an enhanced set of privacy principles for Live Search and online advertising data collection, use and protection. Microsoft’s intention is to

“implement new privacy features and practices as it continues to develop its online services and offer new controls that help users manage the types of communications they receive from Microsoft.”

I selected some of the key features from the announcement that caught my attention. For example, later this year, Microsoft plans to offer advertising services to third-party Web sites. Under the enhanced privacy, customers will have the ability to opt out of the behavioral ad targeting by Microsoft’s network-advertising service on those Web sites.

There will be specific policies around search query data and Microsoft will be explicit with customers about how long the company retains search terms in an identifiable way as well as informing people when and how to “anonymize” such data.

Following Google and others, Microsoft will make all Live Search query data anonymous after 18 months, unless the company receives user consent for a longer time period. According to the announcement, the policy will be both retroactive and worldwide. It will include removal of cookies and IP Address connected with search terms.

Another important feature change is the storage of store Live Search service search terms separately from account information. With so many “Live” features requiring a Hotmail/Live email address, it is reassuring the personal data associated with that account will not be tied to other services.

See the Press Announcement for complete information. Plus discuss it here with us!

Remember - “A day without laughter is a day wasted.”
May the wind sing to you and the sun rise in your heart…

In May I reported about this Malware Protection Center which Microsoft have come up with.

On time, it is finally out of beta and in full working mode. What are your opinions about this now it’s launched? Tell us here.

Well yes! I’ve been too busy with other matters, but just realised that this needs to be blogged as it’s very important!

Yesterday a fellow security buddy of mine tested a flaw that has been making the rounds lately … well since sunday to be precise. What flaw I hear you ask? This one!

“Microsoft Tuesday fixed a bug in its Windows Live ID registration that let users deceptively register a false e-mail address.

The false e-mail address could then be used as an ID for Microsoft’s Live Messenger program, which could trick users into thinking they are chatting with someone who is not whom he appears to be, such as steveballmer@microsoft.nl.”

We tested this whilst I was logged into my Windows Live ID. Even Chris Boyd has been getting reports about it over at his blog.

Be on the alert if someone adds you using @microsoft.nl to Windows Messenger or if an e-mail pops up in your Inbox/Junk Box. It is more than likely a scammer! Chat about it here.