But Wait, There's More

Microsoft Issues Patches for Windows XP, Server 2003

Microsoft last week released two new security patches for Windows XP and Windows Server 2003 that were given the "moderate" severity rating by the software giant. The first patch fixes vulnerability in Microsoft's DirectPlay API (which is used for supporting multiplayer network games) that could open computers to a denial-of-service attack. The second patch addresses a "directory traversal" vulnerability within Business Objects' popular Crystal Reports software that could expose users of Microsoft's Visual Studio .NET 2003, Outlook 2003 with Business Contact Manager, and Microsoft Business Solutions CRM 1.2 to information loss or a denial-of-service attack. For more information, or to download the security patches, go to www.microsoft.com/technet/security.

No Patches Yet for Two New 'Extremely Critical' Vulnerabilities in IE 6.0

Security researcher Secunia last week documented two new "extremely critical" vulnerabilities in Microsoft Internet Explorer 6.0 that could give attackers control over affected computers. The vulnerabilities include a variation of the "location:" local resource access vulnerability and a cross-zone scripting error that can be exploited to execute files in the "local machine" security zone, the security firm says. Even PCs that are up to date on patches are vulnerable to the two new exploits, which, Secunia says, are being used to load adware onto victims' computers when they are tricked into clicking a malicious HTML document or URL. Microsoft, which issued its monthly batch of security patches last week, is reportedly aware of the new vulnerabilities and is considering its response.

Microsoft Research Shows Off New Worm 'Shield'

Microsoft's research and development workers are reportedly working on a new software "shield" that could protect computers from worm attacks soon after a vulnerability is discovered and before patches have been released. During the recent Microsoft Research Road Show 2004 stop in Northern California, company researchers showed off their new shield technology, which blocks Internet traffic to and from applications that are susceptible to a worm attack, vnunet reports. The shield apparently can be automatically installed when a new worm threat surfaces, therefore giving computer users much needed protection during the vulnerable period after a threat has been identified but before Microsoft has released a patch. Another advantage of the shield is that it does not affect the operating system or the application, the report says, but it also sucks up resources, which is a downside. The shield, which is still in development and is not yet slated for commercial release, could block up to 90 percent of new worm attacks.

Microsoft Seeks a Few Good Ideas for 'Longhorn'

Do you have a groundbreaking new idea for Longhorn, the oft-delayed next release of Microsoft's Windows Server operating system? Perhaps you have a way to improve the distribution of patches or the handling of licenses across a large network? If you have any good ideas for Longhorn, Microsoft wants to hear about them on its Windows Server Feedback Web site. As a reward for filling in some information about yourself and your organization, you can choose to participate in a variety of activities such as online surveys about Longhorn Server and volunteering for beta testing.

Lloyd's of London Taps Unisys for Services Contract, New Servers

Lloyd's of London has signed a contract with enterprise Windows server vendor Unisys to update and manage the legendary insurer's IT infrastructure. The five-year agreement, which could be worth upward of $17 million, calls for Unisys to provide support for about 1,400 desktop computers and 200 servers through two Managed Services Centres, one located in Milton Keynes, England, and the other in Schiphol, The Netherlands. As part of the outsourcing contract, the $26 billion insurer expects Unisys to make its IT infrastructure transparent, secure, and flexible, and to deliver a consistent user experience for Lloyd's employees. In a separate transaction, Lloyd's purchased two new Unisys ES7000 servers, which, the company indicates, will be used for server consolidation.

Adobe Announces New 'LiveCycle' Electronic Document Management Software

Adobe has been hinting it would like to break into the enterprise document management space, and last week it took one step closer to that reality with the announcement of LiveCycle, a collection of Java-based software server products that use XML to pull data residing on back-end enterprise applications and deliver it as malleable, "intelligent" PDF documents. The LiveCycle products are key components of Adobe's Intelligent Document Platform, which has three components: the "intelligent" document (the PDF), the universal client (Adobe's free Acrobat Reader), and document services, which is where the LiveCycle software comes in. Several Adobe software server products made it into its LiveCycle lineup, including Adobe Designer, Form Server, Form Manager, Reader Extensions Server, Bar-coded Paper Forms Solution, as well as two new products, Document Security Server and Policy Server (Policy Server will be available later in the year). These Java applications require a Web application server, and Adobe prefers you use the WebSphere server from its partner IBM, running on Windows, Unix, AIX, or Linux operating systems. LiveCycle support for BEA Systems' WebLogic Web application server and Novell's SuSE Linux operating system will be delivered in 2005.