Microsoft has confirmed a bug in Internet Explorer in which, if you visit a malicious website, and then press the F1 key for help, the malicious website can use VBScript to execute code on your machine.  It’s a potentially disastrous vulnerability, but one fairly well mitigated by the fact that hardly anyone really needs help using the internet.  Without the user opening up Internet Explorer’s help file, this particular security hole is no threat at all.

Further mitigating this remote execution IE vuln is that only versions of Windows which support IE’s Enhanced Security Configuration are affected.  Meaning that Windows 2000 (Win2K), Windows XP (WinXP), and Windows Server 2003 are vulnerable.  Where as Windows Vista, Windows 7, and Windows Server 2008 are not.  At least not typically.  Whether or not the Enhanced Security Configuration can be turned off, and if anyone has actually done this is another matter.

When we’ll ever see a fix, that’s anyone’s guess.  In the mean time, just don’t press F1 while using Internet Explorer.  Especially if a website tells you to.

Aw, heck, who are we kidding?  Just don’t use Internet Explorer!

Microsoft has announced its intent to end its support for those versions of Windows which users have not upgraded to their latest service packs.  Specifically, Windows Vista without any service packs will no longer have support after April 13th, 2010.  Windows XP with only Service Pack 2 (WinXP SP2) will likewise have its service terminated on the 13th of July, 2010.  As will any version of Windows 2000 (Win2K).  Also on the 13th of July, Microsoft is moving Windows Server 2003 from mainstream support to extended support, meaning that only the security updates will remain free and everything else will cost money to get help from Microsoft.

“Microsoft believes it is important that all customers take action prior to the end of support date, not only so that they know their options and can prepare, but also to ensure their environments are as secure as possible.”

Obviously, in most cases anyway, simply installing the latest service pack will allow you to continue to enjoy support from Microsoft.  It’s easy.  It’s free.  You really should do it.  For more information from Microsoft on how to upgrade to your latest service pack, look here.

Microsoft researchers claim to have found one possible cause of the Patch Tuesday BSOD nightmare assaulting a hefty number of Windows XP users who applied the MS10-015 patch.  The culprit?  A rootkit.  The Tdss rootkit to be exact.  Though Microsoft isn’t so quick to nail all of the problems upon that single piece of malware.

“In our continuing investigation into the restart issues related to MS10-015 that a limited number of customers are experiencing, we have determined that malware on the system can cause the behavior. We are not yet ruling out other potential causes at this time and are still investigating.”

Still, it’s nice that we even have this much of an answer.

Fortunately only this one update from the baker’s dozen of this last Patch Tuesday is causing problems.  The rest of them can safely be installed.

And if you happen to have the infinite reboot loop caused by MS10-015, Microsoft would love to have a memory dump from you.  At least, assuming, you can find some way to actually grab that memory dump between the constant rebooting…

Okay, so the warning is a little late, but still may save someone.  Microsoft’s latest Patch Tuesday included update MS10-015, which since has rendered some Win XP boxes BSODed into a never-ending reboot loop.  Even booting up into Safe Mode doesn’t seem to fix it because it’s a kernel bug.

If you’re infected with Microsoft’s latest security vulnerability fix and your Windows XP box is now a  brick, your only hope is to have backed up before the patch was thrust upon you.  Though it is possible that some Windows CD/DVD recovery trickery may be able to help uninstall the Patch Tuesday updates.

We already know that Apple was having a lot of issues with their 27 inch iMacs this Christmas. So how are they coming along with that?  Turns out, not so good.

Two months on and Apple is still up S___t Creek.  And it’s gotten so bad that they’re now offering full refunds plus fifteen percent!

Oops.

It seems that even though a firmware update now theoretically fixes flickering problems (though thorough testing remains to prove it so) there are still yellow screen problems, and supply is still far short of demand.

But it’s not just Apple with their head firmly wedged up their behind.  Microsoft is buggering up as well.  As usual.  Good ‘ol Microsoft…

First, Windows 7 is shortening the battery lives of a lot of laptops out there, of perfectly good batteries, sometimes from 2 1/2 hours under Windows XP down to a mere 1/2 hour on Windows 7!  The problem?  A new feature that warns you if your battery needs replacing … needs replacing.  The “consider replacing your battery” warning is, apparently, very much in need of more work.  Microsoft is claiming that the problem is in the way that it reads system firmware, and that they “are investigating this issue in conjunction with our hardware partners.”

Uh huh.

But that ain’t all.

Because what would Microsoft be without Yet Another Internet Explorer Bug Of Doom?

Yes, that’s right folks.  As if the last IE bug wasn’t bad enough.  Now we’ve got one more, and it has been described as the “public file server” bug.  Why?  Well simple, because anyone running Windows without Protected Mode turned on (or in the case of older versions like Windows XP that don’t have Protected Mode) and surfing the web with IE – any version of 6, 7, or 8 – have essentially handed their PC over to hackers to use as a public file server, giving free access to any file that you already know the filename of if you visit a malicious website while this vuln remains unfixed.  Talk about a security nightmare!

Of course, according to Microsoft, this is merely an “Information Disclosure” bug.

Do you still use Internet Explorer?