Tag Archives: edpicks

Microsoft slates critical IE, Windows patches for Tuesday

One month left for businesses to migrate from Windows 8.1 to Windows 8.1 Update

Microsoft today said it will ship six security updates to customers next week, patching all versions of Internet Explorer (IE) and nearly all supported editions of Windows.

The IE update, one of two classified as “critical” — Microsoft’s most serious threat ranking — will patch IE6 on Windows Server 2003, IE7, IE8, IE9, IE10 and the newest, IE11.

It’s unlikely that July’s IE update will match June’s in size: Microsoft fixed a record 60 flaws in the browser on June 10. (Originally, Microsoft said it had patched 59 IE bugs last month, but a week later acknowledged it had forgotten to add one to the list, and so upped the count to an even 60.)

Windows 7 users who have not freshened IE11 with a mandatory April update will not receive next week’s browser fixes.

According to Thursday’s advanced notice, which briefly described the July updates, the second critical bulletin will patch all client editions of Windows — from Vista to Windows 8.1 — and all server versions except for those running on systems powered by Intel’s Itanium processors. Windows Server 2008 and Server 2012 systems provisioned by installing only the Server Core — a minimal install with many features and services omitted to lock down the machine — are also exempt from Bulletin 2, Microsoft said.

Of the remaining four updates, three were labeled “important” by Microsoft — the threat step below critical — while the fourth was pegged “moderate.” All will offer patches for some or all Windows editions, both on the desktop and in the data center.

Security researchers pointed to the two critical bulletins as the obvious first-to-deploy for most Microsoft customers.

They also remarked on Bulletin 6, the single moderate update, which will patch Microsoft Service Bus for Windows Server. The bus is a messaging and communications service that third-party developers can use to tie their code to Windows Server and Microsoft Azure, the Redmond, Wash. company’s cloud service.

“The odd one out this month is the Moderate Denial of Service in ‘Microsoft Service Bus for Windows Server,'” said Ross Barrett, senior manager of security engineering at Rapid7, in an email. “It’s part of the Microsoft Web Platform package and is not installed by default with any OS version.”

Although Microsoft did not mention it in today’s advance notice, or in the blog post by the Microsoft Security Response Center (MSRC), enterprises have one more month to deploy April’s Windows 8.1 Update and Server 2012 R2 Update before losing patch privileges for devices running Windows 8.1 or servers running 2012 R2.

Hardware powered by Windows 8.1 or Server 2012 R2 must be updated before Aug. 12, the next scheduled Patch Tuesday, to receive that month’s updates, as well as any future security fixes.

Or in some cases, even present patches, said Chris Goettl, a program product manager at Shavlik, in an email.

“One thing to watch out for [next week] will be [something similar to] the many exceptions we saw last month,” Goettl cautioned. “Many of the updates we saw in June required other updates to be in place, depending on the platform. For those running Windows 8.1 or Server 2012 R2, they need to be prepared for more of these updates to require Update 1 before they can apply them. Microsoft has stated they would delay a hard enforcement until August, but more and more of the patches [have] had variations that required Update 1. So look out for that cut over — it’s coming quick.

 


MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCP Training at certkingdom.com

 

 

Windows XP hack resurrects patches for retired OS

But security researcher who tried the hack isn’t sure the fixes will actually keep exploits at bay

A simple hack of Windows XP tricks Microsoft’s update service into delivering patches intended for a close cousin of the aged OS, potentially extending support for some components until 2019, a security researcher confirmed today.

What’s unclear is whether those patches actually protect a Windows XP PC against cyber criminals’ exploits.

The hack, which has circulated since last week — first on a German-language discussion forum, then elsewhere as word spread — fools Microsoft’s Windows Update service into believing that the PC is actually running a close relation of XP, called “Windows Embedded POSReady 2009.”

Unlike Windows XP, which was retired from security support April 8 and no longer receives patches, Embedded POSReady 2009 is due patches until April 9, 2019.

As its name implies, POSReady 2009 is used as the OS for devices such as cash registers — aka point-of-sale systems — and ATMs. Because it’s based on Windows XP Service Pack 3 (SP3), the last supported version of the 13-year-old OS, its security patches are a superset of those that would have been shipped to XP users if support was still in place. Many of POSReady 2009’s patches are similar, if not identical, to those still offered to enterprises and governments that have paid Microsoft for post-retirement XP support.

Jerome Segura, a senior security researcher at Malwarebytes, an anti-malware software vendor, tried out the hack and came away impressed.

“The system is stable, no crashes, no blue screens,” Segura said in an interview, talking about the Windows XP virtual machine whose updates he resurrected with the hack. “I saw no warnings or error messages when I applied patches for .Net and Internet Explorer 8.”

The Internet Explorer 8 (IE8) update Segura applied appeared to be the same one Microsoft released May 13 for other versions of Windows, including POSReady 2009, but did not deliver to Windows XP.

But although he has run the hacked XP for several days now without any noticeable problems, he wasn’t willing to give the trick a passing grade.

“[POSReady 2009] is not Windows XP, so we don’t know if its patches fully protect XP customers,” Segura said. “From an exploit point of view, when those vulnerabilities are exploited in the wild, will this patch protect PCs or will they be infected? That would be the ultimate proof.”

Microsoft, not surprisingly, took a dim view of the hack.

“We recently became aware of a hack that purportedly aims to provide security updates to Windows XP customers,” a company spokesperson said in an email. “The security updates that could be installed are intended for Windows Embedded and Windows Server 2003 customers and do not fully protect Windows XP customers. Windows XP customers also run a significant risk of functionality issues with their machines if they install these updates, as they are not tested against Windows XP.”


 

Best Microsoft MCTS Training – Microsoft MCITP Training at Certkingdom.com

 

Amazon posted 16,100 IT jobs last year, tops in U.S.

Service firms, tech vendors and Best Buy also among top posters of U.S. IT job ads

The employer with the most IT job postings last year was Amazon.com, with 16,146 ads, exceeding most other IT firms by a wide margin, according to a new report.

The three top runners-up in 2013 U.S. job postings were Accenture, at 14,240 and Deloitte, at 13,077 job ads, according to CompTIA’s annual IT Industry Outlook report.

Accenture, recently hired by the U.S. government to be the new lead contractor for the troubled Healthcare.gov web site, and Deloitte, are IT services firms. Amazon recently won a contract with the CIA to develop a compute cloud. It has been hiring IT staff with security clearances.

CompTIA based the report on data from Burning Glass Technologies in Boston, which analyzes online job postings from approximately 32,000 jobs sites.

Microsoft had the fourth most IT job postings at 12,435, followed by Best Buy with 10,725 job ads, and IBM at 10,221, according to CompTIA, a trade association that also runs a professional certification program.

Best Buy’s IT hiring may be due to its computer user support and Geek Squad operation, said Matthew Sigelman, the CEO of Burning Glass.

Sigelman said Best Buy’s hiring also represents the growing importance of “middle skill” IT jobs, or those that don’t necessarily require a bachelor’s degree. Last year, Burning Glass saw about 200,000 job ads in IT that did not require a bachelor’s degree, he said.

“For those who don’t have a corporate help desk to turn to, in many cases they are turning to Best Buy and Staples,” said Sigelman.

Burning Glass de-duplicates the job postings, and then uses text analytics to read each job posting and mine out the particular skills employers are looking for, including educational credentials, and certifications, said Dan Restuccia, the firm’s director of applied research and communications.

Rounding out the top 10 in CompTIA’s listings are General Dynamics, 9,705; Science Applications International Corp., 7,146; Lockheed Martin, 6,995; Hewlett-Packard, 6,923.

Both HP and IBM have been laying off employees as well as hiring.

CompTIA warns that not all the posting lead to new hires, and companies may hire internally, outsource the work, postpone the hire or withdraw the job postings.

Using online job postings to assess what’s going on is something The Conference Board does as well, although its monthly report tracks hiring across all industries. The Conference Board recently reported that advertised vacancies were up 125,600 in December to 5.3 million, but government labor data said the economy only added 74,000 jobs in December.

In its forecast for the year ahead, CompTIA predicts a worldwide IT industry hiring growth rate of 3.4% with upside potential of 5.9%. Its survey found that mid-sized IT firms will be more aggressive in hiring for both technical and non-technical positions.

 


 

MCTS Training, MCITP Trainnig

Best comptia A+ Training, Comptia A+ Certification at Certkingdom.com

Microsoft dings Ballmer’s bonus over Windows 8, Surface RT struggles

The penalty is equivalent to half the cost of a cup of coffee at McDonalds to the average American

Microsoft’s board of directors reduced outgoing CEO Steve Ballmer’s bonus for the 2013 fiscal year, citing poor performance of Windows 8 and the $900 million Surface RT write-off, according to a filing with the U.S. Securities and Exchange Commission.
Microsoft CEO Steve Ballmer
Microsoft CEO Steve Ballmer (Photo: Microsoft)

The Redmond, Wash., company’s proxy statement spelled out the salaries and bonuses of several of its top executives, including Ballmer, new Chief Financial Office Amy Hood and Chief Operating Officer Kevin Turner, as well as now-departed managers such as former CFO Peter Klein and Office chief Kurt DelBene.

Microsoft paid Ballmer $697,500 in salary and awarded him a $550,000 performance bonus, for a total of $1.26 million for fiscal year 2013.

The bonus was less than Ballmer could have earned.

“Our Board of Directors approved an Incentive Plan award of $550,000 which was 79% of Mr. Ballmer’s target award,” stated the proxy. One hundred percent of the target would have been $696,000.

The 79% was considerably lower than Ballmer’s comparable number for the 2012 fiscal year, when he was granted a bonus representing 91% of his target.

Microsoft’s board cited both company wins and losses under Ballmer’s stewardship, but the latter included some failures that were the root of its bonus decision.

“While the launch of Windows 8 in October 2012 resulted in over 100 million licenses sold, the challenging PC market coupled with the significant product launch costs for Windows 8 and Surface resulted in an 18% decline in Windows Division operating income,” the proxy noted. “Slower than anticipated sales of Surface RT devices and the decision to reduce prices to accelerate sales resulted in a $900 million inventory charge.”

Some analysts have speculated that the $900 million write-off was the proverbial straw that broke the board’s back, and triggered Ballmer’s ouster. In an interview with the Wall Street Journal last week, however, John Thompson, the lead independent director and the head of the committee in charge of the search for a new chief executive, backed Ballmer’s explanation for his sudden retirement: He did not want to remain in the job through the long course correction to a “devices-and-services” strategy.

The proxy statement’s commentary on the strategy change, as well as the corporate reorganization announced in July, was Ballmer-neutral. “The company continued to make progress in its devices and services strategy,” the filing read.

Last year, Ballmer’s bonus was pegged at 91% of his target as the board ticked off several issues during that fiscal year, including a 3% decline in revenue for the Windows and Windows Live Division, and a fiasco where Microsoft failed to offer a browser choice screen to Windows 7 customers in the European Union.

Ballmer’s 2013 bonus of 79% was an even lower percentage than that of Steven Sinofsky last year. Then, the former Windows chief — who was ousted in November 2012 — received 90% of his target award, even though he, like Ballmer, was cited as responsible for the EU browser choice screw-up.

Other top-tier executives received 100% or more of their target bonuses for 2013.

Kevin Turner, the COO, received a cash award of $2.1 million, or 100% of his target, and Satya Nadella, who now leads the Cloud and Enterprise group, received $1.6 million, or 105% of his target. Amy Hood, the new CFO, was handed $457,443, 100% of her target incentive, and as part of her promotion, received a stock award in May of 103,413 shares that will vest over the next three years. At Thursday’s closing price, those shares had a paper value of $3.5 million.

In total compensation for the 2013 fiscal year, Turner remained Microsoft’s highest-paid executive at $10.4 million, down slightly from 2012’s $10.7 million.

Eight of the company’s top executives, including Turner and Hood, were handed additional stock grants Sept. 19, the same day Microsoft announced a retention bonus designed to keep upper management from jumping ship during the CEO search. Turner, for example, received grants currently worth $20.3 million. Hood’s award was valued at Thursday’s closing bell at nearly $3.9 million.

No one should cry for Ballmer’s lowered bonus: According to the proxy, he controls 4% of the company, with stock holdings worth $11.3 billion at Thursday’s price. Only co-founder and chairman Bill Gates holds more: 4.5%, or $12.8 billion.

The $146,000 that Ballmer did not get in his 2013 bonus is literally pocket change to the billionaire. The amount represented 0.0013% of Ballmer’s Microsoft holdings, and an even smaller percentage of his total wealth. To put that into perspective, 0.0013% of $42,693, the U.S. per capita personal income in 2012, is 55 cents, or just over half the price of a coffee from McDonalds “Dollar Menu.”

Ballmer and Gates are both on the directors slate for re-election next month when Microsoft hosts its shareholders meeting.

According to a report by the Reuters new service earlier this week, some of Microsoft’s biggest investors have urged the board to push Gates out of the chairman’s role because they are concerned he will block the board from making drastic changes and handcuff the new CEO to the devices-and-services strategy, which they question. Gates is also on the special search committee tasked by the board to recommend Ballmer’s replacement.


MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

 

 

Few use tablets to replace laptops

Workers still see value in laptops for running most critical apps, IDC survey says

Many new tablets, including the new Kindle Fire HDX, are marketed as ways to create documents and other content for work-related tasks, instead of purely for home consumption of video and games.

Even with the focus on workplace productivity, a new survey shows that only 8.7% of tablet buyers want to use the tablet as a replacement for their laptops. The same survey by IDC found that 58.5% of respondents bought a tablet to use in addition to a laptop, and not as a replacement.

The online survey was conducted in April and included 299 U.S. consumers. All of them were 18 or older.

The results might have been different if the survey included younger tablet users, ages 17 and under, since that group has grown up with tablets since the first iPad went on sale in 2010, said Tom Mainelli, an IDC analyst and author of a report on the survey.

“The younger generation has different sentiments about phones and tablets and how useful they are,” Mainelli said in an interview.

Still, he said the finding that only 8.7% found a tablet as a replacement for a laptop was a surprise. “When we ask that question again in a year, I’d expect you will see a growing percentage view a tablet at least as possibly replacing a laptop,” Mainelli said.

“A huge percentage of people still see a lot of value in a laptop for one kind of app or service they use on it,” he added. “Would they want to do their taxes on a tablet? They haven’t quite made the leap to being comfortable with a mobile device like a tablet.”

“But that [expanded tablet] usage is coming, and we see more people doing more things on tablets,” Mainelli added. “Professionals still rely on laptops and a lot of them are just not really even thinking about the possibilities that the tablet offers and instead are concerned that a tablet doesn’t run Flash or can only open one app at a time.”

Mainelli said it’s notable that Amazon announced two new Kindle Fire HDX tablets last week with an emphasis on business-class features such as a native VPN client and hardware and software encryption.

“Amazon is getting much more serious about making its tablets enterprise-ready,” he said. The same can be said for iPads and many Android devices.

IDC has predicted 190 million tablets will be shipped to retailers in 2013, of which about half run on the Android mobile operating systen and half on iOS, with fractional amounts running Windows. Amazon runs on a custom version of Android and has dubbed its latest OS the Fire OS 3.0 Mojito.

In the IDC survey, 35% said they own an iOS tablet; 26.4% said they owned a tablet running standard Android; 10% said they owned a custom Android tablet like a Kindle Fire; 9.4% said they owned a Windows tablet and 0.7% owned a Windows RT tablet. More than 14% said they didn’t know the OS on their tablet.

The survey also asked tablet owners if they had a chance to buy a tablet again, would they buy one with the same OS. The iOS owners were most likely to say yes (80.2%), followed closely by Windows owners (78.9%); standard Android owners were third (70%), and custom Android owners were 68%.

Mainelli said the lower values for owners who would buy both kinds of Android again are likely a reflection of the many varieties of Android tablets on the market, some priced as low as $79 for a white box version and others from various vendors priced close to the iPad with Retina display at $499. Google’s Nexus 10 16 GB tablet running pure Android sells for $399.

“People who own the higher-end Androids probably have a similar affinity for them as do iOS owners,” he said. But Mainelli said he was somewhat surprised by the high affinity for Windows. “Those owning Windows have a strong inclination to buy one again, right below Apple,” he noted.

 


MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

 

 

Microsoft takes Outlook Web App native on iPhone, iPad

Microsoft takes Outlook Web App native on iPhone, iPad
Just as with Office Mobile — the truncated Excel, PowerPoint and Word — OWA requires an Office 365 subscription

Microsoft today launched Outlook Web App (OWA) for iOS, a “native” app that reprises — and amplifies — the in-browser OWA corporate workers have long used on devices that don’t support the full-fledged Outlook client.

The new app, which comes in iPhone and iPad flavors, offers the same functionality as the browser-based OWA, letting users access email, calendars, contacts and other inbox data housed on a company’s Exchange server.

But because the apps are iOS-native — in other words, they’re written specifically for Apple’s mobile OS, not simply a Web app in disguise — they can tap the hardware, adding features like gesture support and voice control.

The native app approach also means it can be used when offline, unlike the in-browser OWA which requires an Internet connection.

Wes Miller, an analyst with Kirkland, Wash.-based Directions on Microsoft, was impressed. “In terms of packaging this is a really neat idea, with a very, very good [user] experience,” said Miller, who ticked off several examples, ranging from push notifications to the hardware integration.

There are caveats.

As it did last month with Office Mobile for iPhone, Microsoft is dangling the iOS OWA carrot to tempt customers into subscribing to Office 365, the rent-not-own plans introduced earlier this year. Only customers with active Office 365 accounts can use OWA on the iPhone or iPad, even though the app itself is free to download from Apple’s App Store.

More important, if apparently temporary, is the requirement of Exchange Online, the off-premises, hosted Exchange service included with virtually every non-consumer Office 365 plan. Businesses that still run their own on-premise Exchange servers are out of luck for now.

“We are planning to deliver OWA to Exchange 2013 on-premise customers at a future date, but we have no additional details to share today,” a Microsoft spokeswoman said in answer to questions today.

“That’s a deal-breaker for some customers,” said Miller in a Tuesday interview before Microsoft clarified that it would offer OWA to organizations with an in-house Exchange infrastructure, a category that includes most medium- and large-sized companies. What remains unknown is when those Office 365 users will get their hands on OWA for iOS.

Microsoft’s approach to iOS apps has taken some licks from outsiders who view the Office 365-only strategy as misguided. “Anyone [with Office 2013] should be able to access the app,” Forrester analyst Frank Gillett said last month about Office Mobile for the iPhone. “They’re continuing the artificial advantaging of one product over another to change customer behavior. We think that’s a major mistake.”

Gillett’s point may be a month old, but it applies equally to OWA for iPhone and iPad: Microsoft customers who have adopted Office 2013 in perpetual license form rather than as a subscription are barred from running the new app.

Even so, Miller argued that the limitation is consistent with Microsoft’s claim that it is now a “devices and services” company, not one which sells packaged software.

“Where they don’t sell devices, they’ll try to sell services,” said Miller, referring to Office 365.

OWA for the iPhone and the iPad can be downloaded from the App Store.


MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com