As expected, on 14th April, Microsoft ended mainstream support for Windows XP and Office 2003.  No further new function or non-security related updates will be released for either product.  Security updates will continue to be released until 4th August 2014, when Microsoft has declared that support for both XP and Office 2003 will formally end.

This is not entirely unexpected, nor is it particularly worrying.  No significant non-feature updates have been released for either product for a good while, and in the case of Windows XP, not really since Service Pack 2.  All Microsoft products are subject to a finite support life, and Windows is no different.  Existing installation will continue to be protected by Microsoft established security updates and patches.

For our support customers, this announcement does not equate to any realistic change in your systems.  Windows XP will continue to operate as expected, and given the average lifecycle of a PC, it is unlikely that you will still have any Windows XP PC still operational in 2014.

Microsoft has released a patch to correct the now well documented Zero Day Flaw in Internet Explorer that applies to all supported versions of Microsoft Windows.  The patch is available through Windows Update and provided your computer has been configured for Automatic Updates, you will be prompted to install it shortly.

If you are one of our corporate support customers, this patch will be automatically rolled out across your networks.  No further or direct action is required on your behalf.

The released patch only applies to versions of Windows that Microsoft still actively supports,principally:

• Windows 2000
• Windows XP
• Windows Server 2003
• Windows Vista
• Windows Server 2008

As Microsoft no longer actively supports Windows 95, Windows 98 or Windows ME, we would anticipate no correctiive patch will be issued for these operating systems.

This patch corrects a flaw that has been detected in Internet Explorer and its’ derivatives.  It does not apply to other Web Browsers like Mozilla Firefox, Opera and Google Chrome.

As per previous years, ACS will be operating different working hours during the Christmas and New Year period.  For full details, please see the full statement on our Support Website.

One of the recent updates to AVG AntiVirus wrongly identifies a critical windows file (User32.dll) as a virus.  If this file is deleted, it will render Windows XP useless (the computer will either not boot, or endlessly reboot).

This problem should not affected the majority of our customers (if any at all), as it appears the problem is limited to AVG users who use the French, Italian, Netherlands (Dutch) or Spanish versions of Windows.

If you want to learn more, see Topic 1574 on AVG’s Support website at http://www.avg.com/support.

Eighteen years after it was first released, Windows 3.1 has finally been laid to rest. As of the 1st November, Microsoft will no longer issue licences for Windows 3.1. Although it has long been viewed as being dead in the desktop market, Windows 3.1 has soldiered on in the Embedded Application market (ATMs, large scale entertainment systems).

In many ways, Windows 3.1’s longevity is a testament to a basic engineering principle: If it isn’t broken, don’t replace it.

Looking back, Windows 3.1 can now been viewed as being the first proper mainstream operating system that was easy to use, and worked (well, most of the time).

Update 5th November

We’ve just noticed that BBC News have picked up on this. Read the full article here.

We must have been asked this question at least a thousand times: How do you create a screenshot? There really is no great mystery or complexity in this, and it only takes a few seconds to do.

To that end, you will now find a new article in our Support Knowledgebase entitled How to Create a Screenshot.

As to why you should create a screenshot, the answer to that is even easier.  A picture really does tell a thousand words.  A picture that shows an error message or problem often conveys more detail that can be described.

After several years of legal dispute and delay, the European Union Court of First Instance has rejected Microsoft’s appeal against the European Commission landmark’s Anti-Trust ruling back in 2004 on all but one point.

The court upheld the commission’s ruling on all but one point; namely the position of the monitoring trustee who was to oversee and ensure the various anti-trust remedies were implemented.

In a statement, the court said that “The Court of First Instance essentially upholds the Commission’s decision finding that Microsoft abused its dominant position,”.

In the judgement, the court ordered that Microsoft pay 80% of the commission’s cost, plus some of the costs of its’ business rivals that had supported the Commission.  Microsoft’s own allies were forced to pay their own costs.

Back in 2004, the EU Commission ruled that the Seattle giant’s overwhelming dominance (at around 95%) of PC market the market had stifled and damage smaller rivals, and was penalised with a 497m Euro / £343m / $690m fine.  The Commission later hit Microsoft with a 280m euro / £195m fine for non-compliance.

As would be expected, Microsoft appealed this ruling which led to today’s judgement which is effectively final.  The Court of First Instance can be considered as the highest EU court; with the only appeal route now open to Microsoft is to the European Court of Justice, and that can only be for points of law, not the substance of the case itself.

For Microsoft, today’s judgement is more of a dent to their reputation than their corporate wallet.  There will be many out there celebrating that one of the largest IT monolith’s has finally been bought to book, especially after the US Department of Justice failed so miserably to do so.  For the average consumer, this judgement means very little.  Microsoft’s dominance is still very much in effect, and will continue to be for the foreseeable future.  In comparative terms, there is no more competition in the marketplace now than there was three years ago.

In real terms, this judgement signifies that the EU Commission will assert itself on any company it believes to be operating in the same dominant manner; irrespective of their size, status and location.  For the EU Commission, the ruling is a vindication of their established position and goals.  For Microsoft, the ruling cannot really come as much of a surprise, and it won’t impact their sales.  It may, however, impact that way in which global companies operate within the EU.

September’s patch releases from Microsoft is a fairly quiet affair with only 4 patches, 1 being rated as critical and the rest as important.  Unusually, there are no non-security updates available for Windows or any other Microsoft product (Office etc) being released.

Critical Updates

MS07-051 – Vulnerability in Microsoft Agent Could Allow Remote Code Execution
This update fixes a problem Microsoft Agent that could lead to remote code execution.

Important Updates

MS07-052 – Vulnerability in Crystal Reports for Visual Studio Could Allow Remote Code Execution
This update fixes a problem with Crystal Reports that could lead to remote code execution if a specially crafted Crystal Report file was opened.

MS07-053 – Vulnerability in Windows Services for UNIX Could Allow Elevation of Privilege
This updates fixes a problem with Windows services for UNIX where an attacker could elevate their privileges on the target computer.

MS07-054 - Vulnerability in MSN Messenger and Windows Live Messenger could allow Remote Code Execution
This update fixes a problem with MSN Messenger and Live Message where a webcam or video invitation could lead to remote code execution taking place.

ACS Support Customers

For the majority of our customers with an IT Support contract, these updates will automatically be installed as part of the existing network management processes.  These updates may also be installed through the Microsoft Update Website.

Microsoft released its’ August Security Bulletin on the 14th August containing 9 patches to fix 14 known problems.  Of the nine patches, six have been rated as being “critical” with the other three being designed as “important”.  Interestingly, these patches cover not only Windows-based applications but also Microsoft Office for Mac.

Critical” Updates

MS07-042 – Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution
This update fixes a problem with using Microsoft XML Services in Microsoft Windows, Microsoft Office (2003 & 2007) and Microsoft Sharepoint Server that could lead to remote code execution

MS07-043 – Vulnerability in OLE Automation Could Allow Remote Code Execution
This update fixes a vulnerability in Microsoft Windows, Visual Basic and Office for Mac that could lead to remote code execution.

MS07-044 – Vulnerability in Microsoft Excel Could Allow Remote Code Execution
This update fixes an vulnerability within Microsoft Excel for PC and Mac (PC versions: 2000 SP3, XP, 2003 SP2; Mac versions: Office 2004 for Mac)  that could lead to remote code execution.

MS07-045 – Cumulative Security Update for Internet Explorer
This update resolves three vulnerabilities in Microsoft Internet Explorer that could allow remote code execution if a user was to visit a specially devised web page.

MS-046 – Vulnerability in GDI Could Allow Remote Code Execution
This updates resolves a vulnerability in the Windows Graphics Rendering Engine that could lead to remote code execution.  This update affect Microsoft Windows.

MS-050 – Vulnerability in Vector Markup Language Could Allow Remote Code Execution
This update resolves a vulnerability in Microsoft Internet Explorer that could allow remote code execution if the user was to visit a specially devised web page.

“Important” Updates

MS-047 – Vulnerability in Windows Media Player Could Allow Remote Code Execution
This update corrects a vulnerability within Microsoft Media Player (versions 7.1, 9, 10, 11; Windows 2000 – Windows Vista) that could lead to remote code execution

MS-048 – Vulnerabilities in Windows Gadgets Could Allow Remote Code Execution
This patch contains fixes to two vulnerabilities that could lead to a remote code execution where a remote user could to run code with security privileges of the logged-on user.

MS-049 – Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege
This update fixes a reported issue with Microsoft Virtual PC and Virtual Server where a guest (i.e. the “virtual”) operating system could execute code on the host operating system where permissions do no exist to permit this.

Other Updates

In addition to the above security updates, Microsoft also released an updated version of the Windows Malicious Software Removal Tool.  A further four non security, but high priority updates were also released.

ACS Support Customers

For the majority of our customers with an IT Support contract, these updates will automatically be installed as part of the existing network management processes.  These updates may also be installed through the Microsoft Update Website.