AplusWebMaster writes "FYI...

- http://www.informationweek.com/shared/printableArticle.jhtml?articleID=21100081
Microsoft on Tuesday disclosed plans to extend the technical support it provides for all of its development and business products to a minimum of 10 years, giving customers an additional three years to keep using its software before technical support runs out. The change means companies can use many Microsoft products longer without the risks of running unsupported software or the costly alternative of signing a custom support contract. Among the products covered by the extended warranty are Windows 2000, Windows XP, and SQL Server 2000. Under a support life-cycle policy introduced in 2002, Microsoft has been providing software troubleshooting and repairs for five years on most products, followed by two years of extended help for an additional fee. But that so-called five plus two policy has proven insufficient for IT departments under budget pressure to keep their Windows PCs and servers in service longer. We determined we needed to make some changes, says Peter Houston, senior director of servicing strategy with Microsoft. The change was disclosed at Microsoft's TechEd conference in San Diego. Under the new five plus five policy, which goes into effect June 1, Microsoft will provide mainstream technical support for a minimum of five years, followed by five years of extended support. If it takes Microsoft more than five years between major product upgrades, the support window will be extended accordingly..."

Office XP Update Causes Spam Concerns
Service Pack interferes with certain junk mail filters, users find.
Joris Evers,
IDG News Service
Friday, March 12, 2004

Microsoft's latest set of updates for Office XP is causing headaches for users of two junk mail filtering products.

Microsoft Outlook mailto URL Handling Vulnerability

"Outlook 2002 exposes a vulnerability due to inadequate checking of parameters passed to the Outlook email client. The vulnerability is caused by the way a "mailto:" URL is interpreted. An attacker creating specially formatted "mailto:" URLs can cause Outlook to run privileged script, ultimately leading to the execution of arbitrary code. The malicious code could be delivered to the victim via a specially crafted HTML email message or from an intruder-controlled web page. ..."

Three more patches from Microsoft

By Iain Thomson
March 09, 2004

Windows, Office XP and Messenger get fixes for 'moderate' to 'important' vulnerabilities

Microsoft has issued three security patches for its software systems.

Although none of the fixes are rated as critical, one update, covering Office XP, is deemed 'important', Microsoft's second highest rating. Patches will be available for download from 18:00 GMT today.

New player in security market

By Todd Bishop
Seattle Post Intelligence Reporter
March 08, 2004

A security program to debut later this year for Microsoft Windows-based computers won't come under the name McAfee, Norton, or any other brand often linked with firewalls and virus protection.

It will come from Microsoft itself.

Tank863 writes "Microsoft is set to release their March security patches on Tuesday, March 9th followed by a Webcast on Wednesday, March 10th starting at 10:00am PST. Previous Webcasts have provided excellent information followed by a Q&A session where Microsoft's security experts address specific questions from users.

These monthly Webcasts are open to anyone but you must register first.
Click here to read more about and register for the March security briefing. "

Tank863 writes "By Jim Wagner February 27, 2004


Network security firm iDEFENSE is warning of a vulnerability that grabs a Web surfer's login and password keystrokes in Internet Explorer (IE).

The exploit, which affects IE 5 and 6 running on Windows 2000 Professional and Windows XP Professional, bypasses a Microsoft (Quote, Chart) restriction that prevents multiple frames on one Web page running from two different domains, allowing a cracker (define) to record keystrokes performed by its victims. "

Microsoft Set to Show Spam Strategy
E-mail 'Caller ID' system validates the source of messages.
Paul Roberts,
IDG News Service
Tuesday, February 24, 2004

Microsoft Chairman and Chief Software Architect Bill Gates will use the RSA Conference in San Francisco to unveil a proposed open technology standard that Microsoft hopes will make it harder to fake the source of unsolicited commercial e-mail.

Microsoft Confident Bounties Will Nab Virus Writers
Tue February 24, 2004 09:27 AM ET
By Bernhard Warner,
European Internet Correspondent

LONDON (Reuters) - A trio of bounties Microsoft Corp. placed on the heads of virus writers has generated a variety of investigative leads, but still no arrests, a top security official from the software giant said on Tuesday.

Microsoft to Hackers: Drop That Code!

By David Morgenstern
February 17, 2004

Microsoft Corp. is warning the online community to keep its hands off purloined Windows source code.

The company on Tuesday confirmed it had sent legal warnings to some persons who it said had downloaded the stolen code from the Internet.