Microsft Targets Graymail and New Patch Tuesday

October 11 brings with it yet another Patch Tuesday from Microsoft, where the software giant will release eight security bulletins aimed at addressing 23 total vulnerabilities across its products. Last week’s Microsoft Security Bulletin Advanced Notification deemed just two of the bulletins as critical, but all cover issues that certainly needed attention.

The first critical bulletin will patch a vulnerability contained within Windows and Internet Explorer.  Microsoft said that if the vulnerability was exploited, it would give hackers an avenue to spread malicious code on a remote basis.  The bug affects the Windows XP, Windows Vista, and Windows 7 operating systems, plus Internet Explorer versions 6, 7, and 8.  The Windows Server 2003 and 2008 platforms have been identified to be affected by the bug as well.

The second critical bulletin addresses a .NET and Silverlight bug that makes remote code execution possible.  With the vulnerability in place, hackers can use .NET and Silverlight applications to launch server and client-side attacks.  According to Rapid7 security researcher Marcus Carey, the bug resembles one that was patched by Microsoft in a June update.  He noted that the disclosure of bugs usually opens the door for malware authors to search for similar vulnerabilities contained within the product.

Another noteworthy, but not critical bulletin in the newest Patch Tuesday tackles a bug found in Microsoft’s Forefront Unified Access Gateway 2010.  Carey called the bug particularly interesting since it was detected in remote access software.  He added: “No one wants to hear that software that is designed for security is vulnerable to remote code execution.  Attackers will likely look at this bulletin and related vulnerabilities closely, and organizations should keep an eye out for any suspicious activity on servers running Forefront.”

An update to Microsoft’s Malicious Software Removal Tool will also be released on Patch Tuesday.  The update fixes a flaw that caused Microsoft Security Essentials and Forefront to mistakenly flag the Google Chrome web browser as malicious.  The error was noted by many Windows users who noticed that their browser of choice mysteriously disappeared.   

While Microsoft’s patches certainly fix some vital vulnerabilities, their installation will put a stall in operations around the tech community, as almost all of them require a restart.  That stall should not be as bad as last October’s Patch Tuesday, however, which fixed 49 vulnerabilities via 16 bulletins.

For more on this topic, visit http://www.eweek.com/c/a/Security/Microsoft-Plans-to-Fix-23-Bugs-in-October-Patch-Tuesday-317687/

Microsoft Targets Graymail via Its Hotmail Service

While most internet users probably know what spam is, the concept of graymail may be relatively new or ignored for the most part.  Luckily, Microsoft is one company that has decided to prevent graymail from sneaking through the cracks with some new additions to its Hotmail service.

What is graymail?  It’s essentially the collection of email messages that do not represent communication with actual human accounts.  In other words, graymail is made up of unwanted email in the form of newsletters, notifications, offers, and the like.  The messages, unlike spam, are legitimate, but most users really do not have a use for them.  According to Hotmail group program manager Dick Craddock, graymail accounts for approximately 75 percent of all messages, while human to human communication takes up just 14 percent of the typical inbox.

Instead of simply filtering out or blocking graymail completely, Microsoft recently announced that it would improve Hotmail to give users a customized tool to address the issue.  The new functionality is expected to become available to all Hotmail users by the end of this year.  With the tool, users will not have to worry about creating filters for specific types of messages, as newsletters will be detected and categorized automatically.  Users who wish to stop receiving newsletters or correspondence from mailing lists will be able to unsubscribe with ease, or Hotmail will block any such future messages for them.

More improved Hotmail functionality is coming via the Scheduled Sweep feature.  Hotmail’s Mailbox Sweep feature allows users to remove all messages from a certain user in one swoop, but Scheduled Sweep takes things one step further.  Users will be able to employ the feature to set an expiration date for mail from a specific sender to lighten their inbox load, or they can elect to keep only the latest message from the sender.  Such functionality is ideal for useful messages that contain coupons and information on limited-time sales.

Microsoft’s announcement on its new Hotmail features is a much-needed one, as the company’s email service is seen as one plagued by performance issues and spam.  Microsoft acknowledged Hotmail’s undesirable reputation at a recent event, and cited statistics from comScore to back up the claims.  Hotmail is the global email king with around 350 million users, leading Yahoo and Gmail.  In the United States, however, Hotmail comes in third, with just 45.5 million active users.  Yahoo holds the first place spot with 96.6 million users, and Gmail comes in second with 62.7 million users.

For more on this topic, visit http://www.eweek.com/c/a/Security/Microsoft-Hotmail-Tackles-Unwanted-Graymail-100146/

[gp-comments width="770" linklove="off" ]