This is the Commerce Server 2000 Security Fix for KB article Q317615. It is a patch for the production version of Commerce Server 2000 SP2. To update, you must first upgrade your Commerce Server 2000 to Service Pack 2.

Microsoft has released a patch for Windows 2000 that will eliminate a vulnerability that exists because a malicious user could issue a specially formatted, non-RFC compliant SMTP command that will result in a Denial of Service attack. This would be carried out more typically through a custom application where the malformed data would cause the SMTP service to fail. Download now to prevent a possible Denial of Service Attack.

Microsoft has released a patch that for Windows XP that will eliminate a vulnerability that exists because a malicious user could issue a specially formatted, non-RFC compliant SMTP command that will result in a Denial of Service attack. This would be carried out more typically through a custom application where the malformed data would cause the SMTP service to fail. Download now to prevent a possible Denial of Service Attack.

Activewin.com Microsoft has just posted a new Microsoft Processor Driver Version 5.1.2600.28 on the Windows XP Windows Update website. The download size is 32 KB but there is no description of the file. If you know what it is, do tell!

Normally Windows XP Home Edition cannot join network domains, simply peer-to-peer workgroups. However, there is a fix which can solve the problem and allow WinXP Home Edition to join a domain. Microsoft wanted to cripple Windows XP Home Edition so that it could not be used on domains, which would force many to upgrade to the more expensive Windows XP Professional Edition simply to join a network domain. However, it -is- possible to get on a domain using Windows XP Home Edition. Read more @ NT-Compatible.

Microsoft has released a patch that will prevent certain devices from not working when your computer resumes from standby. Download now to prevent this from occurring.

This story just keeps going and going but I've found some more info on the Windows/Office XP Keygen @ G256.com. Here's what they're saying:

I do have a copy of the KeyGen now. What's interesting is that you can modify a non coporate editions setup files to allow corporate keys. Then use the keygen to create a corporate key, bypassing the product activations. Maybe you actually paid for your copy (cough), but don't want to call home to Pappa Gates ever time you change a HD.

Microsoft has released a couple of new security updates for several of their products. If you want to find out if you need or want to download any of them click on read more.

I saw this @ NeoWin. And they saw it here. (January 31, 2002 update) PowerToys will not be available today as previously stated here. We're sorry, because we know you like them a lot. PowerToys are currently being improved, and will be available for download in April 2002.

Activewin.com that there are some new .NET wallpapers. These high resolution Microsoft Visual Studio .Net desktop wallpapers are brought to us courtesy of MSN India. Pretty cool desktops for 800 x 600 resolution. There are six of them.

CNET reports that software giant Microsoft is preparing the release of a new (free) security scanning software for Windows (XP). The software was developed in conclusion of the trustworthy computing iniative called to life by Microsoft chairman Bill Gates. The tool remains unannounced at the moment but a first functional version was shown at RSA Conference 2002. Calling the software Baseline Security Advisor it is said to work in the same fashion as the already known wizards implemented in Windows. BSA will scan the computer for unpatched software, weak passwords as well as vulnerabilities in the OS itself and furthermore on other Microsoft products. It was not revealed however how this will be achieved - if the tool only scans for known security issues it would be of little use (->Hotfix Checker). "Our goal is to allow (home) users to check their own machines," said Jason Shaw, lead product manager for Microsoft. "Company administrators can also use it to check their entire network." Source: CNET

It seems like M$ has another coup at hand. Apparently Microsoft demanded from developers and publishers that US software titles will only recognize US controllers. Though this story is not 100% confirmed yet it still shows what business practices we might have to face in the future. The ''region coded controllers'' (it is not clear which or if any other peripherals will be affected) are in fact identified by the console via a specific USB ID which will be different in the USA or e.g. Japan. Source: The National Console Support, INC.

This will probably be the top story of the day. The Associated Press revealed that Microsofts Media Player that is shipping with Windows XP operating systems logs the users playing behaviour in a file. "The system creates a list on each computer that could be a treasure for marketing companies, lawyers or others. Microsoft says it has no plans to sell the data collected by Media Player 8," the AP report reads. It seems that not only WMP 8 logs user playing profiles but that this is only the top of the iceberg. AP stated that WMP 8 only added logging support for playing DVD's!

Unchecked Buffer May Occur When You Connect to Remote Data Source - Released February 20, 2002.

When you submit a query to a remote data source, if the query has a string longer than what is expected, the buffer could be overwritten. If you submit a query and the query contains a string longer than what is expected, the query may cause a handled exception of the SQL Server thread, or may allow an attacker to run arbitrary code under the security context in which the SQL Server service is running.

Unchecked Buffer May Occur When You Connect to Remote Data Source - Released February 20, 2002.

When you submit a query to a remote data source and the query has a string longer than what is expected, the buffer could be overwritten. If you submit a query to a remote data source and they query does have a string longer than what is expected, the query may cause a handled exception of the SQL Server thread, or may allow an attacker to run arbitrary code under the security context in which the SQL Server service is running.

Ibelite.com As previously reported a few days ago, Microsoft has just released Visio 2002 Service Release 1. Microsoft Visio® Professional 2002 Service Release 1 (SR-1) Update is a planned service release providing the latest product updates to Visio Professional 2002. Updates include Microsoft SharePoint? Portal Server integration, Hebrew composition support, and ClearType® control, as well as several security fixes.

Ibelite.com: Yet another interesting bug surfaces, this one can do all sort of malicious thing if used correctly. Lets say someone sent you a virus and he knows the specific location of this virus on your hard drive. All he has to do is send you a website that will directly open it for you. Or even worse, those lovely sites which claim they have "progz or other utilities", can create a popup linking to the temp folder if downloaded there, execute this virus and vola. Also, you can change the exe to a shutdown command or a log off command, how scary is that, you enter a website and it shuts off your computer. Talk about a joke!

This update resolves an issue that prevents chkdsk.exe from running at system boot. The issue can occur on systems with an IDE drive and is discussed in Microsoft Knowledge Base (KB) Article Q315403. Download now to resolve this issue.

ZDNet UK has conducted an exclusive interview with Microsoft UK's first chief security officer Stuart Okin. Okin is already working for Microsoft for 5 years and his new demanding position will be officially announced in the next few days. According to ZDNet ''Okin's appointment comes at a critical time for the software giant, which is trying to build up momentum behind its security initiatives while winning the trust of consumers and large corporations for its new e-business framework, .Net.'' Okin criticizes companies that report on security issues in public before Microsoft had a chance to examine those: ''Responsible bodies should be going back to the vendors with any security concerns first, giving them an opportunity to put a patch together before it is announced," Okin said. "We will listen, and we will examine anything that is brought to us." Read the full interview via the above link and learn more about the new security focus of Microsoft and that they did not stop development.

Neowin.net has posted an editorial about the Windows XP keygen that is circulating and is able to produce about 2 working keys out of ten. What this means to the Microsoft anti-piracy campaign and WPA is discussed. Here's a snipit from the article: As of late Neowin has become even more famous because they were one of the first sites to go into more detail about the famed Microsoft XP keygen. The keygen as we all know does work albeit it does take it a while to generate valid keys at times it does make them. This was all in a matter of time if you ask me infact I?m somewhat surprised it did not happen sooner like with Windows 98 or Me...