US, UK Governments Say Avoid Internet Explorer

A number of news outlets are reporting that the US and UK governments have issued a warning advising users of Microsoft’s Internet Explorer web browser to stop using it for now due to a major vulnerability.

There are a number of alternative web browsers available, including Mozilla Firefox and Google Chrome. Both of them have mobile versions and the ability to synchronize bookmarks, add-ons, and other data with multiple devices.

Media are linking this to the End of Support for Windows XP but this appears to be unrelated, as Internet Explorer versions 6 through 11 are affected by this vulnerability. Windows XP supports Internet Explorer only up to version 8. This does mean, however, that any fix for the problem will not be applied to Windows XP, so it is best to use an alternate browser until XP systems can be upgraded.

No word yet on how long it will take for a fix to be released for newer versions of Windows.

Windows XP End of Support

Many of you have heard by now that Windows XP is approaching its “End of Support” date, April 8. A few of you have asked how this will affect your current Windows XP installations and how quickly you need to plan upgrades.

First, don’t panic. The End of Support means only that new security updates will no longer be provided by Microsoft through Windows Update. In the short run, therefore, there will be little impact. As time goes on, however, it will become increasingly important to upgrade or, more likely due to the age of current installations, replace Windows XP computers with new ones running Windows 7 or Windows 8. I recommend planning to complete these upgrades/replacements over the course of the next year.

Most of you have only a few Windows XP installations left, so the impact will be fairly minimal and can be folded into the usual PC replacement cycle. In rare cases there may be critical software on an XP machine that cannot be installed on a later version of Windows. In that case, there are still options. For instance, we could take the computer offline and use it without an Internet connection, or transition the software to a virtual machine to isolate it from other workstations. Please feel free to contact me if you would like to go over any of these possibilities.

LogMeIn Free to be Discontinued

The popular remote access software LogMeIn Free will be discontinued in favour of LogMeIn’s paid options, according to a release on the company blog.

Existing users are already being migrated to paid services, but a number of alternatives do exist. TeamViewer is very popular, as is VNC (which comes in several flavours, such as RealVNC, TightVNC, and UltraVNC). Microsoft’s built-in Windows Remote Desktop Protocol can be used for those systems, though it requires a little more setup. The Wikipedia page for remote desktop software gives a very thorough list of options.

MSN Messenger Shutdown Inspires Malicious Fakes

Microsoft’s announcement that it intends to shut down its long-running MSN Messenger service and replace it with Skype has inspired enterprising malware developers to start offering fake installers.

The original announcement came late last year, but only recently as the cut-off date of April 8 (April 30 in Brazil) approaches have these attacks appeared in significant numbers.

Kaspersky’s securelist.com offers some additional details, including some of the domains involved.

Microsoft Azure Outage Caused by Expired SSL Certificate

A worldwide outage of the Microsoft Azure cloud storage service was caused by the expiry of an SSL certificate on Friday, according to reports. This comes on the heels of a week-long outage of an SQL server component of the Azure service.

The news was reported in a number of outlets, including Slashdot, which cites articles from the San Francisco Chronicle, Yahoo, and the Register. PCWorld reports that service was restored on Saturday.

Office 2013 Pricing Announced

Microsoft Office 2013 pricing has been announced, the first to include a monthly subscription option. Microsoft’s licensing and pricing, especially for “Enterprise” software products, can be Byzantine, so it comes as little surprise that the first version of Office to have both boxed and Software-as-a-Service options will be available in no less than nine distinct editions: University, Home Premium, Home & Student, Small Business Premium, Home & Business, Midsize Business, Standard, Enterprise & Government, and Professional Plus.

The Next Web compares Office 365 to Office 2013 in an attempt to unravel the pricing knot. The conclusion is that total cost will end up being much greater for the Office 365 service for everyone but students, assuming a life cycle of 36.5 months, though a reader of the linked article has pointed out that Office 365 includes five licenses compared to Office 2013’s two.

There are alternatives to Microsoft Office altogether. Historically Apache (formerly Oracle, formerly Sun) OpenOffice has been the preferred Office replacement, but recently LibreOffice (actually an OpenOffice fork) has emerged as a strong competitor. Both are free, open source software and are capable of reading and writing Microsoft Office formatted files as well as exporting documents directly to PDF.

Microsoft Discontinuing Messenger

Microsoft has announced that it will be discontinuing its Windows Live Messenger on March 15th, 2013. All users aside from those in mainland China will be required to switch to Skype, which Microsoft acquired in 2011.

As this OnSoftware blog post notes, this is an unusually bold action for Microsoft, which normally puts great effort into maintaining older software.

Some additional information about the switch along with a sample of the mail sent out to Messenger users about the change is up on The Next Web.

Vulnerability Found in Older Internet Explorer Versions, Fix Available

Microsoft has issued an advisory warning of a 0-day vulnerability in Internet Explorer 6, 7, and 8 that could allow malicious code to be executed on a victim’s computer as soon as they visit a compromised web site. More recent versions of Internet Explorer are not affected.

Symantec describes the means of infection as a “watering hole” attack as it involves exploiting a site the victim is likely to visit.

A temporary fix has been made available until a permanent one can be prepared for Windows Update. While the effect appears to be limited to the United States at present, it would be a good idea to apply the fix if you are still running Internet Explorer 6, 7, or 8. Microsoft has also recommended upgrading Internet Explorer to version 9 or 10, but Windows XP does not support these versions.