TipAdept Dot Com

Microsoft on Tuesday released two security bulletins to fix eight bugs in its Windows and Microsoft Office software. Both bulletins are rated important, but analysts said many of the vulnerabilities could potentially be more severe if exploited.

Joshua Talbot, security intelligence manager at Symantec Security Response, is concerned that in many enterprise environments, Windows XP is still common, and these vulnerabilities are more serious on XP and older systems.

"Since Windows 7, Microsoft has seemed to downgrade file-based vulnerabilities," Talbot said. "In the past, I think many of the vulnerabilities patched this month could have been rated critical, but with protections like DEP and ASLR, these types of vulnerabilities are less of an issue for Windows 7."

A Patch Roller Coaster

Andrew Storms, director of Security operations for nCircle, said IT security teams have been on a Microsoft roller coaster so far in 2010 in regards to bulletins. He pointed to January, which produced two bulletins, including the out-of-band emergency release for Internet Explorer. That was followed by a monster patch of 13 bulletins in February. March will go down in history as a light Patch Tuesday with only two important bulletins.

"Unfortunately, this was the first patch for the newer, safer Office 2007 file format. File-format attacks continue to be a favorite attack vector for earlier versions of Office, especially 2003," Storms said. "Since releasing Office 2007 three years ago, Microsoft hasn't had to patch a single bug in this file format, something I'm sure they are pretty proud of. IT security teams everywhere will be keeping their fingers crossed, hoping that this isn't the beginning of a new streak of vulnerabilities in Office."

For the second time in three months, Microsoft has also issued a warning about a new IE zero-day bug. Like the IE zero-day bug from January that got a lot of...

A former executive with IBM and other tech companies has been named the new CEO of an organization in charge of coordinating the technical specifications behind the World Wide Web.

The Web's inventor, Tim Berners-Lee, is remaining the director of the World Wide Web Consortium, and Jeffrey Jaffe, 55, will work under him as its CEO. Jaffe replaces Steve Bratt, 53, who left the position in mid-2009 to run a Web foundation also started by Berners-Lee.

Jaffe brings both business and technical expertise. He has been vice president of technology at IBM Corp. and most recently chief technology officer at Novell Inc. He also was an executive at Bell Labs.

"Just as the Web is constantly growing and changing, so is the community around it and so is the consortium," Berners-Lee said in a statement. "Jeff's broad experience gives him a deep understanding of many different types of organizations, which will be invaluable in managing W3C's evolution."

The consortium, known as W3C, writes the technical rules designed to ensure that Web pages can work using different software, different computers and different languages. For example, it created guidelines on how to format Web pages so that they work more easily with software designed for the blind. It also crafts the basic commands for HTML, the Web's main programming language.

W3C's members include such leading tech companies as Apple Inc., Microsoft Corp. and Google Inc. and institutions such as universities and the Library of Congress. Its main offices are in Cambridge, Mass., Tokyo and the Sophia Antipolis science and tech center near Nice, France.

No watered-down Internet. No sacrifices. That's the promise Hewlett-Packard Vice President and CTO Phil McKinney offered consumers in a blog post about the PC giant's upcoming tablet computer. HP's iPad competitor, he promised, will offer a full web browsing experience in the palm of your hand.

McKinney's blog even posted a demo of HP's upcoming tablet computer running Adobe System's Flash player and its Air application that lets Flash run outside of a browser. The video doesn't compare to the polished Apple commercial showcasing the iPad during the Oscars, but it does offer a sneak peak of what consumers can expect later this year -- including Flash capabilities.

HP's partnership with Adobe on the tablet flies on the face of Apple's iPad strategy. As reported in The Wall Street Journal, Apple CEO Steve Jobs decided not to include Flash support in the iPad, insulting Adobe and opening the door for the software maker to find partners to rival Apple in tablets.

A Flashy Tablet Argument

"Flash performance, while critical to vast number of web sites, is not typically a subject whose interest extends much beyond concerned developers and their beleaguered spouses," said Charles King, principal analyst at Pund-IT. "But given the enormous interest generated by the iPad, the issue became something of a cause c?l?bre among Apple's fans and foes, Adobe's buddies and enemies, and nondenominational Internet aficionados."

No matter what one thinks of Flash, King said it seems odd to close the iPad, a device designed largely for media consumption, to some of the Internet's best-known media sites. However, Jobs doesn't have a reputation for suffering fools gladly, even when the fools are asking perfectly reasonable questions, King said.

"Beyond whatever Jobs might have hoped to achieve with his comments, we doubt that Phil McKinney's blog post was among his goals. In essence, Jobs' blanket...