Windows 8 flops, failed expectations and more

PCs hit by an ugly quarterly drop

as Windows 8 flops

First-quarter shipments tumble 14 percent, much worse than expected, says IDC. Gartner, meanwhile, says PCs slid 11 percent, falling below 80 million units for the first time since 2009.

It’s really ugly in the PC market right now. How ugly? About the worst it has ever been, according to new reports from a couple of tech research firms.

 

First-quarter global computer shipments dropped 14 percent from the previous year, said International Data Corp., much worse than its forecast for a 7.7 percent decline. The pullback marked the worst-ever quarter since IDC began tracking quarterly PC shipments in 1994, and it’s the fourth consecutive quarter of year-over-year shipment declines.

Rival tech research firm Gartner, meanwhile, said its data showed an 11 percent decline in first-quarter global PC shipments, with the number falling below 80 million units for the first time since the second quarter of 2009.

All regions dropped in the period, despite improving economic conditions in some areas, IDC and Gartner said.

As if that wasn’t enough, the main factor expected to boost the PC market — the release of Microsoft’s Windows 8 – actually hurt computer shipments. And even if people desire PCs with touch screens, they still cost too much and suffer from component shortages. IDC noted that innovations being pushed by PC makers are actually being viewed by consumers as “cumbersome or costly.”

Here’s what IDC analyst Bob O’Donnell had to say:

“”While some consumers appreciate the new form factors and touch capabilities of Windows 8, the radical changes to the [user interface], removal of the familiar Start button, and the costs associated with touch have made PCs a less attractive alternative to dedicated tablets and other competitive devices. Microsoft will have to make some very tough decisions moving forward if it wants to help reinvigorate the PC market.”"

PC sales have been weak for quite some time, with quarterly results from computer and semiconductor makers reflecting the hard times. The sector is not only being hurt by the weak economy but also by consumers opting for mobile devices instead of traditional PCs. Microsoft’s latest OS was expected to boost sales, but it’s clearly struggling, as IDC noted.

Shipments fell across all regions, with both the U.S. and the Asia-Pacific region, excluding Japan, down 13 percent from the previous year, according to IDC. Europe, the Middle East, and Africa tumbled in the double digits on a percentage basis, and consumer shipments remain weak in Japan.

It’s tough to find many bright spots in the report. IDC analyst David Daoud noted one piece of positive news comes from Asian manufacturers gaining more traction in the U.S. Lenovo, Samsung, and Asus “have bucked the trend” by “identifying the opportunities and weakness of competitors and executing appropriately and intelligently,” Daoud told Sistemas Ayala.

However, the three companies remain relatively minor players in the U.S. market, with only Lenovo cracking the top five. Its shipments in the U.S. jumped about 13 percent in the first quarter, according to IDC and Gartner, but its global shipments were flat. And Gartner noted Lenovo’s growth rate was the slowest since the first quarter of 2009, largely because of a shipment decline in the Asia-Pacific region. Lenovo remained No. 2 for global shipments behind Hewlett-Packard, according to IDC. Gartner estimated the two companies were in a “virtual tie” for the title of top PC vendor.

 

Lenovo said in a statement that while it continues to outperform the traditional PC competition and sees plenty of room to take share, it also is well-positioned in markets outside of traditional computers. That includes smart connected devices such as tablets and smartphones. The company noted it’s the No. 3 player in smart connected devices worldwide, according to IDC.

“We have already broadened our focus to this space, and we have the PC+products (such as tablets and smartphones) consumers want,” a Lenovo spokesman said. “While our initial success is clearly validating this drive, we are also working hard to improve our performance on this new metric.”

 

For Samsung, part of its success comes fromChromebooks. Such devices, based on Google’s Chrome operating system, remain a small part of the market, but they continue to grow each quarter, Daoud said.

Meanwhile, HP, Dell, and Acer again posted steep declines. For HP, its shipments tumbled 24 percent globally and 23 percent in the U.S., according to IDC and Gartner. The latter noted HP’s shipment decline was the worst since its acquisition of Compaq in 2003.

Acer, which has been struggling with the demise of the netbook market, posted the sharpest drop, with its worldwide shipments down 31 percent, according to IDC, or 29 percent, according to Gartner.

The numbers from Gartner and IDC typically are similar, but they differed greatly in one regard: Apple. IDC said its shipments slid 7.5 percent as the iPad hurt sales of its computers. But Gartner said Apple’s sales rose 7.4 percent.

All in all, PC makers are sure to be taking a close look at their strategies for addressing consumer demand, with no sign the declines will end anytime soon.

“It was a perfect storm,” Daoud said. “Really, there’s no one single thing we can point to and say is the culprit. It was all over the map.”

 

How telecom reform in Mexico could impact U.S. immigration

“Listen to Report“,by Marketplace Morning Report  

 Audio Report Download

New Mexican President Peña Nieto has been making waves since entering office by tackling some of Mexico’s toughest issues. One of those issues is the telecommunications industry. President Nieto hopes to reshape the country’s phone and television service by increasing competition through foreign investment.

“If Congress approves this, [it] will drive down prices in the telephone market,” says Enrique Acevedo of Univision News in Miami. “[It] will bring long awaited programming choices to the Mexican audience who have always had only two choices when it comes to broadcast TV.”

The reforms may also improve broadband Internet access, which Acevedo says is long overdue.

“Broadband speed in the International Space Station is actually faster than in Mexico,” he notes.

Overall, Acevedo sees the telecommunication reforms as a sign of greater economic momentum in Mexico — a trend that could have a noticeable impact on the U.S. and the ongoing debate over immigration.

Will The Next iPhone Keep Ahead of Android?

If Apple’s regular release schedule is to be trusted, we should expect a new iPhone this summer. Will it be called the iPhone 5S with small improvements over the iPhone 5? Or will the pressure from rival Android phones force Apple to go big and make a complete overhaul?

So far, the rumor mills point to an incremental upgrade – no revolutionary changes. So let’s read the tealeaves and try to predict what will be changed. And remember, this is all conjecture with no official information forthcoming from Apple.

New Flash and Better Camera
I like to start with the fun stuff, like the camera. Certainly, the next iPhone could get a megapixel upgrade. There are some Android phones that brag 13 Megapixels, and while it’s possible Apple could increase the resolution of their camera, I think a more interesting upgrade would be the inclusion of a new, smart flash that incorporates Phillips multi-color LED. To match ambient light, the camera could elect to use a white flash (in fluorescent or colder lighting) or a yellow flash to match warmer room tones (candlelight, camp-fires, or accent lighting).

Faster 
Now for the guts of the new phone: leaked photos published by iOSDoc imply the iPhone will be getting an upgrade from its current dual core A6 processor to a quad core A7 processor. Yes, more cores mean a faster phone, but is this a life-changing speed improvement? Um, no.

Bigger Screen is Doubtful
There have been tons of rumors about Apple increasing the screen size from 4 inches to 4.8 inches to compete with some of the Android “Phablets” like the Note. But this rumor seems a little thin with CEO Tim Cook stating publically on Apple’s Q1 2013 Earnings Call that he thinks Apple made the right decision to stick with a smaller screen.

Wireless Charging
Unlike current wireless charging where you have to put a device onto a pad that’s plugged into a power source, Apple has applied for a patent to use something called Near Field Magnetic Resonance (NFMR). With this technology, a home base (a computer or larger device) serves as a hub that can charge the phone anywhere within a meter’s proximity. This could also be a boon for selling more Mac laptops if they become the primary vehicle for wireless NFMR charging.

Biometric Fingerprint Security
Rumors are flying about a fingerprint sensor on the home key to allow for biometric security. This could be a smart idea if Apple wants to shore up public perception of the device’s security before rolling out the Near Field Communications (NFC) wave-to-pay technology that turns your phone into a credit card.

IOS 7
For the first time ever, I am including an IOS update in the “Fun Rumors” category. While the iPhone operating system (currently IOS 6) is not usually an opportunity for big innovation, this portion of the company has recently been taken over by Jonathon Ive, Apple’s superstar design guru. He is no doubt feeling pressure to bring his genius to bear on software (good luck with that) and may surprise us with a few cool new tricks. I expect a Siri upgrade at the very least, and a determination to show that Apple’s maps have recovered from the debacle of the IOS 6 roll out.

Lower Cost iPhone
Where Android phones pose the greatest clear and present danger to the iPhone is on price. Many models are free with a 2-year contract. So the $199 price tag of the iPhone with a 2-year contract is just too steep for many. The biggest price pressure is coming from emerging markets like China and Brazil, where Apple has to lower the price of their only phone in the initial land grab for new smartphone users.

If Apple introduces a free-on-2-year-contract phone, this lower cost version will almost certainly still be able to access faster LTE data networks. It will possibly have a slower Snapdragon System on a Chip (SOC) processor from Qualcomm. It might include a bigger battery, which could increase the phone’s thickness from the current 7.6 mm to a rumored 8.2 mm. It could have a lower resolution camera. And the most interesting possibility: its case could be from a cheaper plastic or fiberglass, which could allow for a multitude of colors.

Bottom Line
The inclusion of a cheaper iPhone could be a huge boon to consumers. If you’ve been holding out until Apple’s flagship device became more affordable, don’t let the slightly diminished technical specs deter you. The beauty of the iPhone is that it’s intuitive and fun to use – but that’s a function of the operating system, not the hardware. If it were me, I’d wait to buy until the consumer testers run the cheaper iPhone through it’s paces and make sure there’s nothing glaringly wrong, and then I’d get it. That is, if Apple actually releases two versions as part of its traditional June release cycle.

Have predictions of your own? Let us know on our Facebook page.

[Knowledge is wealth ! Visit Sistemas Ayala to get rich !!]

Want to read more ?…Come back soon and Request a theme or topic.

 

Conlsulting and Services: benayalal@gmail.com

Follow Sistemas Ayala in Facebook

Este mes de marzo Microsoft prepara siete boletines de seguridad que solucionarán vulnerabilidades en varios de los productos de la compañía

Microsoft prepara parches para Internet Explorer, Office y Silverlight

Con viene siendo habitual los segundo martes de mes, Microsoft prepara su actualización de seguridad mensual que en esta ocasión se compone de siete boletines, cuatro de ellos considerados críticos, lo que significa que solucionan fallos que podrían permitir que un atacante ejecutara malware en un ordenador de manera remota direccionando a un usuario a una página web maliciosa.

Los boletines de marzo solucionan vulnerabilidades en Internet Explorer, Office 2010 y la plataforma Silverlight de Microsoft, además de a Sharepoint.

El parche para Internet Explorer está diseñado para mejorar todas las versiones del navegador, desde IE6 a IE10, y para todas las ediciones de Windows, desde XP a Windows 8 y RT.

En cuanto a Microsoft Silverlight, un plug-in para navegadores capaz de reproducir vídeos online y otro tipo de contenido, se ha reparado un fallo que afectaba tanto a Windows a Mac OS X.

La tercera vulnerabilidad crítica afecta a Visio y Microsoft Office Filter Pack, y la cuarta a Microsoft Sharepoint Server, de forma que afecta únicamente a los clientes empresariales de la compañía de Redmond.

El resto de los boletines están calificados como importantes, lo que significa que los fallos que solucionan no son serios, aunque Microsoft sigue insistiendo en que deben parchearse.

Si se tienen activadas las actualizaciones automáticas de Windows los parches serán automáticamente instalados.

En Chile, se les durmió el Gallo, por problemas con sus Sistemas

Dispositivos cambiaron “por error” la hora

Muchos teléfonos celulares y computadores cambiaron automáticamente la hora este sábado, debido a que tradicionalmente así correspondía cada año.

Sin embargo, a partir de las disposiciones del gobierno, para ahorrar energía, este cambio al horario de invierno será a partir del 27 de abril.

El problema no es menor, ya que muchos chilenos usan su celular para poner la alarma y no es raro que varios se hayan quedado dormidos, pero para evitar este tipo de problemas es importante quitar la actualización automática.

Previendo esto además Microsoft Chile ha desarrollado un parche para que los usuarios eviten cualquier tipo de contratiempo. Asimismo, se preparó una serie de sugerencias para que los usuarios puedan actualizar sus PCs de forma manual.

La principal recomendación es instalar el hotfix o parche que se encuentra disponible en http://www.microsoft.com/chile/CAMBIODEHORA/ para actualizar el Sistema Operativo Windows con la nueva extensión de vigencia de horario de verano en Chile. Este hotfix es aplicable para Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8 y Windows Server 2012.

Estas indicaciones aplican sólo para aquellos usuarios que se encuentren en la zona horaria UTC -04:00 Santiago. Si su PC se encuentra en una zona horaria distinta deberá trasladarse a la zona horaria correcta. Es importante además considerar que si se configura el reloj del equipo de forma manual, podría tener efectos adversos en los ambientes de trabajo. Este procedimiento no cuenta con el soporte de Microsoft.

Para los usuarios que tienen activado Windows Update en sus equipos, de igual manera será necesario  instalar el parche debido a que no está disponible mediante esta herramienta.

Si aún tiene dudas sobre éste u otros temas, puede acceder a cualquiera de los mecanismos de soporte al cliente que ofrece Microsoft Chile en www.microsoft.com/latam/contactenos, en donde podrá encontrar toda la ayuda que necesita para cualquier inconveniente.

Linux, once again, proved to be far more secure than most other operating systems

Google’s Linux-based Chrome OS shrugged off its attackers at the $3.14-million Pwnium cracking competition.

The Chrome Web browser on Windows is breakable,

but its little brother, the Linux-based Chrome OS, proved to be essentially uncrackable

at the CanSecWest conference in Vancouver, Canada,

Google’s Linux-based Chrome OS defied attempts to crack it in the Pwnium hacking competition

 

 

In a separate security contest from the HP Zero Day Initiative’s (ZDI) Pwn2Own competition,Microsoft’s IE 10, Google’s Chrome and Mozilla’s Firefox Web browsers were all cracked. In addition, Java was also cracked multiple times.

In addition, Google is offering a total prize package of $3.14159 million in its own Pwnium 3 Chrome OS cracking contest.

Specifically, here are the prizes that Google is proposing:

• $110,000: Browser- or system-level compromise — in guest mode or as a logged-in user — delivered via a web page.
• $150,000: Compromise with device persistence — guest to guest with interim reboot — delivered via a web page.

Google is offering multiple prizes for each crack up to a maximum of $3.14-million for all winners.

Winning attacks had to “be demonstrated against a base (Wi-Fi) model of the Samsung Series 5 550 Chromebook running the latest stable version of Chrome OS. Any installed software (including the kernel and drivers, etc) may be used to attempt the attack.”

That’s serious money for serious cracking. Google did this, according to Chris Evans, the tech leader of the Google Chrome Security Team, because “Security is one of the core tenets of Chrome, but no software is perfect, and security bugs slip through even the best development and review processes. That’s why we’ve continued to engage with the security research community to help us find and fix vulnerabilities.”

A few days before the contest, Google pushed out ten Chrome browser security fixes and then the games were on.

Even with millions of dollars in prizes at stake, no one was truly successful in taking down the Linux-based Chrome OS. The Google Chrome team reported on Google+ that even though the competition deadline had been extended at the would-be crackers’ request, “We just closed out the competition. We did not receive any winning entries but we are evaluating some work that may qualify as partial exploits.”

Further details are not available at this time, but clearly, given the failure of all browsers on Windows in Pwn2Own and yet another wave of critical Windows vulnerabilities Chrome OS in specific, and Linux in general, remains the best choice for security-conscious desktop users.

Parches para Java- Windows-Mac-Linux

Oracle emite nuevos parches para Java y acelera su ciclo de actualizaciones

Oracle ha parcheado cinco nuevas vulnerabilidades en Java que no se habían resuelto en la actualización de seguridad emitida a principios de febrero.

Tras los recientes ataques que han infectado equipos con malware tras explotarse vulnerabilidades de zero-day en plug-ins Java, Oracle emitió ayer una nuevaactualización de seguridad para Java y anunció sus planes para acelerar la publicación de futuros parches.

Las nuevas actualizaciones, Java 7 Update 15 y Java 6 Update 41, abordan cinco vulnerabilidades más que no estaban incluidas en el parche de emergencia que Oracle emitió el 1 de febrero. Entonces, Oracle ya rompió su ciclo de actualizaciones de Java para solucionar esta brecha, que estaba siendo activamente explotada por los hackers.

Cuatro de las vulnerabilidades resueltas en la actualización del martes pueden explotarse en aplicaciones Java Web Start en escritorios y por Java applets en navegadores de Internet, según explicó Eric Maurice, director de garantía de software de Oracle, en un post.

Tres de esas cuatro vulnerabilidades recibieron la clasificación más alta en la escala CVSS, lo que significa que son críticas y que su ejecución puede comprometer la confidencialidad, integridad y disponibilidad de sistemas donde se ejecuta Java con privilegios de administrador, como Windows XP. En los sistemas en los que Java no se ejecuta con dichos privilegios, como Linux o Solaris, el impacto es menor, apunta Maurice.

La quinta vulnerabilidad afecta a los despliegues en servidores de Java Secure Socket Extension (JSSE).

Aunque la actualización Java 6 Update 41 está disponible para su descarga desde la web de Oracle, no lo está desde Java.com y debe obtenerse de forma manual. La función de actualización en las instalaciones de Java 6 obligarán a los usuarios a descargar e instalar Java 7 Update 15.

Oracle acelerará su ciclo de parches para Java. El siguiente parche programado para Java SE se lanzará el 16 de abril, dentro de dos meses en lugar de los cuatro habituales, y llegará al mismo tiempo que las actualizaciones de Oracle para otros productos. El siguiente parche para Java se emitirá el 18 de junio.

Ubuntu Linux [OpenSource] en Tabletas, Gracias Canonical !

Luego que de Canonical revelara su sistema operativo móvil para smartphones el mes pasado, ahora es el turno de la versión para tablets de Ubuntu OS.

De la misma forma que se venía adelantando en el caso de los teléfonos, Ubuntu para tablets está optimizado para el funcionamiento con gestos, eliminando la necesidad de botones físicos, y valiéndose del “deslizamiento” para acceder a las opciones, apps, mensajes, e incluso para “desbloquear” la pantalla, que en realidad no necesita de un desbloqueo, sino que solamente se arrastra hacia un costado. Por lo demás, parece ser bastante semejante a la experiencia en los smartphones.

La interfaz gráfica está basada en el mismo codigo que la versión para smartphones del SO, solamente que fue optimizado para chips ARM.Según Canonical, esto permite una “convergencia real de dispositivos“, permitiendo que podamos ver todas las apps en una interfaz acorde si conectamos nuestra tablet o smartphone al televisor, por ejemplo. Según el mismo Mark Shuttleworth, un solo Ubuntu para varias plataformas.

Las tablets que equipen Ubuntu tendrán control de voz mediante la interfaz HUD, y manteniendo las buenas costumbres, el sistema permite usuarios múltiples y un “modo invitado“, para permitir que otros puedan usar el equipo. Por su parte, y a pesar de que comparte una enorme cuota de código con la versión para escritorio de Ubuntu, la versión para tablets del OS incluye una nueva opción multitarea que parece fuertemente influenciada por Windows 8, como es el caso de “Side Stage“, que permite a los usuarios ejecutar apps en modo teléfono a un costado de la pantalla, de la misma forma que el Snap View de Microsoft.

Nuevamente y de la misma forma que con la versión para smartphones, Canonical no arriesgó ningún fabricante ni proyecto de hardware que pudiera usar su SO. Si aclara que en conjunto con algunas especificaciones técnicas mínimas, su sistema estará disponible para tablets que vayan desde las 6 a las 20 pulgadas. Los requerimientos mínimos son un procesador A15, 2 Gb de RAM y 8 Gb de almacenamiento.

Tableta de HTC con Ubuntu: “Nunca digas Nunca”

¿HTC va a lanzar un tablet con Ubuntu esta tarde?

Llevábamos ya unas semanas esperando el evento del día de hoy. El evento en el cual se presenta el HTC One, el buque insignia de la compañía taiwanesa, en el que va a ser el renacer una compañía que lo ha pasado un poco mal últimamente. Sin embargo, cuando todo parecía listo, entonces nos enteramos de que es posible que no solo veamos un móvil, sino que también llegue un tablet. Y encima, puede que este lleve Ubuntu como sistema operativo.

No sabemos exactamente si esto último se va a producir, pero sí es bastante probable que llegue un tablet de la mano deHTC. Todo ha salido a la palestra a partir de una fotografía de la compañía, que subió ayer a Instagram, en la cual se ven todos los dispositivos que supuestamente serían presentados hoy, tapados por una manta. Hay bastantes, aunque bien podría ser el mismo dispositivo repetidas veces. No obstante, hay uno que no es un móvil, y está muy claro, ya que tiene el aspecto de un tablet de 10 pulgadas.

La fotografía viene directamente de HTC y casualmente el tablet tiene el lugar más prominente, por lo que parece que tenían la intención de que tuviera un papel protagonista y que los usuarios se dieran cuenta de que el smartphone no vendrá solo.

Lo más interesante es que precisamente Ubuntu inició una cuenta atrás ayer en su página web, en la cual parecían indicar que su versión del sistema operativo para tablets llegaría hoy mismo, a lo largo de esta tarde. A muchos les podría resultar extraño, ya que en solo dos días lanzarán las primeras versiones preliminares para Nexus 4 y Galaxy Nexus. No parece tener mucho sentido un lanzamiento así, sin avisar, y dos días antes de otro. Salvo que, obviamente, sea un gran tablet de una compañía el que se va a lanzar con Ubuntu, y dé la casualidad de que HTC había fijado el evento para esa fecha. Es posible que la compañía taiwanesa quisiera tener en exclusiva la versión para tablets antes que los demás y que por eso no se hubiera anunciado esta junto a la de smartphones.

Sea como sea, saldremos de dudas esta tarde. Lo que parece claro es que sí tendremos tablet, aunque queda por ver cómo será este.

Pagina Oficial de Ubuntu: www.ubuntu.com/

Pagina Oficinal de HTC: www.htc.com/

Sincronicidad o Coincidencia:

 

Adobe Reader: “Acrobat: Under Attack !!

Zero-day vulnerabilities in the most recent versions of Adobe Reader and Acrobat are being actively exploited by attackers, who are emailing malicious PDFs to targets to remotely compromise their PCs.

That warning comes from researchers at security firm FireEye, which said it’s provided copies of the exploit code to Adobe. “A PDF zero-day is being exploited in the wild, and we observed successful exploitation on the latest Adobe PDF Reader 9.5.3, 10.1.5, and 11.0.1,” according to asecurity warning posted Tuesday by FireEye. “Upon successful exploitation, it will drop two DLLs. The first DLL shows a fake error message and opens a decoy PDF document, which is usually common in targeted attacks. The second DLL in turn drops the callback component, which talks to a remote domain.”

Adobe said it’s investigating the alleged zero-day bugs. “Adobe is aware of a report of a vulnerability in Adobe Reader and Acrobat XI (11.0.1) and earlier versions being exploited in the wild,” according to a brief Adobe vulnerability report released Tuesday. “We are currently investigating this report and assessing the risk to our customers. We will provide an update as soon as we have more information.”

[ Can the government help with cybersecurity? Read White House Cybersecurity Executive Order: What It Means. ]

No additional details about the zero-day vulnerabilities have been publicly released, and it’s not clear if the bugs allow attackers tobypass the sandbox built into Reader and Acrobat. But until the vulnerability gets patched, FireEye recommended that users avoid opening any PDF files of unknown origin.

Adobe Tuesday also patched known Flash Player vulnerabilitiesin Shockwave Player, Flash Player, and Adobe AIR, by releasing updates for Windows, Mac OS X, Linux and Android. That marked the second time in less than a week that Adobe, which normally only releases quarterly patch updates, released “out of band” patches to mitigate in-the-wild exploits of bugs in its products. In addition, Oracle still plans to release further patches on February 19.

In other words, 2013 is already turning out to be a banner year for bug spotting. For starters, new flaws recently surfaced not just in Flash and Adobe Reader and Acrobat, but also Internet Explorer and Java.

Microsoft Tuesday patched 57 vulnerabilities in its products, as part of its regularly scheduled, monthly patch release, and many of the bugs have been labeled as critical. “[The] critical vulnerabilities all potentially enable remote code execution, as does the SharePoint server related bulletin rated ‘important’ this month,” said Kurt Baumgartner, a senior security researcher at Kaspersky Lab, in a blog post. “The other vulnerabilities enable elevation of privilege and denial of service attacks. Several of the vulnerabilities have been publicly disclosed, and at least one is known to be publicly exploited.”

Many security experts are advising security managers to prioritize the Internet Explorer patch, which fixes 13 vulnerabilities — privately reported to Microsoft and not yet detailed publicly — which attackers could use to remotely exploit code on vulnerable machines. “Despite the bugs being privately disclosed, Microsoft is warning that exploitation in the wild is imminent,” said Paul Ducklin, head of technology for Sophos in the Asia Pacific region, in a blog post. Indeed, expect attackers to be working overtime to reverse-engineer the patches, which would allow them to craft attacks that exploit Windows PCs that haven’t been patched.

One critical Microsoft patch addresses flaws in the Windows media codec, which could be exploited by crafting a malicious media file. Another fix targets vulnerabilities in the RTF file format that could be exploited by crafting a malicious RTF file, which if opened in Microsoft Word or WordPad would allow an attacker to compromise the PC. “Microsoft warns that this is likely to be exploited in the wild within 30 days,” said Ducklin.

While those vulnerabilities affect clients, another critical vulnerability exists on Microsoft Exchange servers with Oracle’s Outside In technology. The vulnerabilities could be exploited by attackers to remotely compromise the server or create a denial of service.

Security researchers have also published further details of the bugs that were patched last week in Adobe’s Flash Player. According to a blog post from Kaspersky Lab researchers Sergey Golovanov and Alexander Polyakov, the vulnerabilities (designated CVE-2013-0633) are being actively exploited by “so-called ‘legal’ surveillance malware created by the Italian company HackingTeam.” The Italian company’s surveillance software is called RCS (Remote Control System), aka DaVinci, and has been used “against human rights activists and political dissidents from Africa, South America and the Middle East,” according to the researchers.

The Kaspersky Lab researchers said they cataloged six different ways that RCS has been installed on targets’ computers, and four of them employ zero-day vulnerabilities. “Interestingly … two of the 0-days appear to have been created by the French offensive security company Vupen,” said the researchers. “The link was also previously pointed out by Citizen Lab’s report, which says it’s unclear if the exploits used with HackingTeam’s malware have been purchased from Vupen, or just engineered in parallel.”

Chaouki Bekrar, CEO and head of research for Vupen, dismissed as “defamatory allegations and unproven claims” the Kaspersky Lab suggestion that his company may have sold the zero-day vulnerabilities to HackingTeam. “We did not develop nor sell any of these exploits,” Bekrar said via email. “In the vulnerability research field, it often happens that many unlinked researchers, groups or companies work on similar flaws or exploits without knowledge of the others, we call this vulnerability overlaps and it’s very common and usual.”

___________________________________

“Sistemas Ayala”, se pone a sus ordenes para aclarar cualquier duda !

SERVICIOS Y CONSULTAS…..Consulting and Services: benayalal@gmail.com

Follow Sistemas Ayala in Facebook  <<–Visita en FB

SISTEMAS AYALA : http://www.sistemas-ayala.mex.tl/

Proud Active Member of: http://tbmthebusinessmarketing.com  <<–Miembro Activo