Today is the last day that Windows 2000 and Windows XP Service Pack 2 will receive support and patches from Microsoft. Starting tomorrow, Service Pack 3 will be required to receive support and hotfixes for Windows XP.

In the past, the end of support for a service pack would mean that Microsoft would refuse to offer any kind of telephone support or troubleshooting assistance. This policy was relaxed a little in April; limited support will remain available for those organizations sticking with Service Pack 2. However, any hotfixes or security updates will be restricted to Service Pack 3.

Customers on Windows 2000 will not even have this option. The operating system is now out of its extended support phase. This brings an end to any and all hotfixes, security updates, or even paid support options. Fewer than half a percent of Internet-connected machines appear to use Windows 2000, and with the end of support, it is now open season on that minority: Microsoft will take no action to provide fixes for any security issues, regardless of their severity.

Read the comments on this post

Microsoft today announced forthcoming previews of two new Small Business Server versions: Small Business Server 7, and Small Business Server "Aurora." Small Business Server bundles Windows with a range of Microsoft's server software, including Exchange Server, SharePoint, Windows Server Update Services, and in the Premium edition, SQL Server. The bundle is targeted at organizations with fewer than 75 employees, providing streamlined installation and management, along with certain limitations on scalability.

Small Business Server 7 updates Small Business Server to include the latest versions of the relevant programs: Windows Server 2008 R2, Exchange Server 2010, SharePoint 2010, and SQL Server 2008 R2. Small Business Server updates typically lag behind the release of the standalone constituent components as they include additional management consoles to simplify deployment and management.

Even with this streamlined management, Small Business Server is a complex product that requires some degree of administrative competence. Exchange Server, for example, is great when it's working properly, but miserable when it isn't.

This is where Small Business Server Aurora fits in. Aurora is aimed at companies even smaller than the regular Small Business Server product, 25 users or fewer. Rather than bundling Exchange Server and SharePoint, Aurora servers will just be basic domain controllers. Provisioning of e-mail and document management will instead be done through Microsoft's hosted Exchange Online and SharePoint Online products.

By using these cloud services, the maintenance and administrative overhead that's a feature of the normal Small Business Server product is eliminated. The result is a greatly simplified product that's ideal for organizations with little or no IT expertise.

One thing that cloud doesn't do so well is file serving or backup provisioning; Internet connections are normally too slow. Aurora includes extra features to help in this area: it includes the flexible, replicated storage capabilities and remote backup features found in Windows Home Server. This will be the first time that Microsoft takes these features out of the home and puts them in the workplace.

The betas of both products will be available in August. Microsoft is still not saying when the final versions will be released.

Read the comments on this post

Though cloud computing offers users a number of advantages—increased scalability, reduced maintenance costs—it is not suitable for every task. A common problem is that many would-be users can't afford the loss of physical control of their data, typically for regulatory reasons. To meet these needs, Microsoft today announced the Windows Azure platform appliance—a Windows Azure cloud-in-a-box system enabling the creation of private Windows Azure systems.

The platform appliance will be an all-in-one combination of server hardware, networking infrastructure, storage, and software. The exact form of the appliance is still to be determined, but the scale will be large: hundreds or thousands of servers. Microsoft's own Windows Azure data centers use self-contained shipping containers packed full of hardware; this may work well for some customers, but others may need more conventional rack-mounted equipment. Unsurprisingly, given this uncertainty over system specifics, exact pricing and availability are presently unknown.

Dell, HP, and Fujitsu will all be developing and selling Windows Azure platform appliances. Initially, the companies will be selling services hosted from their own data centers; this will then be expanded to include private sale and hosting of platform appliances. Dell hopes to have appliances running within its own data centers by January, and expects to be selling the systems to third parties within 12 months.

One early customer is eBay. eBay already uses Microsoft's public Windows Azure hosting for its iPad listings, an early pilot deployment to prove the viability of the platform. eBay plans to expand this, first using Windows Azure appliances to host internal business applications, and ultimately hosting all business operations on a privately owned Windows Azure-powered cloud.

Though such systems will not be an option for smaller customers, they should give Windows Azure much broader reach into markets such as government and financial services. They should also help to alleviate some lock-in concerns; users of public clouds can be left in the lurch when their provider decides to shut up shop—no such problem exists for private systems.

Read the comments on this post

The second beta of Microsoft's Windows Intune cloud-based desktop management and maintenance software, is released today. The new release opens up the beta to a broader audience, and provides new features to support IT solutions providers.

Windows Intune provides client-side malware protection, patch management, remote assistance, and inventory management. Management tasks are performed through a Microsoft-hosted Web console, allowing easy remote management. Moreover, the use of the cloud means that clients can be managed even when off the corporate network (as is common with laptop users). The new beta includes a new multi-account console aimed at providers of outsourced IT services. With this new console, providers will have an at-a-glance view of the state of all their customers' systems.

Pricing for Windows Intune was also announced. It will cost $11 per PC per month for both the cloud management services and upgrade rights to Windows 7 Enterprise edition. A further dollar per PC per month provides access to the MDOP suite with its more advanced diagnostics and virtualization capabilities.

The first beta, released a couple of months ago, had just 1,000 places, and was restricted to North America; it filled up within 24 hours. The new beta is enlarged, to 10,000 applicants, and will be available in US, Canada, Mexico, Puerto Rico, France, Germany, Ireland, Spain, UK, and Italy. General availability is expected early next year.

Read the comments on this post

The transition to 64-bit computing has accelerated with the release of Windows 7. Figures published by Microsoft today claim that nearly half of Windows 7 installations—46 percent—are using 64-bit versions of the operating system. This represents a huge upswing in 64-bit adoption; Windows Vista, in comparison, had only 11 percent of its users running the 64-bit version.

The benefits of 64-bit Windows vary; for some users they will be substantial, for others, nonexistent. The 64-bit versions of the operating system have reliable access to larger amounts of physical memory than their 32-bit counterparts. 64-bit software similarly has easy access to more system resources. These factors can provide a substantial performance boost to heavy workloads like databases, but for other workloads—including common desktop tasks such as word processing or Web browsing—there is little advantage to be had.

64-bit Windows software is potentially more secure than 32-bit software. 64-bit Windows can make systems such as ASLR stronger, as known ASLR-defeating techniques depend on the relatively small amount of memory that 32-bit programs have available.

It's these security benefits which prompted Intel's migration to 64-bit Windows 7; the chipmaker, which famously skipped Windows Vista, has expressed no concerns over migration to Redmond's latest platform.

64-bit variants of the x86 processors that power Windows machines have been around since 2003, but the popularity of 64-bit software has lagged behind the processor availability. This started to change with Windows Vista. Driver certification for that OS required submission of 64-bit drivers in addition to the far more common 32-bit drivers, meaning that hardware manufacturers stopped treating the 64-bit version as a second-class citizen. Similarly, software certification requires vendors to test and support their software on 64-bit Windows.

Though it seems likely that 64-bit sales will overtake 32-bit at some point during the course of Windows 7's life, 32-bit software isn't going away anytime soon. A lot of software is still 32-bit, with little to gain from a conversion.

One particular sticking point is Web browsers and their plugins; though the security benefits of 64-bit software are particularly desirable in a Web browser, important plugins like Flash have no 64-bit version. And although Internet Explorer has had a 64-bit version for many years, other Windows browsers have not yet followed suit. This could change soon, as Firefox 4 may include a 64-bit Windows version.

As slow as it is, the 64-bit migration is happening faster than the switch from 16- to 32-bit software. Intel's first 32-bit processor was released in 1985; it wasn't until Windows 95, a decade later, that there was any mainstream 32-bit operating system, and even that was a hybrid between 16- and 32-bit code. Not until Windows XP's release in 2001 did PC users move wholesale to a pure 32-bit platform.

Read the comments on this post

According to the Microsoft Security Response Center, Microsoft will issue four Security Bulletins addressing five vulnerabilities on Tuesday. It will also host a webcast to address customer questions the following day.

Three of the vulnerabilities are rated "Critical" and the last is marked "Important." All of the Critical vulnerabilities earned their rating through a remote code execution impact, meaning a hacker could potentially gain control of an infected machine. At least one of the four patches will require a restart.

The list of affected operating systems includes Windows XP, Windows Server 2003, Windows 7, and Windows Server 2008 R2. Microsoft Office XP, Office 2003, and Office 2007 are also covered.

Compared to last month's big Patch Tuesday, this is a small one. The exact breakdown of the bulletins is as follows:

• Bulletin 1: Critical (Remote Code Execution), Windows
• Bulletin 2: Critical (Remote Code Execution), Windows
• Bulletin 3: Critical (Remote Code Execution), Office
• Bulletin 4: Important (Remote Code Execution), Office

If you're wondering, May's Canonical Display Driver vulnerability and June's help vulnerability will both be patched this month.

Along with these patches, Microsoft is also planning to release the following on Patch Tuesday:

• One or more nonsecurity, high-priority updates on Windows Update (WU) and Windows Server Update Services (WSUS)
• One or more nonsecurity, high-priority updates on Microsoft Update (MU) and WSUS
• An updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Microsoft Download Center

This information is subject to change by Patch Tuesday; Microsoft has been known to rush patches or to pull them as it deems necessary.

Read the comments on this post

Displeased with the way Microsoft handled the disclosure of a security flaw last month, a group of anonymous researchers has decided to take a more aggressive stance against the company. The group, calling itself the Microsoft-Spurned Researcher Collective (a mockery of Redmond's Microsoft Security Response Center), will perform anonymous full disclosure of any security flaws that it discovers.

The anonymous group asserts that Microsoft has displayed a pattern of hostility towards security researchers, with last month's flaw being the most recent example. Tavis Ormandy, an employee with Google, discovered a flaw in the way that the Windows Help and Support Center in Windows XP handled input. This flaw could be used to attack users of that operating system. Ormandy informed Microsoft of his findings, but after five days deemed the software giant's response inadequate, and so made a full public disclosure of the problem.

This is at odds with the disclosure policy preferred by Microsoft and many other software vendors—including Google. These companies advocate what they call "responsible disclosure," in which communication of the flaw is kept private until a suitable patch or fix can be made available.

Subsequent to this disclosure, Microsoft claims that more than 10,000 systems have been attacked, with a number of malicious payloads being used.

A blog post from Microsoft expressed dissatisfaction with the full disclosure decision, claiming that it had not given the company enough time to accurately assess and analyze the flaw. Moreover, the post referred to him as a Google employee. Though this is accurate, Ormandy asserts that his bug report was independent of Google, and thus that his employer's name should not have been mentioned.

It is this treatment that appears to have provoked the creation of the researcher "collective." The post announcing the collective's existence also included details of a flaw in Windows Vista and Windows Server 2008. The flaw can be used to perform denial-of-service attacks against Windows machines, by crashing them, and is of a kind that could feasibly be used to allow privilege escalation.

This new flaw is deemed to be low-risk by both Microsoft and others. To exploit the flaw, an attacker must already be able to run malicious code on a system, and the proof-of-concept shows only the ability to crash a machine with a Blue Screen of Death; though inconvenient, this denial of service does not pose the same risks as arbitrary code execution or data disclosure.

The Microsoft-Spurned Researcher Collective welcomes other researchers to join, though Microsoft employees are not welcome: it notes that it has a "vetting process" to weed them out.

Read the comments on this post

Over the course of last week, Scott Guthrie, vice president of Microsoft's Developer Division, showcased a range of new web development tools that the company is working on. These were a prelude to today's introduction of WebMatrix, a new free web development suite, now available in public beta.

The new product is intended to provide a simple, all-in-one solution for building websites on Windows. It comes with all the parts needed for developing dynamic sites: a web server, a database, a web framework, and a development environment, in a small, streamlined package.