Reports have been circulating for a few weeks about a new attack being targeted at certain Windows users that used USB memory sticks to propagate. More details have now emerged, including confirmation from Microsoft that a new flaw exists and is being exploited.

The attack uses specially crafted shortcut (.lnk) files, which trick Windows into running code of an attacker's choosing. Any Windows application that tries to display the shortcut's icon—including Explorer—will cause exploitation, so even the mere act of browsing a directory with the malicious shortcuts is sufficient for a system to be exploited. Analysis suggests that the shortcuts are not improperly formed; rather they depend on a flaw in the way that Windows handles shortcuts to Control Panel icons.

XP fans get reprieve in form of downgrade rights extension: Windows XP is getting another reprieve. In a response to business demands, Microsoft is extending the right to downgrade OEM-licensed copies of Windows 7 to Windows XP. Originally due to end in October, the downgrade right will now be available for the duration of Windows 7's availability.

Microsoft coverage: tell us what you want: What would you like to see more or less of in our Microsoft coverage? Drop into the comments and let us know.

You've likely noticed that our coverage of Microsoft (non-gaming) has picked up quite a bit over the past year, thanks in large part to contributions from Peter Bright who has joined Emil Protalinski on One Microsoft Way. Peter and I were recently discussing future projects, and we both thought it would be a great idea to solicit from you, dear reader, thoughts on what we should and should not be covering in the world of Microsoft.

Microsoft is a massive company with more products than 99.9 percent of the population can name. Despite so many products, it's often hard to determine what is best to cover. Many, many moons ago we sought to cover nearly all of the daily "news," but it was frankly quite boring (and you told us as much, in both feedback and traffic). Patch Tuesday is the most uninteresting (and predictable!) "news" on earth, but some people would argue that it's essential information. Point updates and patches to enterprise products can be pretty snoretastic as well. But readers seemed to respond well to big releases, consumer product news, and strategy/direction analysis.

When thinking about what you'd like to see us cover, keep in mind that there are really two kinds of things we do here at Ars: there's the daily news mill, and then there are long-form features. We're looking for suggestions on both. For those of you who read other tech sites that address Microsoft, it would be fantastic if you linked to stories you wished we covered but didn't. It's one thing to say you want more enterprise news. It's quite another to link some examples of what you think counts as worthwhile examples of enterprise coverage.

As usual, Peter and I will be in the discussion section, so don't hesitate to ask questions if you've got them.

Read the comments on this post

Downgrade rights have been a long-standing feature of Microsoft's operating system licensing. They allow users to buy a license for the latest version of the operating system, and then use that license with an earlier incarnation. Volume license users have long had a broadly unrestricted right to downgrade; though unsupported, they could choose to run Windows 95 if it suited their needs. OEM licenses, sold with preinstalled copies of the software, also have downgrade rights, but unlike the volume license kind, they tend to be restricted to specific versions.

Windows 7's OEM downgrade rights, available for Windows 7 Professional and Windows 7 Ultimate, were originally due to expire this October. Microsoft has now announced that these end-user downgrade rights are being extended further.

Today is the last day that Windows 2000 and Windows XP Service Pack 2 will receive support and patches from Microsoft. Starting tomorrow, Service Pack 3 will be required to receive support and hotfixes for Windows XP.

In the past, the end of support for a service pack would mean that Microsoft would refuse to offer any kind of telephone support or troubleshooting assistance. This policy was relaxed a little in April; limited support will remain available for those organizations sticking with Service Pack 2. However, any hotfixes or security updates will be restricted to Service Pack 3.

Customers on Windows 2000 will not even have this option. The operating system is now out of its extended support phase. This brings an end to any and all hotfixes, security updates, or even paid support options. Fewer than half a percent of Internet-connected machines appear to use Windows 2000, and with the end of support, it is now open season on that minority: Microsoft will take no action to provide fixes for any security issues, regardless of their severity.

Read the comments on this post

Microsoft today announced forthcoming previews of two new Small Business Server versions: Small Business Server 7, and Small Business Server "Aurora." Small Business Server bundles Windows with a range of Microsoft's server software, including Exchange Server, SharePoint, Windows Server Update Services, and in the Premium edition, SQL Server. The bundle is targeted at organizations with fewer than 75 employees, providing streamlined installation and management, along with certain limitations on scalability.

Small Business Server 7 updates Small Business Server to include the latest versions of the relevant programs: Windows Server 2008 R2, Exchange Server 2010, SharePoint 2010, and SQL Server 2008 R2. Small Business Server updates typically lag behind the release of the standalone constituent components as they include additional management consoles to simplify deployment and management.

Even with this streamlined management, Small Business Server is a complex product that requires some degree of administrative competence. Exchange Server, for example, is great when it's working properly, but miserable when it isn't.

This is where Small Business Server Aurora fits in. Aurora is aimed at companies even smaller than the regular Small Business Server product, 25 users or fewer. Rather than bundling Exchange Server and SharePoint, Aurora servers will just be basic domain controllers. Provisioning of e-mail and document management will instead be done through Microsoft's hosted Exchange Online and SharePoint Online products.

By using these cloud services, the maintenance and administrative overhead that's a feature of the normal Small Business Server product is eliminated. The result is a greatly simplified product that's ideal for organizations with little or no IT expertise.

One thing that cloud doesn't do so well is file serving or backup provisioning; Internet connections are normally too slow. Aurora includes extra features to help in this area: it includes the flexible, replicated storage capabilities and remote backup features found in Windows Home Server. This will be the first time that Microsoft takes these features out of the home and puts them in the workplace.

The betas of both products will be available in August. Microsoft is still not saying when the final versions will be released.

Read the comments on this post

Though cloud computing offers users a number of advantages—increased scalability, reduced maintenance costs—it is not suitable for every task. A common problem is that many would-be users can't afford the loss of physical control of their data, typically for regulatory reasons. To meet these needs, Microsoft today announced the Windows Azure platform appliance—a Windows Azure cloud-in-a-box system enabling the creation of private Windows Azure systems.

The platform appliance will be an all-in-one combination of server hardware, networking infrastructure, storage, and software. The exact form of the appliance is still to be determined, but the scale will be large: hundreds or thousands of servers. Microsoft's own Windows Azure data centers use self-contained shipping containers packed full of hardware; this may work well for some customers, but others may need more conventional rack-mounted equipment. Unsurprisingly, given this uncertainty over system specifics, exact pricing and availability are presently unknown.

Dell, HP, and Fujitsu will all be developing and selling Windows Azure platform appliances. Initially, the companies will be selling services hosted from their own data centers; this will then be expanded to include private sale and hosting of platform appliances. Dell hopes to have appliances running within its own data centers by January, and expects to be selling the systems to third parties within 12 months.

One early customer is eBay. eBay already uses Microsoft's public Windows Azure hosting for its iPad listings, an early pilot deployment to prove the viability of the platform. eBay plans to expand this, first using Windows Azure appliances to host internal business applications, and ultimately hosting all business operations on a privately owned Windows Azure-powered cloud.

Though such systems will not be an option for smaller customers, they should give Windows Azure much broader reach into markets such as government and financial services. They should also help to alleviate some lock-in concerns; users of public clouds can be left in the lurch when their provider decides to shut up shop—no such problem exists for private systems.

Read the comments on this post

The second beta of Microsoft's Windows Intune cloud-based desktop management and maintenance software, is released today. The new release opens up the beta to a broader audience, and provides new features to support IT solutions providers.

Windows Intune provides client-side malware protection, patch management, remote assistance, and inventory management. Management tasks are performed through a Microsoft-hosted Web console, allowing easy remote management. Moreover, the use of the cloud means that clients can be managed even when off the corporate network (as is common with laptop users). The new beta includes a new multi-account console aimed at providers of outsourced IT services. With this new console, providers will have an at-a-glance view of the state of all their customers' systems.

Pricing for Windows Intune was also announced. It will cost $11 per PC per month for both the cloud management services and upgrade rights to Windows 7 Enterprise edition. A further dollar per PC per month provides access to the MDOP suite with its more advanced diagnostics and virtualization capabilities.

The first beta, released a couple of months ago, had just 1,000 places, and was restricted to North America; it filled up within 24 hours. The new beta is enlarged, to 10,000 applicants, and will be available in US, Canada, Mexico, Puerto Rico, France, Germany, Ireland, Spain, UK, and Italy. General availability is expected early next year.

Read the comments on this post