In a security advisory issued late Monday, Microsoft confirmed the unpatched bug in VBScript that Polish researcher Maurycy Prodeus had revealed Friday, offered more information on the flaw and provided some advice on how to protect PCs until a patch shipped.

“The vulnerability exists in the way that VBScript interacts with Windows Help files when using Internet Explorer,” read the advisory. “If a malicious Web site displayed a specially crafted dialog box and a user pressed the F1 key, arbitrary code could be executed in the security context of the currently logged-on user.”

Last week, Prodeus called the bug a “logic flaw,” and said attackers could exploit it by feeding users malicious code disguised as a Windows help file — such files have a “.hlp” extension — then convincing them to press the F1 key when a pop-up appeared. He rated the vulnerability as “medium” because of the required user interaction.

Windows 2000, Windows XP and Windows Server 2003 are impacted by the bug, said Microsoft, and any supported versions of Internet Explorer (IE) on those operating systems — including IE6 on Windows XP — could be leveraged by attackers. Previously, Prodeus had said that users running IE7 and IE8 were at risk, but had not called out IE6.

Until a patch is ready, users can protect themselves by not pressing the F1 key if a Web site tells them to, said Microsoft. ”As an interim workaround, users are advised to avoid pressing F1 on dialogs presented from Web pages or other Internet content,” said David Ross with the Microsoft Security Response Center (MSRC) engineering staff in a blog entry on Monday.

“The prompt can appear repeatedly when dismissed, nagging the user to press the F1 key,” Ross added.

The security advisory made the same recommendation: “Our analysis shows that if users do not press the F1 key on their keyboard, the vulnerability cannot be exploited.” Users can also stymie attacks by disabling Windows Help. The advisory explained how to entering a one-line command at a Windows command-line prompt to lock down the Help system.

The company took Prodeus to task for taking the bug public, something it regularly does when researchers disclose a vulnerability or post sample attack code before a patch is available.

“Microsoft is concerned that this vulnerability was not responsibly disclosed, potentially putting customers at risk,” said Jerry Bryant, a senior manager with the MSRC, in an e-mail. By Prodeus’ account, he notified Microsoft of the flaw Feb. 1, about four weeks before publishing his findings.

Microsoft has not set a timeline for a fix, saying only that, “Microsoft will take the appropriate action to help protect our customers.” The next scheduled security patch date for the company is March 9.

Although it does not rate the severity of vulnerabilities in its advisories, Microsoft noted that hackers exploiting the VBScript flaw using Windows Help and Internet Explorer could grab complete control of a Windows system. Customers running Windows Vista, Windows Server 2008, Windows 7 or Windows Server 2008 R2 are safe from such attacks, Microsoft said.

The next major update to Microsoft’s Windows Vista operating system could arrive as late as May or June 2009, months later than originally expected. News site TechArp is reporting an unnamed but reliable source has revealed the final release candidate of Windows Vista Service Pack 2 is scheduled for release in March, 2009. The finalized code will then be made available to hardware manufacturers and OEMs sometime during Q2 2009.

Users will be able to get their hands on the software update shortly thereafter, the website estimates, putting the service pack on track for a May or June release. Vista has proved something of a disaster for Microsoft, but the company is slowly fixing many of the issues that users have reported. The first beta of SP2 was made available in December of last year. Right now, Microsoft is undoubtedly rushing to get Vista SP2 out well ahead of the release of Windows 7, its next major operating system.

Owners of the Barracuda 7200.11 drive can contact Seagate through its support Web site. Seagate also offers support by telephone at 800-SEAGATE (732-4283). The company is offering data recovery services through its i365 data recovery subsidiary. On Friday, Seagate issued a statement saying that a firmware bug has been causing drive failures or freezes affecting not only the Barracuda 7200.11, but also several other models manufactured through December 2008. Those include the DiamondMax 22, the Barracuda ES.2 SATA and the SV35.

The Barracuda 7200.11 is the eleventh generation of Seagate’s flagship drive for desktop PCs and comes in capacities of 160GB to 1.5TB. Seagate manufactures hard disk drives in China, Thailand, Singapore and Malaysia. Hall said he didn’t know what percentage of the 7200.11 drives are failing. “The best information we have right now is that it’s a pretty small population of our drives,” he said. “I’d say this is certainly one of the more highly publicized cases.”

Duncan Clarke, managing director atU.K. data recovery firm Retrodata, said he and his colleagues in the data recovery industry believe that failure rates on Seagate’s Barracuda 7200.11 drive are upwards of 30%. “We’ve been aware of this problem since November. I was getting 30 times the number of those drives than any other drive,” he said. Hall said Seagate isn’t seeing anywhere near a 30% failure rate and hasn’t decided whether to issue a recall on the Barracuda 7200.11 drive.” At the moment, we’re really still looking into it,” he said. “It’s an issue that’s ongoing for us at the moment.”

“This is something that crops up now and then,” Hall said. “Obviously, when you release a drive the firmware is refined over time. There are times when the firmware is at a point where there may be some issues that cause these problems that are undetected when the drive ships.” Clarke said he is disturbed that Seagate has not done enough to address the issue.

“First, they’re shipping rubbish products. Second, they’re not taking responsibility for the problem. They actually own a data recovery company that people go to to recover data from these drives, and they charge a lot of money for that,” Clarke said, referring to the period before Seagate began offering free recovery services. “I hope Seagate is taken to the cleaners over this.” Jeff Pederson, manager of operations at data recovery firm, Kroll Ontrack Inc., said his company has received 100 Barracuda 7200.11 drives, 50 in the last two weeks alone. He said that is a 90% increase over what the company would normally see with a Seagate Barracuda-model drive. ”People are getting perturbed with having to deal with the drive,” he said.

As far as Pederson can tell, the firmware issue is coming from Seagate’s Thailand manufacturing facility. “The firmware is corrupted. It doesn’t interface correctly with the drive and causes it to fail. But, it’s failing at the electronics level and not the platter level, so it’s not destroying data,” he said. Kroll Ontrack is offering a free diagnosis and close to a 50% discount for recovery services to owners of the Barracuda drive, which amounts to $850.

Hall said Seagate is still considering whether it will reimburse customers who took failed drives to i365 or other data recovery services before the larger issue came to light. He acknowledged that this isn’t the first time in recent months that a Seagate product has had firmware problems. In November, Seagate’s 2.5-in. SATA drives with firmware Version 7.01 were failing. The drives, which included model numbers ST96812AS and ST98823AS, are commonly used in laptops such as the MacBook or MacBook Pro. Complaints about the drives have not been limited to Seagate’s online support site. Users have also weighed in on other forums. The complaints involve drives running Linux, Mac OS X and Windows Vista

Russian-based ElcomSoft has just released ElcomSoft Wireless Security Auditor 1.0, which can take advantage of both Nvidia and ATI GPUs. ElcomSoft claims that the software uses a “proprietary GPU acceleration technology,” which implies that neither CUDA, Stream, nor OpenCL are being utilized in this instance. At its heart, what ElcomSoft Wireless Security Auditor does is perform brute-force dictionary attacks of WPA and WPA2 passwords. If an access point is set up using a fairly insecure password that is based on dictionary words, there is a higher likelihood that a password can be guessed. Brute force attacks that send random dictionary words to an access point can eventually successfully guess the password, if given enough time–the more computational power behind it, the faster the software can send passwords attempts and possibly guess the password. *

“Advanced dictionary attacks with deep mutations attempt multiple variants and combinations of each dictionary word. The mutations can be fine-tuned to employ all or some of the settings such as different letter cases, number substitutions, changing the order of characters, using abbreviations and vowel mutations; 12 configurable mutation settings altogether.”

ElcomSoft positions the software as a way to “audit” wireless network security. However, we’re fairly certain that at least some users will use the software for more nefarious means, such as trying to break into someone else’s wireless network. If you manage a wireless network, you should use passwords that use a combination of upper and lower-case letters, numbers, and symbols (if it supported), use relatively long passwords, and avoid dictionary words–in fact, this is good advice for nearly any type of password–not just for wiresless access points. ElcomSoft Wireless Security Auditor runs on Windows NT SP4, Windows 2000, Windows XP, Windows Vista, Windows Server 2003, and Windows Server 2008. The software ordinarily sells for $1,199, but is currently selling at half price ($599.5) until March 1, 2009.

What Microsoft can do is make it easier for components in the system to go into low power mode when the system is idle. Some of that is ‘managing’ components: Windows 7 ‘parks’ CPU cores that aren’t needed, finally implements the ‘slumber’ feature on SATA drives, powers down USB ports and controllers more aggressively and even puts your Wi-Fi card to sleep if it’s turned on but not connected to a network.

Reducing the power draw

Microsoft has also changed its thinking about the system timer; in Vista this is set to 1ms, in Windows 7 it will be 15ms, which reduces the power draw by 15 per cent. General performance improvements like reducing the amount of disk activity involved in reading from the registry and starting services on demand rather than running them in the background will also improve battery life.

That applies to all software: a Vista system running ten services that come with installed applications uses 6 per cent of the CPU even when the PC is idle, compared to 1 per cent for a clean Vista installation. An extra 5 per cent of CPU utilization translates into around 4 per cent less battery life, so Microsoft is encouraging software developers to use on-demand services.

Windows 7 notebooks won’t wake up from sleep for applications that use ‘wake timers’ (except for the timer that wakes the system when the battery is so low the PC needs to hibernate). Open files from a network and CPU utilization won’t stop the screen turning off, the hard drive spinning down and the system going to sleep when you haven’t used the PC in a while; Windows 7 will only check for user input and applications like Media Center recording a long TV show. The screen will also dim to save power before turning off.