First Fix for Server 2008

The first update for Server 2008 will be released today according to an article at SearchSecurity. It will be released at the same time when Microsoft release patches for five critical and three important flaws. The affected operating systems and softwares besides Server 2008 are Vista, Server 2003, IE 6 and 7, Office XP SP3, and Office 2007. An updated version of Malicious Software Removal Tool will also be released today which can be downloaded from Windows Update, Microsoft Update and two other Microsoft sites.

Source: SearchSecurity

Microsoft Details IE 8 Security Default Change

Microsoft plans to make a key Internet Explorer default change to thwart attackers trying to hack into its Web browser. The software maker will enable DEP/NX (Data Execution Prevention/No Execute) by default in IE 8 when the browser is running on Windows Vista and Windows Server 2008, a major tweak aimed at mitigating browser-based vulnerabilities. DEP/NX is already available in IE 7, but it's turned off by default because of compatibility issues.

With the default change, IE 8 automatically gets a security feature that prevents an application or service from executing code from a nonexecutable memory region. When used in tandem with additional security mechanisms, DEP/NX can help to reduce the effectiveness of hacker attacks.

According to Microsoft Program Manager Eric Lawrence, the DEP/NX protection will apply to Internet Explorer and all add-ons loaded by the browser. "No additional user interaction is required to provide this protection, and no new prompts are introduced," Lawrence said.

Full story: eWeek