The new attack code poses a threat on Vista users, while Windows 7 and XP crack-resistant.

The Microsoft is under the pressures after hackers have publicly released the new attack code that exploits a critical bug in the line of Microsoft oprating systems, including Windows Vista Service Pack 1 and 2, Windows 2008 SP1, SP2 server.

Although this vulnerabilty issue has been known since Spetember the publicly available programs that can use that bug haven't been able to do anything except crash the operating system. However, a new attack code developed by Harmony allows to run unathorized software on cracked PC making it much more serious problem for Microsoft. The attack code was added to the company's open-source Metasploit penetration testing kit making the code widely available.

From other side, a software company called Immunity recently developed its own attack code for the bug, but that code is available only to the company's paying subscribers. And although the atack code is claimed to potentially work on both Windows Vista and Windows 2008 (Service Pack 1 and 2) the code may not be completely reliable, according to Immunity Senior Researcher, who stressed that he could get the Metasoft Attack to work only on the Windows Vista operating system running within a VMware virtual machine session. He added "When he ran it on native Windows systems, it simply caused the machines to crash."

In turn a Metasploit developer said that the attack definitely worked on at least some physical machines, but looks like it could use more testing.

Either way, the public release of this code should put Windows users on alert. Security experts worry that this code could be adapting to create a self-copying worm attack, much like last year's Conficker outbreak. It might seems strange but unlike Conficker, this attack would not affect older Windows XP, Windows Server 2003,or Windows 2000 systems. That's because the underlying flaw that all of these programs exploit lies in the SMB (server message block) version 2 system, introduced firstly in Vista.

Microsoft has confirmed that Immunity's attack works on 32-bit versions of Vista and Windows Server 2008, but did not have any immediate comment on the Metasploit code.

According to Immunity Senior Researcher the flaw has been patched in Windows 7, yet Microsoft released a Fix tool that disables SMB 2, and the company said that it is working on a fix for the software.

Weekly Wrap-Up. Summary of some top stories in the past week.

In the search war Bing grabs 11% of search market, while Microsoft introduces new tools for secure application development.

According to recent results from analyst company Nielsen, Microsoft Corp's Bing continues to strengthentening its position on the search engine market and demonstrated steady growth by 9% in July and 10.7% in August. Such performance has made Bing the fastest growing search engine on the market, where still three major competitors, with Google long ahead are trying to take their stakes. Although, Bing still far behind Google, its verges towards Yahoo Inc.'s search engine position, that showed 4.2% decline from July. However, the emphasis might shift once Microsoft and Yahoo enter into a partnership after passing an antitrust muster. The agreement allows Bing to power Yahoo's Web sites, while Yahoo will drive sales of premium search advertising services for both companies. That movement
could unite two giants and give them a needed leverage in ongoing battle against the leader.

On other side, Microsoft continues to show its commitement to making Security Development Lifecycle (SDL) process real for developers and presented new testing tools to help Windows programmers build better security into their C and C++ applications. Symbolically the tools offered at no cost enablig implementation of Microsoft's SDL process, for injecting security and privacy provisons into the development lifecycle as opposed to testing during pre- and post deployment of application.

One of the tools, BinScope Binary Analyzer, analyzes binary code to validate adherence to SDL requirements for compilers and linkers. By checking a variety of SDL requirements like GS flag, which is used to prevent buffer overflows it also verifies use of strong-named assemblies and up-to-date build tools. The tool requires symbol files, providing security against hackers potentially using the tool to analyze software on the Web for weaknesses.

A Microsoft representative said many of the checks featured in BinScope Binary Analyzer are inherently built into .NET coding. Microsoft previously has released a threat management tool and process management template based on SDL.

The second tool, Microsoft MiniFuzz File Fuzzer implements the fuzz testing technique. Testers check application behavior by parsing files that have been deliberately corrupted. Security tests are applied to take code through different flow patterns and identify whether resulting crashes should be investigated as potential application security risks.

Microsoft has recently released a paper entitled "Manual Integration of the SDL Process Template," to guide Microsoft Visual Studio Team System users through a manual process to incorporate elements of the SDL process template into Team System projects.

Microsoft starts to work on Windows 8

With approaching of Windows 7 on the offer there are some questions arise whether Windows 7 will be the last Microsoft traditional operation system. And will the next version of Windows be completely cloud-based?

So what's the next? Windows 8, of course, and Microsoft has posted several job listings for developers to help with work on Windows 8, however in can have another naming by the time its launched. There is an example of those listings:

“For the upcoming version of Windows, new critical features are being worked on including cluster support and support for one way replication. The core engine is also being reworked to provide dramatic performance improvements. We will also soon be starting major improvements for Windows 8 where we will be including innovative features which will revolutionize file access in branch offices.”

It looks like Microsoft already works hard on the new storage technology "Distributed File System Replication", which is focused on keeping data synchronized across multiple servers. And another Windows 8 job posting focusing on Windows file system tells that Windows 8 Server will also show up.