In brief: Microsoft to release three patches

Microsoft to issue critical patches this week

Microsoft this week plans to release three patches for several of its software products, including at least two critical updates for known vulnerabilities, according to the company’s monthly security update. Microsoft plans to release one critical patch for its Microsoft Exchange messaging server and two patches, at least one of which is critical, for Windows. All the updates may require a restart and will be detectable using Microsoft’s Baseline Security Analyzer tool. The patches for Windows also can be detected through Microsoft’s Enterprise Scanning Tool. Also on Tuesday, Microsoft plans to release an updated version of its Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services and the Download Center. The tool will now be distributed using Software Update Services, the company says.

Open Document Format plan gains speed

The International Organization for Standards last week gave formal approval to the Open Document Format for Office Applications, paving the way for office suites based on ODF to be more broadly adopted, proponents say. The move comes as Microsoft’s rival standard for its own Office productivity suite, OpenXML, awaits the same approval by the ISO. ODF is a standard for office documents overseen by the Organization for the Advancement of Structured Information Standards and supported by IBM, Sun and others. They want to see ODF adopted internationally as the standard for office documents and software that creates and manages these documents, such as Microsoft’s popular Office suite and rivals such as Sun’s Star Office. The final release of the ODF documentation is expected in August.

FCC holds fast on broadband wiretap access

The FCC last week adopted an order that reaffirms the May 14, 2007, deadline for facilities-based broadband Internet access and interconnected VoIP providers to comply with the 1994 Communications Assistance for Law Enforcement Act for electronic surveillance. The deadline was established under the FCC’s First Report and Order, dated Sept. 23, 2005. The new order says this deadline gives providers of these services enough time to develop compliance solutions. It also clarifies that the May 2007 compliance date will apply to all facilities-based broadband Internet access and interconnected VoIP providers. CALEA has come under fire from higher-education institutions that say compliance will cost them billions of dollars, jeopardize research and open their networks to further hacker attacks. By providing facilities with Internet access, universities and libraries fear they fall under the umbrella of the CALEA compliance order.

Sun takes Azul to court

Sun has sued Azul Systems, alleging the start-up headed by a handful of former Sun employees has infringed on Sun’s patents. The suit, filed last week in the San Jose division of the U.S. District Court for the Northern District of California, counters a lawsuit Azul filed in March asking the court to block Sun from taking legal action. The two companies have been bickering for some time over technology in Azul’s compute appliances that deals with memory and how data is transferred among processors. Sun claims that by hiring former Sun executive Stephen DeWitt, now CEO of Azul, as well as nine other former Sun employees, Azul improperly accessed Sun technology. According to Azul, Sun has been asking for an equity stake in Azul, and upfront fees and royalties from Azul’s products, to resolve the issue. (See related story.)

Research zeroes in on database access, security

Researchers at Pennsylvania State University are touting technology designed to enable databases to talk without giving away secrets to each other. The university’s Privacy-preserving Access Control Toolkit relies on encryption of queries and data transmitted to protect sensitive information. PACT is discussed in a report called “Privacy-preserving Semantic Interoperation and Access Control of Heterogeneous Databases.” Prasenjit Mitra, assistant professor of information sciences and technology, says PACT could provide organizations an easier and less expensive way to share data. Currently, such information exchange involves development of special-purpose applications to get around the fact that different databases use different languages and vocabularies.