Due to a vulnerability in several programming languages, ASP.NET being one of them, Microsoft has released an Out of Band security update (MS11-100) to fix the problem. This vulnerability can bring down a website by using a small, bot-free, program sending HTTP requests. If you are running a web server, make sure you update your machines!

The problem that caused a stir in the security community exists in many of the Web’s most popular application and site programming languages, including ASP .Net, the open-source PHP and Ruby, Oracle’s Java and Google’s V8 JavaScript, according to two German researchers, Alexander Klink and Julian Walde.

Klink and Walde, who presented their findings at the Chaos Communication Congress (CCC) conference in Berlin on Wednesday, traced the flaw to those languages’ — and others’ — handling of hash tables, a programming structure used to quickly store and retrieve data.

Unless a language randomizes hash functions or takes into account "hash collisions" — when multiple data generates the same hash — attackers can calculate the data that will trigger large numbers of collisions, then send that data as a simple HTTP request. Because each collision chews up processing cycles on the targeted server, a hacker using relatively small attack packets could consume all the processing power of even well-equipped servers, effectively knocking them offline.

Microsoft confirmed that a single 100K specially-crafted HTTP request sent to a server running ASP .Net would consume 100% of one CPU core for 90-110 seconds.

Many investors are scared of Microsoft for a variety of reasons. It is very curious as to why, however. It is a good performer in a business, yet it’s stock shows none of it and portraits a failing company. It should be a definite buy and a huge money maker. Dividends are up, sales are consistently up,  profits are up. Why is the stock low and not rising?

Some say that the number one reason is the CEO after Bill Gates left: Steve Ballmer. I tend to agree to an extent. Nothing personal against the guy, but he isn’t a nerd. He’s a salesman (and not a good one at that). New management would go a long way at  Microsoft. In a previous news post, I mentioned some of the questionable treatment of the employees. This is a HUGE deal breaker at Microsoft and why people are flocking towards Apple and Google. Employees like to feel needed, wanted and valuable. At a place like Microsoft, they should be and they ARE extremely valuable to the company and to it’s products.

What do you think? Should Steve Ballmer be replaced by a more capable CEO candidate? Should they bring in a technical fellow rather than a salesman? Do you own Microsoft stock and feel let down, or are you holding out on buying the stock due to it’s stagnation? Let us know in the comments. Yes, I am a small stock holder in MSFT, and I am happy to own it, but I’d like to see it perform a bit better. I’m not too horribly disappointed as I haven’t lost any money and have gained some, but it just isn’t aiming too high. It’s more like a cruising Cessna than a jet heading for the clouds.

The reason Microsoft has been so successful stems from the basic nature of its business model, which for years has been relatively simple. Developing software requires large upfront costs for R&D, but after that, each unit sold is almost pure profit. Add in the fact that Microsoft had (or has, depending on who answers) a virtual monopoly on the PC market. This is why Microsoft has risen over 25,000% since its IPO in 1986. The business model worked almost perfectly, making billions for shareholders and Microsoft employees, all while changing the way the world works and plays. But the stock has flatlined over the last decade, and the days of stellar returns are long gone. Why? It is because Microsoft’s business model is under attack from all sides. The very core of the company, desktop software, is slowly eroding.

For those that are movie buffs and like Mission Impossible, Microsoft has released a new theme for Windows 7 featuring the action of the new movie. Download it and check it out!

When talking about Microsoft, sexy and tease doesn’t really pop into my mind. However, it is the end of 2011, and there are going to be a thousand lists for both 2011 and 2012. Mary-Jo Foley has a 10 sexiest Microsoft teases for 2012. I have to agree with most of them. Of course, you know Windows 8 and Server 8 are on there.

In 2012, if the Redmondians stick to their own roadmaps, we should hear a lot more about products of interest to business users. Based on hints from 2011, here’s my Top 10 list for business products and technologies to watch for from the ‘Soft in the coming year.

Sure, the ultimate gaming PC would include a holodeck (from Star Trek lore), but there are a lot of other, more practical ways to use it. Microsoft is working on a version of a holodeck, or a magic wall, with some great new concepts. I would love to see how this evolves, and not get scrapped as with other really cool concepts from Microsoft.

Microsoft has a busy year ahead of them, from new products to supporting old ones. A former Microsoft employee has written a list of things Microsoft should do in 2012. They all ring true. But, two of them really stuck out.

The first is about treating your employees right. This has been brought up to me from several Microsoft employees, and say that it is perhaps the #1 limiting factor at Microsoft. The scores that are under a quota. This limits your employees big time. You can lose some very talented people this way. It just doesn’t make sense, and you are not only losing talent, you are losing the respect of your employees. They will go on to be very successful at Google, Apple or other competitors.

Perhaps bigger than all the other things combined. Microsoft’s motto is ‘Your Potential, Our Passion’. They should apply this to their staff. There are lots and lots of great things about being a Microsoft employee, but the one thing that negates them all and that ruins the experience is the horrible review system, and the consequences of how it works. Like many things in Microsoft, it looks great on paper. Every employee is given a score from 1 to 5, with 1 being good. Your pay, bonus, stock grant, and career trajectory hinge on it.

Second, support your products. Yes, once they get past being successful in the marketplace, DON’T STOP! Keep marketing them, keep updating and supporting them. Don’t just drop them and shrink the team down to nil. Once you burn enough bridges, people will stop wanting to cross them. After the loss of the Kin phone, even the carriers were scared to take on another Microsoft phone – what about the consumers? The Zune? Don’t get me started on that one.

This goes beyond developer APIs of course. When Microsoft starts up something new, it’s done with full steam ahead gusto (Silverlight as a prime example), but once it’s launched, and once it’s successful, sustaining it doesn’t seem to be a priority. Hello IIS. Hello Zune. Hello *. Heck, I just read an article that MS may be stepping away from the ‘decision engine’ branding for Bing that it spent goodness knows how many dollars to get out there…

There have been a few theories floating around the web this weekend on why the Windows Phone 7 platform isn’t as successful as it should be. One reason stems from the name: Windows Phone 7. It says that it isn’t a new platform and it is still Windows. WP7 is still Windows, but it is a huge change from previous versions.

Another issue: market fragmentation. Apple has none (they make the devices and OS), Android has many (they make OS, makers customize it and release various hardware). Windows Phone 7 is right in between. They have a tight hold on their OS, forcing updates to all carriers. They also have a strict hardware minimum requirements for hardware developers. Not giving much control to the hardware manufacturers nor to the carriers is what may be hindering them from being as successful as they should be.

Personally, I chalk it up to a few reasons. Aside from what has been mentioned above by others. Most users want what has been tested and works. iOS works. Their friends have it. It does a lot. Android was the major competitor. Anti-Apple users love it and they can be extremely low cost and there are a LOT of devices out there that run Android OS. It has become very familiar and a lot of people own them. Their friends have it. Windows, on the other hand, has proven in the past to be a business phone (similar to Blackberry). It is all business, no fun. Windows Phone 7 changes that, but it hasn’t really proven it yet.

There is a lack of apps due to developers wanting to make applications for the dominating market (iOS and Android). Even though Windows Phone 7 is reviewed very highly by its users, it hasn’t been accepted into the “friend zone” where it would need to be. It’s still a very niche product. Until it is more widely accepted and becomes more popular with the teen group (which play a lot of games), I don’t see it getting out of the “friend zone”. People buy what their friends have, they buy what’s trendy (in general). Windows Phone 7 isn’t there yet. Hopefully, with some better marketing and incentives for the carriers to promote it, it will gain some market share and the confidence of more users.

It was a pretty eventful year for Microsoft, from Windows Phone 7 to Azure to Bing and the pre-beta developers preview of Windows 8. There were a lot of other events that didn’t really get a lot of the spotlight. Seattle Times has a nice A-Z writeup of the events that helped shape Microsoft’s very busy 2011. I’m hoping for more positive news in 2012!

Of course, the ‘Z’ has to be an obituary. And what ‘Z’ product does Microsoft have? Yes, the Zune. Rest in peace, you were a worthy competitor to the mighty iPod.

Z= Zune. RIP, Zune Player. There were a few days in October when we didn’t know your fate: First, Microsoft seemed to say you were dead, then not dead, then, finally, definitely dead. Your spirit lives on in the Zune music and video service in PCs, Xbox, Windows Phone and existing Zune players.

Microsoft is attempting to target the Xbox 360 as more of a family machine instead of a male gaming machine by removing any gun items from the Xbox Avatar marketplace. So, grab your weapons while you have the chance. The ban goes in effect on January 1st, 2012. Anything bought before then will not be removed.

I do not see how removing guns from an avatar marketplace will help the image any, but I guess I’m not a high paid public marketing executive that thinks they know the public relations market…

Todays deal of the day is the classic fighter Street Fighter 3: Third Strike Online Edition for 50% off, making it 600 points (~$7.50 USD). Great deal for a great game. I know I bit on this deal.