To end a busy week where Microsoft scrambled to respond to complaints about a faulty patch for Internet Explorer, the software giant said Friday it released an automated workaround to solve the glitch.

Security experts have mixed feelings about the workaround. On one hand, they commend the speedy remedy issued by Redmond, which IT pros hope will keep them from getting locked out of IE after a reinstall. Conversely, some wonder why a whole new patch wasn't issued to correct what happened last week to those who installed the cumulative fix for the application included in the December patch rollout.

According to Microsoft Security Response spokesman Bill Sisk, the fix mostly revolves around Windows XP Service Pack 2 (SP2) and the accompanying IE version 6, even though Security Bulletin MS07-069 was an all-encompassing update for all versions of the browser.

The latest workaround, released two days after Microsoft issued a manual workaround, requires users to change Windows Registry settings. This means essentially tweaking the master directory for the operating system that contains configuration information for all the hardware, OS software and related applications. For instance, when a user updates the control panel, system files or installed software, the changes are replicated and stored in the registry.

As of Friday, Redmond said it still has not ruled out issuing a hotfix to ensure that security administrators have no problems implementing the workaround.

Paul Zimski, senior director of market strategy at Lumension Security, a Scottsdale, Ariz.-based consultancy that makes PatchLink, said the issue is large scale because IE 6, the browser edition most prominently affected by the problem, is also the most popular and most widely used version of the OS-based Web application. In that vein, he cautioned that the workaround is only temporary.

Given the fact that enterprise technologists sometimes just install patches and jump right back into production without testing -- because that’s what they do every month -- Zimski said it's important for security administrators to evaluate immediate needs, which may or may not include installing a patch right away.

"Anytime you get involved with patching, you're dealing with potential pitfalls," added Zimski. "And when vendors such as Microsoft are up against tight deadlines, things can be missed even though patches are usually pretty safe."

Developers of open-source Samba software will find their work a little easier thanks to an agreement with Microsoft, signed last week, that will give them access to previously secret data on how the Windows operating system works.

Microsoft was compelled to make this information available following a March 24, 2004, European Commission antitrust ruling against the company. In July 2006, the EU fined Microsoft €280.5 million (US$338.6 million at that time) for failing to provide documentation on Windows protocols to its rivals. Microsoft lost an appeal of that decision in September, setting the stage for the deal.

The deal was signed with a nonprofit group called the Protocol Freedom Information Foundation, (PFIF) which negotiated on behalf of the Samba team because Samba is not represented by a corporate entity. PFIF will pay a one-time fee of €10,000 and, in return, will be able to allow open-source developers, including the Samba team, to access the documents.

Developers will have to sign nondisclosure agreements and will not be

allowed to redistribute Microsoft's documentation, but they will be able to write open-source software that implements the Windows protocols. The deal will also clarify which patents Microsoft believes are related to this technology, making it easier for open-source developers to avoid patent violations.

Antitrust rulings forced Microsoft to set up protocol-licensing programs in the past, including the Microsoft Communications Protocol Program (MCPP) and the Work Group Server Protocol Program (WSPP), but these efforts were not compatible with open-source software licenses.

To reach an agreement with the Samba team, Microsoft created a new type of WSPP licensing agreement, which gives developers access to the Windows protocols as well as a clear list of the patents that Microsoft has declared relative to its technology.

"They're giving us all the documentation to make everything work," said Jeremy Allison, co-author of Samba. "We will have no more excuses to suck... if we don't have something, we won't be able to say it's not our fault we don't know how to do it."

Samba and Microsoft executives had been meeting since March in hopes of hammering out a deal, said Sam Ramji, director of Microsoft's Open Source Software Lab, in a blog post entitled "If you're surprised, you're not paying attention."

"I expect that this will significantly improve the process of Samba development, and produce better quality interoperation between Windows and Linux/UNIX environments," he wrote.

Samba is an open-source version of the file-and-print software used by Windows. It is a standard component of the Linux and Unix operating systems, allowing these systems to share data and work alongside Windows clients.

But development of Samba has traditionally been back-breaking work. Developers would analyze network traffic to try and glean how Windows was working and then build their software based on that knowledge-- a process called reverse-engineering.

With the new agreement, developers will have access to Microsoft's own protocol specifications and will be able to build their software based on those documents, Allison said. That, in turn, will accelerate the team's development of its next generation of software, which will implement the new Sever Message Block (SMB) 2.0 protocol, used by Windows Vista.

Though the deal was reached on Thursday, developers were still waiting for the final technical aspects of the document hand-over to be settled, Allison said. He expects to get his hands on the technical specifications fairly soon. "I'm guessing that for my Christmas vacation I'll have some enjoyable things to read," he said.

Microsoft yesterday continued its hand-in-hand development of Windows Server 2008 and Windows Vista's first service pack, publishing release candidates (RC) for each product.

The big updates in Windows 2008 RC1 revolve around enhancements to Group Policy, a management framework first introduced in Windows 2000 Server. Group Policy Preferences, as it has been renamed, was formerly known as PolicyMaker Standard Edition and Policy Share Manager. The main benefits of Preferences appear to be more granularity for admins and simplified administration through reduced complexity of configuration scripts.

The release of RC1 means that Windows 2008 is essentially feature complete, with only very minor tweaks made going forward. Tina Couch, who described herself as the "newest member to the Windows Server team," blogged that Windows 2008 will be released to manufacturing (RTM) by the date of the "Global Launch Wave" on Feb. 27.

In an interesting side note, the Launch Wave itself has undergone a name change, now called "Heroes Happen Here." Couch claimed that it's the "largest enterprise launch in history, a whopping $150 million+ worldwide for outreach and demand generation to IT Pros and developers."

Vista SP1 is at the same stage of development as Windows 2008, and most of the changes since the most recent beta release concern installation issues. Vista Product Manager Nick White, on Microsoft's Vista team blog, wrote that the changes include:

    * Significantly smaller installer packages, reduced in some cases by half
    * Reduced disk space needs to install the SP
    * Better cleanup and deletion of files used for the install
    * Bug fixes to smooth the install process
    * More built-in guidance on how to install

White also added that Microsoft intends to "complete and release" SP1 in Q1 next year, putting it on nearly the identical release path as Windows 2008.

Since Windows 2008 and Vista SP1 share most of the same codebase, it makes sense to keep the releases close together, since getting the codebases too out of sync can cause problems. In an earlier story about delays in the Windows 2008 rollout timetable, analyst Rob Enderle of the Enderle Group speculated about the delay. "From the standpoint of servers, Microsoft would rather have [Windows 2008] at [Vista] SP1 level when it ships," Enderle said in late August.

Vista RC1 was made available today to TechNet and MSDN subscribers. White said that it will be available publicly next week on the Microsoft Download Center.

Both Windows 2008 and Vista SP1 have been hit hard by delays. Windows 2008, formerly code-named "Longhorn," has been in development for years, and has had a number of major features altered or completely eliminated; even then, its ship date kept slipping until the Global Launch Wave date was announced. Vista SP1 is a much-anticipated release for Microsoft, as corporations typically wait until the first service pack is released for a product before it's deemed stable enough to roll out on the network.

Vista could use a boost, as its sales figures have sagged well below expectations since its release early this year.

The other products scheduled to be announced at the launch event in Los Angeles include SQL Server 2008 and Visual Studio 2008.

Microsoft on Friday launched Service Pack 1 for Windows Exchange Server 2007. Features include additions to the Exchange management console, Outlook web access and disaster recovery.

Disaster recovery features already in Windows Exchange Server 2007 include Local Continuous Replication and Cluster Continuous Replication. SP1 introduces Standby Continuous Replication, which allows replication between geographically dispersed areas. Data created in one place can be copied to other areas so that, in the event of failure or disaster, data from the other areas can be recovered automatically.

However, replication will not happen automatically. "Restore after failure will be a manual process," said Microsoft's Mark Deakin, product manager for unified communications. "It has to be manual because it is two separate pieces of data."

Another new feature in the Exchange Server 2007 SP1 is a closer tie with Office Communications Server, with the ability to move voice mail between the two and control a greater variety of mobile devices. "There are lots more mobile devices you can connect as well," said Deakin.

Forefront Security for Exchange Server is now included, as is support for multiple scanning engines from more security firms. These can be implemented in a single module, Microsoft said.

Microsoft claims it has more than 3,000 companies as customers, representing more than a million seats now working with Exchange Server 2007. More than 270,000 people tested out the beta of SP1, the company said.

Microsoft and its partners say the adoption cycle for Windows Vista is still in the early stages, particularly for businesses -- many of which are likely waiting for the release of Service Pack 1. Likewise, many businesses need to upgrade their hardware to run Vista, which is a major proposition. For consumers, this holiday season is the first in which Vista-loaded computers will be on store shelves.

Still, one year after Vista and Office were launched for businesses, some headlines today might have some people at Microsoft cringing.

There's this, from CNET, on a Qualys study that shows a major increase in Microsoft flaws between 2006 and 2007. "We have seen a huge jump in the vulnerabilities in Microsoft Office products," Amol Sawate, manager of Qualys' vulnerability-management lab, told CNET. "These charts show growth of nearly 300 percent from 2006 to 2007, primarily in new Excel vulnerabilities that can easily be exploited by getting unsuspecting users to open Excel files sent via e-mail and instant message."

And the AP's locally based correspondent covering Microsoft, Jessica Mintz, has this report on tests showing that an updated Windows XP will perform faster next year than Vista. Key passage:

    [The testers] found the original Vista performed 50 percent to 100 percent slower than the prevalent XP Service Pack 2, or SP2.

    Vista SP1, due out in the first quarter of 2008, barely improved the operating system's performance.

    But XP SP3, scheduled for the first half of 2008, did improve on XP's earlier performance, running 10 percent faster than SP2.

Microsoft says its too early to make such comparisons.