Hackers are exploiting a security bug in earlier versions of Internet Explorer that allows them to remotely execute malicious code, Microsoft warned on Tuesday.

The vulnerability in IE versions 6 and 7 allows remote attackers to gain the same access to the affected PC as the local user. The bug, which stems from an invalid pointer reference, either doesn’t exist in IE 8 or can’t be exploited in that version, providing users with yet another strong reason to upgrade to a modern browser

During the keynote presentation at TechEd Middle East in Dubai, Microsoft’s Eric Rudder played the same Indiana Jones-ish game on a Windows computer, a Windows Phone 7 phone, and an Xbox 360. Gaming is about to get real ubiquitous.

Not only is the game itself playable on all three platforms, but the session is maintained when you move from device to device: if you’re playing on your Xbox and have to run out the door, you’ll be on the same level when you fire it up on your Windows Phone 7 Series phone. Basically, you’ll never have an excuse not to be gaming.

Microsoft told Windows XP users not to press the F1 key when prompted by a Web site, as part of its reaction to an unpatched vulnerability that hackers could exploit to hijack PCs running Internet Explorer (IE).

In a security advisory issued late Monday, Microsoft confirmed the unpatched bug in VBScript that Polish researcher Maurycy Prodeus had revealed Friday, offered more information on the flaw and provided some advice on how to protect PCs until a patch shipped.

“The vulnerability exists in the way that VBScript interacts with Windows Help files when using Internet Explorer,” read the advisory. “If a malicious Web site displayed a specially crafted dialog box and a user pressed the F1 key, arbitrary code could be executed in the security context of the currently logged-on user.”

Applying the latest patches from Microsoft can cause Windows XP machines to crash with the infamous blue screen of death.

Updating systems with the MS10-015 bulletin, which addresses “important” vulnerabilities in Windows Kernel, can cause machines to lock up when restarted before falling into a never-ending reboot loop. The problem is far from isolated, judging by a growing thread on the topic on an official Windows support forum though it’s fortunately not commonplace either.

Restarting affected systems in Safe Mode reportedly doesn’t seem to help. Suggested fixes for the problem involve booting from a Windows CD or DVD and starting recovery console before uninstalling the MS10-015 update. Uninstalling all 11 of Tuesday’s Windows-related updates, as initially suggested by some users, now seems to be unnecessary.

Security firm Sunbelt advises users to hold off the MS10-015 update.

In the coming days, Microsoft will be deploying a new update for Windows Activation Technologies, the set of built-in activation and validation components built into Windows 7. Called Windows Activation Technologies Update for Windows 7, this update will detect more than 70 known and potentially dangerous activation exploits.

Customers will get the patch gradually, with Windows 7 Home Premium, Professional, Ultimate and Enterprise users getting the update first.

In addition MS will make Windows Activation Technologies (WAT) available for download through its Microsoft.com/genuine website on 16 February. The Microsoft Download Center will get the update a day later, it said.

A 17-year-old bug in Windows will be patched by Microsoft in its latest security update.

First appearing in Windows NT 3.1, the vulnerability has been carried over into almost every version of Windows that has appeared since.

The monthly security update will also tackle a further 25 holes in Windows, five of which are rated as “critical”.

The ancient bug was discovered by Google security researcher Tavis Ormandy in January 2010 and involves a utility that allows newer versions of Windows to run very old programs.

Mr Ormandy has found a way to exploit this utility in Windows XP, Windows Server 2003 and 2008 as well as Windows Vista and Windows 7.

The patch for this vulnerability will appear in the February security update. Five of the vulnerabilities being patched at the same time allow attackers to effectively hijack a Windows PC and run their own programs on it.

Microsoft has announced it will soon no longer support the original Xbox console on its Live online service.

From 15 April, Microsoft will “discontinue Xbox Live service for original Xbox consoles and games”, according to the software giant’s Major Nelson blog.

The decision will also impact Xbox 360 owners - specifically, those who play old Xbox games on their second-gen consoles over Xbox Live.

Microsoft let slip details about its Office 2010 “technology guarantee” plan yesterday.

Office 2007 purchasers to get free update from 5 March?

The apparent PR gaffe revealed that the software vendor would kick off the program on 5 March. Office 2010 is expected to hit retail in June this year, but Microsoft hasn’t yet confirmed an official date for its next big consumer product launch.

Google says it will cease fully supporting Microsoft Internet Explorer 6.0 for its Google Docs and Google Sites applications on March 1. This deadline also applies to other older Web browser versions, including Mozilla Firefox 2.0, Apple Safari 2.0 and Google’s own Chrome 3.0. The move is part of Google’s push to rid the messaging and collaboration world of the dated, insecure IE 6 and put Google Chrome in its place. Chrome has 4.63 percent of the browser market and Google would love to chomp away at IE’s 63 percent share.

The Marker reports that a former Microsoft employee who has been on the Microsoft cruise ship alleged to have a sex and drug party, claims that the “girls” were brought on board the ship by Turkish partner and Egyptian division manager. The former employee said that this was a private initiative and not a Microsoft sponsored event.

He also claims that although they were invited to participate in the activity, he and other MS reps got off the ship and spent the night on bars and restaurants on shore. At the course of the evening he got a call from his friends on board the ship that they ran out of condoms and was asked to renew the ship’s supply. He said that he did not witness and illegal substance on the ship as claimed in the law suit.

If you use any version of Internet Explorer to surf the web, Jorge Luis Alvarez Medina can probably read the entire contents of your primary hard drive.

The security consultant at Core Security said his attack works by clicking on a single link that exploits a chain of weaknesses in IE and Windows. Once an IE user visits the booby-trapped site, the webmaster has complete access to the machine’s C drive, including files, authentication cookies - even empty hashes of passwords.

EIM, an Israeli software distributor is suing Microsoft for terminating their partnership after they refused to participate in a drug and sex party.

According to Globes(Hebrew), EIM, once one of the largest Microsoft distributor in Israel, claims that Microsoft sponsored a cruise for its Israeli and and Turkey distributors. On this cruise they claim there were women paid by Microsoft to have sex with the guests, activity that was encouraged by Microsoft stuff. Also in this alleged party Microsoft representatives encouraged participants to use what looked like illegal substance.

According to the claim, EIM’s personnel refused to participate in the drug and sex party which caused Microsoft to cancel their agreement and terminate their distributor license, which caused EIM a 50% loss in revenue.

Microsoft claims that the license termination was due to incorrect sales reports by EIM, and even called it fraud.

Microsoft refused to comment about the sex party allegation saying the claims are not worthy of a response.