Late last year, Microsoft surprised many with the announcement of the Surface-branded headphones. The premium peripheral has opened the door to the company exploring where else they can apply the Surface branding and the next stop appears to be a pair of earbuds. According to multiple sources who are familiar with the company’s plans, Microsoft is currently working on a pair of earbuds under the code name of Morrison. The company is looking to capitalize upon the development of its audio tech by expanding its portfolio to cover the two major categories of headphones: over-ear and in-ear. This isn’t Microsoft’s first adventure into the earbud segment, the company previously sold earbuds with its Zune music player several years ago. And with wireless earbuds being a quickly growing segment with Apple leading the way and Amazon likely joining the party soon, Microsoft will be entering a saturated market but that has never stopped them in the past. The codename for this product is a bit different than others we have seen come out of the Microsoft camp when it comes to hardware. There are devices like Andromeda and Centaurus that use astrological names but the original Surface Headphone name was Joplin – likely related to Scott Joplin (or actually, Janis Joplin), an American composer known for his ragtime music. Morrison is likely related to Jim Morrison, who was the lead singer of the Doors and is considered to be a classic American rock star. As for the name, Surface Buds has been tossed around but I don’t know if that will be the retail name when they do arrive. Follow this and more on OUR FORUM.

A security researcher has published today details and proof-of-concept code for an Internet Explorer zero-day that can allow hackers to steal files from Windows systems. The vulnerability resides in the way Internet Explorer processes MHT files. MHT stands for MHTML Web Archive and is the default standard in which all IE browsers save web pages when a user hits the CTRL S (Save web page) command. Modern browsers don't save web pages in MHT format anymore, and use the standard HTML file format; however, many modern browsers still support processing the format. Today, security researcher John Page published details about an XXE (XML eXternal Entity) vulnerability in IE that can be exploited when a user opens an MHT file. "This can allow remote attackers to potentially exfiltrate Local files and conduct remote reconnaissance on locally installed Program version information," Page said. "Example, a request for 'c:Python27NEWS.txt' can return version information for that program." Because on Windows all MHT files are automatically set to open by default in Internet Explorer, exploiting this vulnerability is trivial, as users only need to double-click on a file they received via email, instant messaging, or another vector. Page said the actual vulnerable code relies on how Internet Explorer deals with CTRL K (duplicate tab), "Print Preview," or "Print" user commands. But, as Windows uses IE as the default app to open MHT files, users don't necessarily have to have IE set as their default browser, and are still vulnerable as long as IE is still present on their systems, and they're tricked into opening an MHT file. This vulnerability should not be taken lightly, despite Microsoft's response. Read the complete story on OUR FORUM.