Advanced Software Security

Microsoft Security Update April 2009

2009-04-10T20:06:00.000-07:00

Microsoft news and product information from microsoft.com and product team blogs

Security
 Update on Conficker.D We’ve received a lot of questions from customers about April 1, 2009 and the latest Conficker variant discovered earlier this month, Worm:Win32/Conficker.D (also known as Conficker.C or Downadup.C by some other companies). I wanted to let you know that we’ve put some new information up about Conficker.D today from our work with our partners in the Conficker Working Group. See also this post on the Microsoft Malware Protection Center: Information about Worm:Win32/Conficker.D
 MS09-008: DNS and WINS Server Security Update in More Detail After releasing security update MS09-008, we received a number of questions on the WPAD issue (CVE-2009-0093) addressed in the update. There are claims that this update is ineffective. Let me be clear that this update will protect you and it should be deployed as soon as possible.
How Microsoft does IT
 Improving Sustainability and Utilization of SQL Server at Microsoft With more than 4,700 Microsoft SQL Server instances in operation, Microsoft Information Technology (MS IT) sought to reduce operational and capital expenses through server consolidation and multi-tenancy. The SQL Utility service facilitates this effort. The SQL Utility service and related server consolidation efforts contribute to environmental sustainability, more efficient utilization, and improved quality of service.
 Securing Business Workflows and Networks for Partners In designing the corporate extranet, Microsoft took advantage of its own technologies to provide a level of information and access that facilitates vital partner relationships and collaboration without jeopardizing security.
 Best Practices for Deploying Virtual Machines using Hyper-V Virtualization Technology Microsoft IT virtually deploys more than 80% of new IT servers using Windows Server 2008 Hyper-V. To ensure optimal performance, Microsoft IT has developed configuration best practices, based on the application workloads or services being provided by the virtual machines.
Windows Desktop and Server – 7/2008 / Vista / 2003 / XP
 DS Restore Mode Password Maintenance There comes a day in nearly every administrator’s life where they will need to boot a domain controller into DS Restore Mode. Whether it’s to perform an authoritative restore or fix database issues, you will need the local administrator password. Too often, we work with customers that have not been maintaining this password and do not have a way to get in to their DC’s.
 Clustering Webcasts for Windows Server 2008 R2 and Cluster Beginners We have some upcoming webcasts covering both introductory material and R2 features. If you’re new to clustering and want to learn more, our beginners webcasts will give you a solid foundation. If you want to know more about Failover Clustering in Windows Server 2008 R2 (code name ―indows Server 7‖, check out our Feature Roadmap and Cluster Shared Volumes (CSV) presentations. Our multi-site clustering webcast will discuss disaster recovery options through a configuration often called ―tretched clustering‖or ―eographically distributed clustering‖
 Stopping the Windows Authenticating Firewall Service and the boot time policy Lately, I have been seeing a number of issues/concerns from people where they manually stop the Firewall service and lose connectivity to the machine. They always seem surprised when I explain that it is by design.
 Improving TS Gateway availability using NLB TS Gateway is a Windows Server 2008 role which provides secure access to corporate desktops and applications for Internet users. Mobile workforces rely heavily on TS Gateway for remote access needs. To ensure 100% availability there are three methods we recommend which can help achieve this goal for TS Gateway
 Migrating a Windows Server 2003 TS License Server This article is designed to help those who want to migrate their Windows Server 2003 TS License Server from one machine to another. We recommend that you read through the instructions once before beginning the migration.
 Understanding DFSR Debug Logging (Part 1: Logging Levels, Log Format, GUID’s) Today begins a 21-part series on using the DFSR debug logs to further your understanding of Distributed File System Replication. While there are specific troubleshooting scenarios that will be covered, the most important part of understanding any products logging is making sure you are comfortable with it before you have errors. That way you have some point of reference if things go wrong.
 How do I find out what changes are going on in my Active Directory? In order to find the cause for the problems, you should find what has changed in the AD database recently.

 Reminder: End of Life for Service Pack 1 in Windows Server 2003 Coming Soon Support for computers running Windows Server 2003 Service Pack 1 ends on April 14th, 2009. After that point there will be no hotfixes, security updates, or support for computers that do not have SP2 installed. If you don't have SP2 on your deployment radar, you are rapidly running out of time.
 How to Properly Disable Offline Files in Windows Vista Today's posting covers how to correctly disable Offline Files in Windows Vista. I recently had a case where the customer was experiencing undesirable behavior with a file share only when the file server was accessed from their Windows Vista machines.
 Windows 7: Netbooks and Windows 7 My name is Craig Marcho and I am a Support Engineer with the Performance team in Texas. Today’s post is going to be something a little different. We’re going to take a look at my recent experiences with Windows 7 and a netbook laptop.
 Beta to RC Changes – Turning Windows Features On or Off ―urning Windows Features On or Off‖has a long history in Windows, going back to the earliest days of the 32-bit code base. We’ve received a lot of suggestions about features that you would like to turn on or off using your own criteria for choice. For Windows 7 we’ve engineered a more significant list of features and worked to balance that list in light of the needs of the broad Windows platform as well.
 Windows 7 Virtual Roundtable Q&A: Part One In our recent Springboard Series Virtual Roundtable—Windows 7: To the Beta and Beyond—with Mark Russinovich, we fielded numerous questions on the Windows 7 Beta release that the panel was unable to address, given time limitations. As promised, we have collected these questions and will be providing these answers in this and subsequent blog postings.
 Designing Aero Snap In this post we’d like to have a closer look at the Aero Snap feature that many of you have already been able to experience in our PDC builds, and of course the Beta. We’ll briefly describe the feature itself, but mostly we’d like to invite you to take a behind-the-scenes peek at our design process so far, and share our iterations, challenges and considerations.
 Touching Windows 7 Windows Touch is designed to enhance how you interact with a PC. For those of us that have been living and breathing touch for the last two years we’re excited to be able to deliver the capability to people using Windows 7. In this blog we’re going to talk about what we’ve done to make Windows touchable.
 IE: Internet Explorer 8 Final Available Now IE8 makes what real people do on the web every day faster, easier, and safer. Anyone running Windows Vista, Windows XP, and Windows Server can get 32- and 64-bit versions now from http://www.microsoft.com/ie8. (Windows 7 users will receive an updated IE8 as part of the next Windows 7 milestone.)
 Group Policy Settings Reference for Windows Internet Explorer 8 RTM is available for download The final version of the spreadsheet, containing a detailed break out of group policy settings, is now available for download, here. Microsoft also released some RC1-related ADM templates before the release of IE8. This was to assist with a known problem. PLEASE DO NOT USE THE BETA ADM TEMPLATES! You can get the RTM templates by simply installing release version of IE8!
 Site Compatibility and IE8 Reports of broken sites are an important part of the feedback the IE team receives from the community. When we receive a report of a broken site, we take it and identify the core issue causing the problem. A number of these issues end up being side effects of changes we deliberately made in IE8, but even these are useful. They help us identify which IE8 changes have the broadest compatibility impact. In this post I'll share some of these issues with you so you can quickly identify problems affecting your site when migrating from IE7 to IE8.
 RTM Platform Changes When we announced the IE8 Release Candidate, the call to action for site owners, software developers, designers, and administrators was to test with the Release Candidate build and make any changes necessary to create the best possible customer experience with IE8. I’d like to communicate the critical platform changes we’ve made in these areas.
 Accelerator Spotlight Accelerators are a robust and customizable way of bringing you closer to the services you use most. We’ve said a lot about the technology behind Accelerators and how to build on it, but I thought it might be nice to step back for a minute and look at some of the things people have already built. So for the rest of this post, I’ll be throwing a few interesting Accelerators into the spotlight.
 Released build of Internet Explorer 8 blocks Dowd/Sotirov ASLR+DEP .NET bypass IE8 created a new URLAction that regulates loading of the .NET MIME filter. By default, the URLAction prevents it from loading in the Internet and Restricted Sites Zones. The .NET MIME filter is allowed to load by default in the Intranet Zone.
Virtualization Technologies
 Beware of Integrated eSATA ports For you demo warriors out there who try to get the maximum performance for your Hyper-V based demos, eSATA has been your path to maximum performance. If you only use a single drive attached to an eSATA port, you can quit reading, but if you are like me and want the best performance

possible, you have probably invested in a 2.5‖or 3.5‖external portable cabinet that can take two or more drives.
 A Fist Full of Virtual Hard Disks There have been a bunch of new evaluation virtual hard disks coming out in the last week or two
 App-V: How App-V Uses Your System Drive! Today, our topic will be files and folders. As you probably already noticed, there is another drive (often named as Q), which is not accessible from user environment, in client machines Today we will cover the files and folders which are available by end users.
 Creating "Video Recipes" for Sequencing Documentation - Part 1: Introduction This series of articles is going to show you how to use screen recording software to create a "video recipe" to document the steps followed for sequencing an application.
 Hyper-V: Hyper-V Terminology: Update
 Mouse Integration for SuSE on Hyper-V now available Those of you out there using Linux on Hyper-V will be happy to hear that you can now get mouse drivers for Linux virtual machines that provide integrated mouse support. You can go here: http://www.xen.org/download/satori.html to download the drivers and get going.
 Hyper-V Snapshot FAQ There have been a lot of questions about how Hyper-V virtual machine snapshots work, and what considerations you need to take when using them.
 Updated: Hyper-V Planning and Deployment Guide The Hyper-V Planning and Deployment guide is available online (here) and is constantly being updated with more and more information.
 Antivirus and Hyper-V (or: Why can’t I start my virtual machine?) A little while ago our support team put together this KB article in response to a problem that a lot of people have been reporting. Basically, what is happening is that users are having problems starting virtual machines after they install antivirus software in the management operating system.
 Virtualization Review's hypervisor test The other day, Virtualization Review published a comparative performance test of three hypervisors: VMware ESX 3.5, Windows Server 2008 Hyper-V and Citrix XenServer. You can see it here.
 HP whitepapers on NIC Teaming for Hyper-V HP has published 2 white papers describing their NIC teaming support for Hyper-V.
SQL Server
 Useful links for upgrading to SQL Server 2008 There is plenty of material available to help you upgrade to SQL Server 2008. This blog is intended as a short list for the most useful guidance that I have found. And you may have different experiences upgrading from SQL Server 2000 and SQL Server 2005 so please take the time to do proper preparation work and advanced studying. And test your upgrades before you do it for real in production.
 Analysis Services Partition Size The SQL Server 2008 Analysis Services Performance Guide has been updated principally to address features available in the latest release. But there was one important change related to partition size driven by changes in hardware.
 SQL Server 2008’s Oracle destination fast load option may fail if certain Oracle system views are missing SQL Server 2008’s latest feature pack, that can be found here, contains a new Oracle connector by Attunity that supports Oracle versions 9.2.0.4 and higher. When you use this connector in SSIS 2008 to send data into Oracle, you may not be able to use fast load if some Oracle system views are missing.
 How to fix your SQL Server 2008 Setup before you run setup (Part II).... Last year you might have read my post where I showed you how to patch setup for RTM for SQL Server 2008 before you launch setup. This processing involved installing a Cumulative Update to apply fixes for the SQL Server 2008 Setup Support Files. Well, we will now be expanding this capability with SQL Server 2008 Service Pack 1 to be able to fix other areas of setup with a new method. This feature, called slipstream setup, actually provides much more.
 How It Works: SQL Server - VDI (VSS) Backup Resources Last week I worked on an interesting case. The issue was a NT Backup against a single volume containing 500 SQL Server databases. It is rare to have so many databases on a single volume but it is possible and we had a case on this very issue.
 Enforce Windows Password Policy on SQL Server Logins If users choose to use SQL login to connect to SQL Server rather than using NT authenticating, it is worth to remind that SQL server does provide the option of enforcing window password policy on SQL logins.
 What’s Next for SQL Data Services…At the Professional Developer Conference 2008 Microsoft kicked off a major wave of innovation with the announcement of the Azure Services Platform. A key piece of that technology wave is SQL Data Services (SDS).
Exchange Server
 Announcing the release of Exchange Server Remote Connectivity Analyzer Have you ever installed an Exchange server and wanted to verify your Internet facing services were setup and configured properly? Things like Exchange ActiveSync, AutoDiscover, Outlook Anywhere (RPC/HTTP), and inbound email. I'd like to introduce you to the Exchange Remote Connectivity Analyzer (ExRCA) tool which can be accessed at https://www.TestExchangeConnectivity.com.
 OST Sizing Guidance Changes With the release of Outlook 2007 SP1 February 2009 cumulative update, we are updating our Mailbox Storage Sizing Guidance to reflect the improved performance and responsiveness when utilizing Cached Exchange Mode with respect to mailbox/OST sizes.
 Update Roll-up 7 for Exchange Server 2007 Service Pack 1 has been released. We have released Update Roll-up 7 for Exchange Server 2007 Service Pack 1 (KB 960384) to the download center. The release of the roll-up via Microsoft Update will happen on March 24.
 Encapsulate This! We're going to talk about Address Encapsulation today and a change in Service Pack 1, Rollup 7, what we are doing with it, why, and how to cope.
System Center
 Microsoft Support Model Changing for System Center Products Beginning on Monday, March 30, 2009, support for Microsoft's Premier customers on System Center products will move from a live phone queue to callback. So why move to a callback model? The primary reason we made the decision to move to a callback model is because of the success we’ve already seen by doing this with the other System Center products. A callback model allows us to get a customer to the support engineer who is best able to resolve that particular issue as quickly as possible, instead of simply the engineer who happens to be the first one available.
 CM: Configuration Manager 2007 Service Pack 2 beta coming May 2009
 OM: Using SiteName when deploying gateways to help manage alerts When deploying the Operations Manager gateway role you can tag the gateway with a Site name. Any alerts coming from an agent reporting to this gateway will now have it's "Site" property populated with the site name you configured when deploying the gateway. This can be really handy for building specific alert views and sending notifications.
 System Center Ops Manager management pack for Hyper-V
 System Center Operations Manager 2007 R2 (Release Candidate) Ready for Download Operations Manager 2007 R2 introduces key new and enhanced functionality – find out more here.
 DPM: New SQL Server protection information for DPM 2007 SP1 Two new pieces of information to keep you informed on what is going on with SQL Server database protection and System Center Data Protection Manager 2007 SP1.
 SCVMM: SCVMM 2008 R2 Beta now available Hot on the heals of the Windows Server 2008 R2 beta – you can now download the SCVMM 2008 R2 beta.
 SCVMM and VMware ESX management
Office SharePoint Technologies
 Uber Packages of February Cumulative Update are Ready You may have been waiting anxiously for the uber packages because of your scheduled patch time window. Yeah, we heard from you. Now here they are.
Microsoft Office System
 OCS: CWA 2007 R2 and Normalization Rules This post addresses inconsistencies with how Communicator Web Access 2007 R2 (CWA) implements normalization rules in relation to OC and other OCS clients.
 New BPA rules uploaded covering OCS 2007 and OCS 2007 R2 Today we released new Best Practice Analyzer rules for OCS 2007 and OCS 2007 R2.
 Microsoft Forefront Security for Office Communications Server (FSOCS) RTM Now Available! FSOCS provides fast and effective protection against IM-based malware for OCS 2007 and OCS 2007 R2 environments by including multiple scanning engines from industry-leading security partners. FSOCS also helps reduce corporate liability by blocking instant messages containing inappropriate content.
 Access: Accessing external data using the IN clause Microsoft Access SQL supports two uses of the IN keyword. The most commonly used case is as part of the WHERE clause of a SQL statement to provide a list of values used as criteria.
 How to discover what Access files are in your org The Office migration planner has some really good tools for understanding what is in your organization
 Data bars in an Access query Mike Alexander (Excel MVP) recently sent the author a very cool trick that he hadn’t seen before. He uses some simple hackery and trickery to get data bars in a query. This is the first installment of a long series about how Access can be used to create cool dashboards

 Excel: Analyzing Data: Functions or PivotTables When trying to analyze/aggregate data in a table, how do we decide whether to use functions versus PivotTables?
 Excel VBA Performance Coding Best Practices In this post I'm going to share with you the most important performance tips I know about. There are tons of sites, pages, and people who are experts as well on this subject, have performed their own tests, and shared their results and ideas.
 Outlook: Frequently Asked Questions about the February CU In this post, we wanted to formally address some of the top questions, comments, and concerns regarding the recent release of the February Cumulative Update. As always, please keep your comments coming.
 Word: How to Freeze Part of Your Word Document I'm a big fan of Excel's ability to freeze rows and columns. Now what if I have a similar situation in Word? Say that I have a figure on page one and need to write about it on page three. Do I need to scroll up and down over and over?
Forefront Security
 Using Multiple Engines for Fast, Effective Protection of IM Environments Forefront Security for Office Communications Server integrates multiple antimalware engines from Microsoft and industry-leading partners to provide comprehensive protection against the latest threats. People often ask us what the big deal is about using multiple engines in our Forefront products. Well, multiple engines provide many advantages.
 Forefront Team Blog This blog provides information about what's happening with the entire Microsoft Forefront Family of products, including Forefront Client Security, Forefront Security for Exchange Server, Forefront Security for SharePoint, Internet Security & Acceleration (ISA) Server, Intelligent Application Gateway (IAG).
Other Information
 Laptop Hunters: Real People Find Windows PCs A Better Fit For Their Lives Today we’re introducing the next chapter in the ongoing Windows Brand Campaign - an exciting new series of ads called Laptop Hunters. These new ads trace real people as they go on a hunt for a new laptop.
 Microsoft Commerce Server 2009 is Now Available on MSDN!
Microsoft Developer Information
 Why the new SDL threat modeling approach works Adam Shostack here. I recently posted an article on my non-MS blog talking about some of the thinking which went into our threat modeling re-design. (It made sense as part of a series of posts there.) I wanted to tie the ideas in it to the SDL a little more strongly. The SDL is all about bringing together two sets of people who haven’t talked very much. Those communities are software developers and security engineers. Their failure to talk has hurt both communities.
 Building Security In Maturity Model The Building Security In Maturity Model (BSIMM) was released to the web late last week. The model enumerates best practices in building software that’s resistant to attack, as applied by nine real-world software development organizations.
 Parallel Scalability Isn’t Child’s Play In a recent blog entry , Dr. Neil Gunther, a colleague from the Computer Measurement Group (CMG), warned about unrealistic expectations being raised with regard to the performance of parallel programs on current multi-core hardware.
 SuperPreview Technology Hi, I'm a Program Manager for SuperPreview and wanted to blog a bit about how the technology of SuperPreview works. My goal is to help our users better understand the capabilities of SuperPreview and some of its limitations.
 The Silverlight Toolkit Adds Visual Basic Samples The Silverlight Toolkit March 2009 release is enhanced with Visual Basic source code. Please follow the links to view these samples for both Silverlight 2 and Silverlight 3.
 Upcoming Azure Services Platform Webcasts Upcoming Azure Services Platform Webcasts. http://go.microsoft.com/?linkid=9652699
 Windows Azure "How Do I" Videos The first 9 of 40 Azure Services Platform "How Do I" videos have been released! Windows Azure is well represented with 5 videos.
Monthly Reminders of Good Information Sources:
 Security Page – Links to Key Information
 HotFix & Security Bulletin Search See also the Contact Us: Hotfix Request Web Submission Form
 Tackle Common Tasks With These How To Resources
 Microsoft’s Support Lifecycle policy provides consistent and predictable guidelines for product support availability at the time of product release.
Microsoft Premier Online https://premier.microsoft.com The Microsoft Premier Online (MPO) site is a secure Web site for the exclusive use of Premier Support customers. Note some of the links below may only be available to Premier Support customers. If you currently have Premier Support and don’t have access to MPO, please let your TAM know. Your TAM can get you access to the site.
Microsoft Services Operations Consulting Premier support includes access to proactive services that can help you maximize your productive use and the availability of Microsoft technologies within your IT environment. Many services can be delivered within existing Premier support agreements. Premier support includes access to proactive services that can help you maximize your productive use and the availability of Microsoft technologies within your IT environment. Many services can be delivered within existing Premier support agreements. Each month we’ll feature some of those services in this section.
IT Operations Management - (IT Service Management offerings: MOF/ITIL enabled)
SQL Server Design and Migration Review:
This review offers the customer Microsoft best practices and technical guidance for designing a SQL Server system and covers various SQL Server design topics such as schemas, modeling, indexes and table design that are outlined in a formal report upon engagement closure. SQL Server design reviews typically focus on a pre-production application and system.
SQL Server Performance and Scalability Review:
The goal of this review is to help a customer ensure that their SQL Server environment is performing optimally. This includes a customized analysis of system bottlenecks and database design and identifying potential SQL Server performance issues. Guidance on key settings including memory and database configuration to help prevent performance and scalability problems is also provided. All recommendations are outlined in a formal report upon engagement closure.
SQL Server Operations Analysis and Improvement for Availability:
This two to six week engagement begins with a review of the customer's current business goals pertaining to SQL Server followed by an assessment of current pain points to determine the focus areas for improvement. A SQL Server Consultant then collaborates with the customer's team to help identify opportunity for improvement in terms of their processes, procedures, operational practices, people and tools as they relate to SQL Server availability. The goal of this service is to provide recommendations and activities for process-based improvement in your environment through a series of in depth interviews and analysis of existing operational data and documentation.
SQL Server Disaster Recovery Review:
The purpose of this review is to help customers to develop a solutions and processes to recover a SQL Server system based on Microsoft best practices. This service provides a comprehensive review of all aspects of a critical SQL Server from various technologies to systematic planning and preparation as they relate to disaster recovery. Recommendations are outlined in a formal report upon engagement closure.
SQL Server High Availability Review:
This offering begins with a review of the customer's current business goals pertaining to SQL Server availability, including adherence to the Windows Catalog (formerly the Hardware Compatibility List (HCL)), 64-bit technologies, clustering, & if appropriate other technologies such as replication & database mirroring, followed by an assessment of current pain points to determine the focus areas for improvement. A SQL Server Consultant collaborates with the customer's team to help identify opportunity for improvement in terms of their processes, procedures, operational practices, people, and tools as they relate to SQL Server high availability.
SQL Server Consolidation Assessment (4 weeks):
The intent of the Assessment service is to help your customer evaluate their SQL Server environment for the viability of a server consolidation solution. Data is collected and analyzed and used to document the current SQL Server environment and help determine the scope, business case, and drivers for proceeding with a SQL Server consolidation solution. Assessment information, data, and documentation can be re-used in later phases of the SQL consolidation process.
SQL Server Consolidation Planning (3 weeks):
SQL Server consolidation often involves three simultaneous and significant activities; SQL Server upgrades and migrations, SQL Server standardization, and SQL Server consolidation. It takes sufficient planning to achieve a smooth SQL Server consolidation; the more complex the database environment, the more comprehensive the planning activities. The intent of the Consolidation Planning component is to cover these essential planning activities.
SQL Server Consolidation Strategy & Design (3 weeks):
The intent of the Consolidation Strategy & Design service component is to guide your customer in the design of the consolidated SQL environment. Our consultant will work with your customer to determine the benefits and risks for server consolidation, instance consolidation, and position consolidation technology options (virtualization).
SQL Server Consolidation Build & Deployment (2 weeks):
The intent of the Consolidation Build & Deployment service is for the consultant to help support a pilot deployment to test the proposed SQL Server consolidated design. It should cover the installation of the tools, scripts, and products to be used during build and deployment, the creation of the standard SQL Server builds and the standard processes to operate them.
SQL Server Consolidation Operational Review (2 weeks):
The intent of the Consolidation Operational Review is to conduct a review of a SQL Server consolidated production environment. Operating a consolidated environment effectively starts during the consolidation project and continues through deployment. Through interviews and data collection, this engagement will provide an assessment of key operational processes.
Support WebCasts
List of Upcoming WebCasts: http://www.microsoft.com/events/webcasts/upcoming.mspx
List of Previous WebCasts for on demand viewing: http://www.microsoft.com/usa/webcasts/ondemand/
See the Top Ten List of the most popular webcasts.
Recent Security Bulletins (Security Bulletin Archives)
 Microsoft Security Bulletin Summary for March 2009
 Microsoft Security Bulletin Summary for February, 2009
 Microsoft Security Bulletin Summary for January 2009
Last 5 Published or Updated Security Advisories:
Microsoft Security Advisory (953839) Update Rollup for ActiveX Kill Bits Published or Last Updated: 3/11/2009
Microsoft Security Advisory (968272) Vulnerability in Microsoft Office Excel Could Allow Remote Code Execution Published or Last Updated: 3/5/2009
Microsoft Security Advisory (967940) Update for Windows Autorun Published or Last Updated: 2/24/2009
Microsoft Security Advisory (961040) Vulnerability in SQL Server Could Allow Remote Code Execution Published or Last Updated: 2/10/2009
Microsoft Security Advisory (960715) Update Rollup for ActiveX Kill Bits Published or Last Updated: 2/10/2009
For the entire list of published Security Advisories, visit the Security Advisory Archive Web site.
For the latest information and resources, see https://premier.microsoft.com

Interesting Downloads for Week Ending 3-4-2009

2009-04-10T20:03:00.000-07:00

Security, Policy & Compliance
· Hyper-V Security Guide
· Microsoft Exchange Hosted Filtering Service Level Agreement (SLA)
· Windows Live ID Sign-in Assistant 6.5

Security, Policy & Compliance
Hyper-V Security Guide
Brief Description
This Solution Accelerator provides instructions and recommendations to help strengthen the security of computers running the Hyper-V role on Windows Server® 2008. It covers three core topics: hardening Hyper-V, delegating virtual machine management, and protecting virtual machines.
Overview
This Solution Accelerator consists of a security guide and an overview packaged in a .zip file format. The security guide is a Word document intended for IT and security professionals. It includes three chapters that discuss methods and best practices that will help to secure a Hyper-V environment. The overview is a two page description of the security guide and other virtualization Solution Accelerators that are available. Brief descriptions follow for each of the chapters in the security guide. Chapter 1: Hardening Hyper-V This chapter provides prescriptive guidance for hardening the Hyper-V role. It discusses several best practices for installing and configuring Hyper-V on Windows Server 2008 server with a focus on security. These best practices include measures for reducing the attack surface of a server running Hyper-V and recommendations for properly configuring secure network and storage devices. Chapter 2: Delegating Virtual Machine Management This chapter discusses several available methods for delegating virtual machine management so that virtual machine administrators only have the minimum permissions they require. It describes common delegation scenarios, and includes detailed steps to guide you through using Authorization Manager (AzMan) and System Center Virtual Machine Manager 2008 (VMM 2008) to separate virtual machine administrators from virtualization host administrators. Chapter 3: Protecting Virtual Machines This chapter provides prescriptive guidance for securing virtual machine resources. It discusses best practices and includes detailed steps for protecting virtual machines by using a combination of file system permissions, encryption, and auditing. Also included are resources for hardening and updating the operating system instances running within your virtual machines. To view this accelerator online at TechNet click here. Send questions or feedback to us directly at secwish@microsoft.com
http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=2220624b-a562-4e79-aa69-a7b3dffdd090

ADVANCE NOTIFICATION - April 2009 MSRC Security Bulletin Release

2009-04-10T19:57:00.000-07:00

This is the advance notification for the April Monthly Security Bulletin release. On Tuesday 14 April (US time; Wednesday 15th April AU time), MS expect to release the five (5) bulletins rated Critical, two (2) rated Important, and one rated Moderate, affecting Windows, IE, Excel, and ISA Server. Further details are below; no additional information will be released until next week when the bulletins are released to the public.

Important Support Lifecycle Notes for this month:
This is the last security release for Windows 2003 SP1; after 14th April 2009 you must be running Windows 2003 SP2 to remain supported. We will provide 30 days of support for any installation issues on Windows 2003 SP1 for security updates released on 14th April 2009.
Windows XP transitions from Mainstream Support to Extended Support on 14th April 2009. This does NOT change the availability of security updates for Windows XP, which will continue to be publically released until April 2014 (for a supported service pack – currently SP2 and SP3 are deemed supported, until 13 July 2010 when you must be running XPSP3 to remain supported). Note: non-security hotfixes will require a separate agreement, contact me if you need additional information on the Extended Hotfix Support program.

What is the purpose of this alert?

As part of the monthly security bulletin release cycle, Microsoft provides advance notification to our customers on the number of new security updates being released, the products affected, the aggregate maximum severity, and information about restart requirements relevant to the update. This is intended to help our customers plan for the deployment of these security updates more effectively.

On April 14, 2009, Microsoft is planning to release eight new security bulletins. Below is a summary in order of severity.

New Bulletin Summary

Bulletin ID
Maximum Severity Rating
Vulnerability Impact
Restart Requirement
Affected Software*
Windows 1
Critical
Remote Code Execution
Requires restart
Microsoft Windows, Microsoft Office
Windows 2
Critical
Remote Code Execution
Requires restart
Microsoft Windows
Windows 3
Critical
Remote Code Execution
May require restart
Microsoft Windows
IE
Critical
Remote Code Execution
Requires restart
Microsoft Windows, Internet Explorer
Excel
Critical
Remote Code Execution
May require restart
Microsoft Office
Windows 4
Important
Elevation of Privilege
Requires restart
Microsoft Windows
ISA
Important
Denial of Service
Requires restart
Microsoft Forefront Edge Security
Windows 5
Moderate
Elevation of Privilege
Requires restart
Microsoft Windows

* More information on affected software is provided in the Advanced Notification Web page at the link below.

Although we do not anticipate any changes, the number of bulletins, products affected, restart information, and severities, are subject to change until released.

Advance Notification Web Page: The full version of the Microsoft Security Bulletin Advance Notification for this month can be found at http://www.microsoft.com/technet/security/bulletin/ms09-apr.mspx.

Microsoft Windows Malicious Software Removal Tool: Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

Monthly Security Bulletin Webcast: To address customer questions on these bulletins Microsoft will host a Webcast next week Wednesday at 11:00 A.M. Pacific Time (U.S. & Canada). Registration for this event and other details can be found at http://www.microsoft.com/technet/security/bulletin/summary.mspx.

At this time, no additional information on these bulletins, such as details regarding the vulnerability or severity, will be made available until the bulletins are published on Tuesday.

Regarding Information Consistency

We strive to provide you with accurate information in static (this mail) and dynamic (Web-based) content. Microsoft’s security content posted to the Web is occasionally updated to reflect late-breaking information. If this results in an inconsistency between the information here and the information in Microsoft’s Web-based security content, the information in Microsoft’s Web-based security content is authoritative.

Microsoft news and product information from microsoft.com and product team blogs

2009-03-06T20:39:00.000-08:00

Security Monitoring and Investigations on the Microsoft Corporate Network The Microsoft Corporate Network is one of the world's largest, most prominent networks and attracts intrusion attempts from malicious users and malicious software. Learn how Microsoft IT monitors network security, responds to intrusion attempts and policy violations, and conducts computer forensic investigations.
Information Privacy and Data Protection in the Public Sector Public Sector privacy white paper, providing Microsoft's perspective on the role that technology plays in helping public organizations responsibly protect and manage personal information.
More information about the new Excel vulnerability We‟e posted Security Advisory 968272 notifying of a new Excel binary file format vulnerability being exploited in targeted attacks. We wanted to share more information about the vulnerability to help you assess risk and protect your environment.
Updated Conficker Functionality We‟e been getting questions from some of our customers about a new sample of Win32/Conficker, dubbed by some as Conficker.B++. We‟e aware of this sample and our definitions already detect this sample as Worm:Win32/Conficker.B, but given the new functionality described in this blog post, we‟e updating our definitions as of 1.51.856.0 to distinguish it as Worm:Win32/Conficker.C.
Best Practices for Deploying Virtual Machines using Hyper-V Virtualization Technology Microsoft IT virtually deploys more than 80% of new servers using Windows Server 2008 Hyper-V. To ensure optimal performance, Microsoft IT has developed configuration best practices, based on the application workloads or services being provided by the virtual machines.
Securing the Microsoft Desktop Environment using Patch Management In an enterprise organization such as Microsoft, it's mission critical to maintain a secure environment by keeping client computers up to date with the latest software and security updates. In large environments, automating the management of this environment as much as possible is a significant goal. Learn how Microsoft achieves this goal using Microsoft System Center Configuration Manager 2007 to manage its own environment of more than 255,000 computers worldwide.

Monthly Reminders of Good Information Sources:
- Security Page – Links to Key Information
- HotFix & Security Bulletin Search See also the Contact Us: Hotfix Request Web Submission Form
- Tackle Common Tasks With These How To Resources
- Microsoft Support Lifecycle policy provides consistent and predictable guidelines for product support availability at the time of product release.

General Information About Microsoft Non-Support and Custom Support

2009-02-26T08:35:00.003-08:00

Non-supported (products not in the Extended or Custom phases of support) do not receive phone support, incident support, and no-charge security updates.
Online self-help support (Knowledge Base and support articles) will continue to be available for at least 12 months.
Custom Support may be made available for certain products.
Partner options are available for Custom Support.
Custom Support business rules:
1. Customers can purchase support at any time but need to pay retroactively to the beginning of the Custom Support period for the product.
2. The Custom Support program will provide, at no additional charge, security hotfixes for vulnerabilities labeled as "Critical" and "Important" by the Microsoft Security Response Center (MSRC).
3. A Premier Support Agreement is required before customers can purchase Custom Support. Incident support requires either the purchase of Premier incidents on the Custom Support schedule, or the transfer of incidents from a Premier schedule.

Key Products Transitioning: Extended Support to Non-Support

2009-02-26T08:35:00.001-08:00

*REMINDER! Microsoft Office 2000 Extended Support Ends July 14, 2009; Custom Support Available
Support for all editions of Microsoft Office 2000 ends on July 14, 2009. Microsoft recommends customers migrate to a supported product immediately.

Custom Support is available if customers need additional time for migration.

*REMINDER! Microsoft Windows 2000 (Windows 2000 Server and Windows 2000 Professional) Extended Support Ends July 13, 2010; Custom Support Available
Support for Microsoft Windows 2000 Server and Microsoft Windows 2000 Professional ends on July 13, 2010. Microsoft recommends customers migrate to supported products.

Custom Support is available if customers need additional time for migration.

*REMINDER! Microsoft Visual Studio .NET 2002 Extended Support Ends July 14, 2009
Extended Support for Visual Studio .NET 2002 will end on July 14, 2009. Microsoft recommends customers migrate to a supported product.

*REMINDER! Microsoft .NET Framework 1.0 Extended Support Ends July 14, 2009
Extended Support for the Microsoft .NET Framework 1.0 will end on July 14, 2009. Microsoft recommends customers migrate to a supported product.

Key Products Transitioning: Mainstream Support to Non-Support

2009-02-26T08:34:00.000-08:00

*REMINDER! Microsoft Business Solutions — Great Plains 8.0 Mainstream Support Ends October 13, 2009
Support for Microsoft Business Solutions — Great Plains 8.0 ends on October 13, 2009. Microsoft recommends customers upgrade to a supported product.

*REMINDER! Microsoft Business Solutions — Solomon 6.0 Mainstream Support Ends October 13, 2009
Support for Microsoft Business Solutions — Solomon 6.0 ends on October 13, 2009. Microsoft recommends customers upgrade to a supported product.

*REMINDER! Microsoft Dynamics NAV 4.0 Mainstream Support Ends January 12, 2010
Support for Microsoft Dynamics NAV 4.ends on January 12, 2010. Microsoft recommends customers upgrade to a supported product.

*REMINDER! Microsoft Business Solutions Point of Sale 1.0 Mainstream Support Ends July 13, 2010
Support for Microsoft Business Solutions Point of Sale 1.0 ends on July 13, 2010. Microsoft recommends customers upgrade to a supported product.

Key Products Transitioning: Service Packs with Support Ending (Feb 2009)

2009-02-26T08:33:00.002-08:00

*NEW! Microsoft System Center Operations Manager 2007 Service Pack 0 Support Ends April 14, 2009
Support for Microsoft System Center Operations Manager 2007 Service Pack 0 will end on April 14, 2009. Microsoft recommends customers upgrade to Service Pack 1.

*NEW! Microsoft System Center Configuration Manager 2007 Service Pack 0 Support Ends April 14, 2009
Support for Microsoft System Center Configuration Manager 2007 Service Pack 0 will end on April 14, 2009. Microsoft recommends customers upgrade to Service Pack 1.

*REMINDER! Windows Vista Service Pack 0 Support Ends April 13, 2010
Support for Windows Vista Service Pack 0 ends in April 13, 2010. As previously announced, Microsoft recommends customers upgrade to Service Pack 1.

*REMINDER! Windows Server 2003 Service Pack 1 and Windows Server 2003 R2 Service Pack 0 Support Ends April 14, 2009; Custom Support Available
Support for Windows Server 2003 Service Pack 1 (SP1) and Windows Server 2003 R2 Service Pack 0 (SP0) will end on April 14, 2009.

Custom Support is available if customers need additional time for migration.

*REMINDER! Windows XP Service Pack 2 Support Ends July 13, 2010
Support for Windows XP Service Pack 2 (SP2) will end on July 13, 2010. This date has been established since Windows XP Service Pack 3 (SP3) was released on April 21, 2008.

Key Products Transitioning: Service Packs with Support Ending (Feb 2009)

2009-02-26T08:33:00.001-08:00

Windows Messenger 4.7 on Windows Server 2003 and Windows Server 2003 R2: Support Ends October 13, 2009

2009-02-26T08:32:00.001-08:00

Support for Windows Messenger 4.7 running on Windows Server 2003 and Windows Server 2003 R2 will end on October 13, 2009. After this date, Microsoft will not provide security updates or support for Windows Messenger 4.7 on the operating systems mentioned above. This is because Windows Messenger 4.7 was previously not released as a component of Windows Server 2003 or Windows Server 2003 R2.

Note: Support for Windows Messenger 4.7 running on Windows XP will continue to be provided as part of Mainstream Support and Extended Support for the operating system. This is because Windows Messenger 4.7 was included as a component of Windows XP.

Microsoft recommends that customers running Windows Messenger 4.7 upgrade to Windows Messenger 5.1, as soon as possible.

Clarification of Custom Support and Extended Hotfix Support Policies on Replacement of Hotfixes

2009-02-26T08:31:00.002-08:00

The following statements are intended to clarify the Microsoft Support Lifecycle Custom Support and Extended Hotfix Support policies on replacing hotfixes. This includes security updates and non-security hotfixes.

Access to the Microsoft Connect Web site for replacement of security and non-security hotfixes will be terminated after customers' Custom Support or Extended Hotfix Support contracts end.
Once customers have lost access to their downloaded Custom Support or Extended Hotfix Support hotfixes, they will need to reenroll in the Custom Support or Extended Hotfix Support program in order to regain access.
Microsoft will not replace the hotfixes free of charge after customers' Custom Support or Extended Hotfix Support contracts end.
For more information on the Custom Support or Extended Hotfix Support programs, contact your Microsoft Technical Account Manager.

Extended Support for Microsoft Windows 2000 Server and Microsoft Windows 2000 Professional Ends on July 13, 2010

2009-02-26T08:31:00.001-08:00

On July 13, 2010, Extended Support for Microsoft Windows 2000 Server and Microsoft Windows 2000 Professional will end. The products will no longer be publicly supported after this date. Self-Help Online Support will be available for both products after Extended Support ends.

Note: Custom Support for Microsoft Windows 2000 Server and Microsoft Windows 2000 Professional will be available for customers who are in the process of migrating to supported products.

Mainstream Support to Extended Support on July 13, 2010; Extended Support for both these products will end on July 14, 2015. Windows Server 2008 customers will continue to receive Mainstream Support throughout the product's five-year Mainstream Support phase until July 9, 2013, as per the Microsoft Support Lifecycle policy.

The transition dates for these products are in line with the Support Lifecycle policy, which states that Mainstream Support for Business and Developer products will be provided for either five years or for two years after the successor product (N+1) is released, whichever is longer.

Microsoft advises customers running these products to contact their Microsoft Sales Account Manager or Technical Account Manager to discuss migration plans.

Computer Security : In Today's Society, Protecting Your Computer Is A

2009-02-19T08:18:00.001-08:00

Computer Security : In Today's Society, Protecting Your Computer Is A
Requirement

Advances in computer technology is a double-edged sword. On one hand,
it affords us quick and easy access to numerous conveniences such as
bank statements, favorite shopping centers, school and health records,
and more. On the other hand, it can also grant the same access to
those who aren't supposed to get it. Although it's a rare occurrence,
hacking has become the biggest criminal nuisance in computer history.

Make no bones about it. There's nothing innocent or cute about the
hacker. Today's hackers aren't the pimply-faced teen rebels that you
might be thinking of. Instead, this generation of hackers are grown
individuals who are more than likely earning a living by stealing the
identities of innocent, law abiding individuals and then selling those
identities to others who want to slip by the system. And the only
protection against these seedy people is prevention.
Computer security couldn't be more important than it is today and
that's why we've taken the time to introduce it to you. You can
reduce the probability of experiencing identity theft by making your
computer as hacker-proof as possible. All that's needed is a little
software and a lot of common sense.

1. Install an anti-virus/anti- spyware program. Anti-virus/anti- spyware
software will stop malicious code from downloading and installing onto
your computer while you peruse the Internet. Known as viruses, worms,
or spyware, this malicious code can destroy important files and render
your computer good for only one thing: sending sensitive data back to
the server of an identity thief.

2. Don't store sensitive data on your computer in the first place.
Should your computer get infected with a virus, worm, or piece of
spyware, you can thwart the individuals responsible by not storing
your personal information on your PC so that when and if your computer
does send back data - it won't be anything valuable. Hackers look for
things like full names, social security numbers, phone numbers, home
addresses, work-related information, and credit card numbers. If these
things aren't saved onto a computer, there's nothing critical to worry
about other than restoring your computer to a non-virus condition.

3. Don't open files without scanning them with an
anti-virus/anti- spyware program. In the past, the warning was to avoid
opening files from people that you don't know. Today it's really not
safe to open files from anyone (without scanning the files) because
that's how viruses get spread - through files - even by mistake. So
even though your co-worker may have emailed a funny video, it's no
more safe to open than a video downloaded from a complete stranger. Be
safe and scan each and every file you download from the Internet or
receive through email regardless of where it came from.

4. Create a barrier between your computer and prying eyes.
Anti-virus/anti- spyware programs are only effective after the effect.
But you can prevent identity theft from occurring by installing a
firewall. A firewall is software that checks all data entering and
exiting a computer and it then blocks that which doesn't meet
specified security criteria (user-defined rules).1

5. Don't click on website links in spam messages. In an effort to
obtain personal information, some spammers will send email that asks
you to click on a link. The email messages are often disguised as
important messages from well-known online establishments, and they
often try to scare their readers into clicking links with threats of
closing an account of some sort. Sometimes the links are harmless and
attempt to con the reader into volunteering personal information
(credit card number), but other times the links attempt to download
harmful software onto a computer.

Your best protection against computer crimes is your own knowledge.
Hopefully the suggestions above will prompt you into taking
appropriate action and into protecting your computer with the
suggested tools. In doing so, you'll not only protect yourself, you'll
prevent the spread of these malicious activities and protect others at
the same time.

Microsoft Security Advisory 961040 Released

2008-12-30T02:07:00.000-08:00

Microsoft is currently investigating reports of a vulnerability in SQL Server that could allow a remote code execution. Please see details below.

What is the purpose of this alert?
This alert is to notify you that Microsoft has released Security Advisory 961040 – Vulnerability in SQL Server Could Allow Remote Code Execution - on December 22, 2008.

SUMMARY

Microsoft is investigating new public reports of a vulnerability that could allow remote code execution on systems with supported editions of Microsoft SQL Server 2000, Microsoft SQL Server 2005, Microsoft SQL Server 2005 Express Edition, Microsoft SQL Server 2000 Desktop Engine (MSDE 2000), Microsoft SQL Server 2000 Desktop Engine (WMSDE), and Windows Internal Database (WYukon). Systems with Microsoft SQL Server 7.0 Service Pack 4, Microsoft SQL Server 2005 Service Pack 3, and Microsoft SQL Server 2008 are not affected by this issue.

Microsoft is aware that exploit code has been published on the Internet for the vulnerability addressed by this advisory. Our investigation of this exploit code has verified that it does not affect systems that have had the workarounds listed below applied. Currently, Microsoft is not aware of active attacks that use this exploit code or of customer impact at this time.

In addition, due to the mitigating factors for default installations of MSDE 2000 and SQL Server 2005 Express, Microsoft is not currently aware of any third-party applications that use MSDE 2000 or SQL Server 2005 Express which would be vulnerable to remote attack. However, Microsoft is actively monitoring this situation to provide customer guidance as necessary.

We are actively working with partners in our Microsoft Active Protections Program (MAPP) and our Microsoft Security Response Alliance (MSRA) programs to provide information that they can use to provide broader protections to customers.

Upon completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through a service pack, our monthly security update release process, or an out-of-cycle security update, depending on customer needs.

MITIGATING FACTORS

• This issue does not affect supported editions of Microsoft SQL Server 7.0 Service Pack 4, Microsoft SQL Server 2005 Service Pack 3, and Microsoft SQL Server 2008.
• This vulnerability is not exposed anonymously. An attacker would need to either authenticate to exploit the vulnerability or take advantage of a SQL injection vulnerability in a Web application that is able to authenticate.
• By default, MSDE 2000 and SQL Server 2005 Express do not allow remote connections. An authenticated attacker would need to initiate the attack locally to exploit the vulnerability.

RECOMMENDATIONS

Review Microsoft Security Advisory 961040 for an overview of the issue, details on affected components, mitigating factors, suggested actions, frequently asked questions (FAQ), and links to additional resources.

Customers who believe they are affected can contact Customer Service and Support. Contact CSS in North America for help with security update issues or viruses at no charge using the PC Safety line (866)PCSAFETY. International customers can contact Customer Service and Support by using any method found at this location: http://www.microsoft.com/protect/support/default.mspx (click on the select your region hyperlink in the first paragraph).

ADDITIONAL RESOURCES

• Microsoft Security Advisory 961040 – Vulnerability in SQL Server Could Allow Remote Code Execution - http://www.microsoft.com/technet/security/advisory/961040.mspx.

• Microsoft Security Response Center (MSRC) Blog: http://blogs.technet.com/msrc.

• Microsoft Malware Protection Center (MMPC) Blog: http://blogs.technet.com/mmpc.

• Security Vulnerability Research & Defense (SVRD) Blog: http://blogs.technet.com/swi.

• Security Development Lifecycle (SDL) Blog: http://blogs.msdn.com/sdl.

REGARDING INFORMATION CONSISTENCY

We strive to provide you with accurate information in static (this mail) and dynamic (Web-based) content. Microsoft’s security content posted to the Web is occasionally updated to reflect late-breaking information. If this results in an inconsistency between the information here and the information in Microsoft’s Web-based security content, the information in Microsoft’s Web-based security content is authoritative.

Microsoft news and product information from microsoft.com and product team blogs

2008-12-30T02:05:00.000-08:00

Microsoft Security Intelligence Report volume 5 (January – June 2008) Volume 5 of the SIR focuses on the first half of 2008 (from January through June) and builds upon the data published in the previously released volumes of the SIR. Using data derived from hundreds of millions of computers worldwide, and some of the busiest online services on the Internet, this report provides an in-depth perspective on trends in software vulnerability disclosures as well as trends in the malicious and potentially unwanted software landscape, and an update on trends in software vulnerability exploits.

SQL Server 2005 SP2 Receives Common Criteria Certification at the Highest Level of Assurance SQL Server 2005 SP2 received its certification at the Evaluation Assurance Level (EAL) 4+, which evaluates the quality and strength of the vendor’s evidence to support its security claims.

Microsoft Second Tuesday Metrix

2008-12-22T03:20:00.000-08:00

Tuesday Matrix
Year Q1 (April) Q2 (July) Q3 (October) Q4 (January)
2006 11/4/2006 11/7/2006 10/10/2006 9/1/2007
2007 10/4/2007 10/7/2007 9/10/2007 8/1/2008
2008 8/4/2008 8/7/2008 14/10/2008 13/1/2009
2009 14/4/2009 14/7/2009 13/10/2009 12/1/2010
2010 13/4/2010 13/7/2010 12/10/2010 11/1/2011
2011 12/4/2011 12/7/2011 11/10/2011 10/1/2012
2012 10/4/2012 10/7/2012 9/10/2012 8/1/2013
2013 9/4/2013 9/7/2013 8/10/2013 14/1/2014
2014 8/4/2014 8/7/2014 14/10/2014 13/1/2015
2015 14/4/2015 14/7/2015 13/10/2015 12/1/2016
2016 12/4/2016 12/7/2016 11/10/2016 10/1/2017
2017 11/4/2017 11/7/2017 10/10/2017 9/1/2018
2018 10/4/2018 10/7/2018 9/10/2018 8/1/2019
2019 9/4/2019 9/7/2019 8/10/2019 14/1/2020
2020 14/4/2020 14/7/2020 13/10/2020 12/1/2021

Microsoft Support Policy for Virtualization

2008-12-22T03:17:00.001-08:00

Virtualization in the new thing that we (guys in the security areas) should concern. Today, I would like to introduce Virtualization in the Microsoft perspective.

In December 2008, Microsoft has published the expected clarification regarding the Microsoft Support Policy for Virtualization environments, using Microsoft or non-Microsoft virtualization software.

Therefore, customers running Microsoft software in a validated 3rd party virtualization solution benefit by being fully supported pursuant to the application’s specific support policy.

To this end, Microsoft launched the Server Virtualization Validation Program (SVVP). The program enables vendors to validate various configurations so that customers of Windows Server can receive technical support in virtualized environments.

Customers can face two situations:

• SVVP validated solutions: Microsoft supports Microsoft server software that is running in the supported virtualization environments that are listed in the KB article 957006. This support is also subject to the Microsoft Support lifecycle policy.

• Non-validated solutions: For Microsoft customers with Premier-level support running non-Microsoft hardware virtualization software from vendors with which Microsoft does not have an established support relationship that covers virtualization solutions, Microsoft will investigate potential issues. Please review KB article 897615 for additional information.

Useful information:

• Support policy for Microsoft software running in non-Microsoft hardware virtualization software
http://support.microsoft.com/kb/897615/en-us

• Microsoft server software and supported virtualization environments
http://support.microsoft.com/kb/957006/en-us

• Windows Server Virtualization Validation Program
http://www.windowsservercatalog.com/svvp.aspx?svvppage=svvp.htm

Microsoft's Service Packs retiring in December 2008

2008-12-22T03:15:00.000-08:00

Immediately:

• Office 2007 RTM, SharePoint Portal Server 2007 RTM, Project Server 2007 RTM, Visio 2007 RTM will NO longer be supported from January 13, 2009. It is recommended to upgrade to Service Pack 1 as soon as possible before this date.

• Exchange Server 2007 RTM will NO longer be supported from January 13, 2009. It is recommended to upgrade to Service Pack 1 as soon as possible before this date.

• .Net Framework 2.0 RTM will NO longer be supported from January 13, 2009. It is recommended to upgrade to Service Pack 1 as soon as possible before this date.

• .Net Framework 3.0 RTM will NO longer be supported from January 13, 2009. It is recommended to upgrade to Service Pack 1 as soon as possible before this date.

Short term:

• Windows Server 2003 SP1 and Windows Server 2003 R2 RTM (based on SP1) will NO longer be supported from April 14, 2009. It is recommended to upgrade to Service Pack 2 as soon as possible before this date.

• System Center Operations Manager (SCOM) 2007 SP1 will NO longer be supported from April 14, 2009. It is recommended to upgrade to Service Pack 2 as soon as possible before this date.

Medium term:

• ISA Server 2006 RTM will NO longer be supported from July 14, 2009. It is recommended to upgrade to Service Pack 1 as soon as possible before this date.

• System Center Configuration Manager (SCCM) 2007 RTM will NO longer be supported from July 14, 2009. It is recommended to upgrade to Service Pack 1 as soon as possible before this date.

US-CERT Technical Cyber Security Alert TA08-319A -- Mozilla Update

2008-11-15T16:48:00.000-08:00

National Cyber Alert System

Technical Cyber Security Alert TA08-319A

Mozilla Updates for Multiple Vulnerabilities

Original release date: November 14, 2008
Last revised: --
Source: US-CERT

Systems Affected

* Mozilla Firefox
* Mozilla Thunderbird
* Mozilla SeaMonkey

Other products based on Mozilla components may also be affected.

Overview

New versions of Firefox, Thunderbird, and SeaMonkey address several
vulnerabilities, the most severe of which could allow a remote
attacker to execute arbitrary code on an affected system.

I. Description

The Mozilla and the SeaMonkey projects have released new versions
of Firefox, Thunderbird and SeaMonkey to address several
vulnerabilities. Further details about these vulnerabilities are
available in Mozilla Foundation Security Advisories. An attacker
could exploit these vulnerabilities by convincing a user to view a
specially crafted HTML document, such as a web page or an HTML
email message.

II. Impact

While the impacts of the individual vulnerabilities vary, the most
severe could allow a remote, unauthenticated attacker to execute
arbitrary code on a vulnerable system. An attacker may also be able
to cause a denial of service or execute cross-site scripting
attacks.

III. Solution

Upgrade

These vulnerabilities are addressed in Mozilla Firefox 3.0.4,
Firefox 2.0.0.18, Thunderbird 2.0.0.18, and SeaMonkey 1.1.13.

IV. References

* Mozilla Foundation Security Advisories -

* Known Vulnerabilities in Mozilla Products -

* Mozilla-Based Applications -

* Securing Your Web Browser -

Interestingly Microsoft Downloads for Week Ending 31-10-2008

2008-11-10T16:31:00.000-08:00

Security, Policy & Compliance
· IT Compliance Management Guide
· Data Encryption Toolkit for Mobile PCs
· .NET Rocks! - Andrew Delin on SOX Compliance
· Microsoft Antigen SP1 Documentation
· Microsoft Security Assessment Tool 4.0
· Microsoft Online Services Sign In Tool V1

IT Compliance Management Guide
Brief Description
The IT Compliance Management Guide is intended for IT managers and IT professionals who must plan for and address the governance, risk, and compliance (GRC) requirements of their organizations.
Overview
The IT Compliance Management Guide.zip file includes the following files:
IT Compliance Management Guide.docx. This guide will prepare you for a conversation with GRC subject matter experts such as attorneys, auditors, specialists, and consultants working for your organization. It introduces an approach based on Microsoft Operations Framework (MOF) 4.0 that can help you address compliance requirements as well as organization-wide governance initiatives.
IT Compliance Management Resources.xlsx. This Microsoft Excel workbook contains four worksheets. The Instructions worksheet provides reader instructions on the use of the tabs within this workbook. The GRC Control Objectives worksheet contains high-level objectives applicable to an IT department assigned GRC duties. The GRC Configuration Job Aids worksheet contains GRC objectives and associated Microsoft product configuration guidance to meet these objectives. The GRC Management Inventory worksheet contains GRC management guidance and additional product guidance for the management of a GRC solution.
This Solution Accelerator also includes the following files:
Release Notes.rtf. Provides information about updates and changes to the IT Compliance Management Guide.
IT Compliance Management Guide data sheet.docx. A two-page overview of the IT Compliance Management Guide that describes its purpose and provides other relevant information for IT managers and IT professionals.
Note: The IT Compliance Management Guide replaces the Regulatory Compliance Planning Guide version 1.0, published July 7, 2006.To ask questions or provide feedback, subscribe to the Compliance Management Forum. This forum also provides the ability to join discussions and collaborate on GRC-related compliance management issues with your peers.

http://www.microsoft.com/downloads/details.aspx?FamilyID=bd930882-0d39-4900-9a79-b91f213ed15d&DisplayLang=en

Data Encryption Toolkit for Mobile PCs
Brief Description
This toolkit is intended to help you secure the data on your organization’s mobile PCs--in a cost-effective way--using Encrypting File System (EFS) and Microsoft BitLocker Drive Encryption (BitLocker) technologies.
Overview
The Data Encryption Toolkit for Mobile PCs describes how to effectively use both EFS and BitLocker to help address your organization's requirements to protect data on mobile PCs. The Toolkit also provides you with software tools and scripts to help you centrally configure, deploy, and manage encryption settings on all your mobile PCs. The Data Encryption Toolkit for Mobile PCs includes the following four components:
Executive Overview. This document provides a broad survey from a business and regulatory perspective of how mobile data is at risk and how the Data Encryption Toolkit for Mobile PCs can help. It also provides information about how you can use the guidance and tools in this Solution Accelerator as well as tools you may already have licensed to mitigate these risks.
Security Analysis. This guide provides an in-depth review of how EFS and BitLocker can help you address the unique risks associated with data on mobile PCs.
Planning and Implementation Guide. This guide describes how to plan for, configure, deploy, and operate EFS and BitLocker in your organization.
Microsoft Encrypting File System Assistant. The EFS Assistant is a software tool you can use to centrally control EFS settings on all your PCs (the EFS Assistant also works with desktop PCs). The EFS Assistant can help you encrypt the sensitive files on your users' laptops, regardless of where those files are located. In addition, the EFS Assistant operates transparently to end users, eliminating training issues or other impacts. Note that you can obtain the EFS Assistant in one of two ways. The Microsoft version of the tool is available on this page. A community version of the tool is available for download from CodePlex, Microsoft's shared source development site at http://www.codeplex.com/EFSAssistant
To view this solution online at TechNet, click here. Send questions or feedback to us directly at mailto:secwish@microsoft.com?subject=Feedback%20on%20Data%20Encryption%20Toolkit%20for%20Mobile%20PCs.

http://www.microsoft.com/downloads/details.aspx?FamilyID=1a99576a-fe67-418f-88b1-81e2055fe977&DisplayLang=en

.NET Rocks! - Andrew Delin on SOX Compliance
Brief Description
Carl and Richard talk to Andrew Delin about why developers should care about the Sarbanes Oxley Act and why a compliance plan is in your best interest.
Overview
Andrew is a 10-year Microsoft veteran, having contributed to Microsoft’s success in the field and at HQ. Andrew is originally from England where he grew up. At 16, he was working in a bank in London and used to commute to work on the train, reading programming books. So Andrew left banking to study computer science at uni – a life changing move. In 1998, Andrew moved to Australia and joined Microsoft Consulting Services. He worked in the field for 9 years, training customers in using the Microsoft Solutions Framework on their projects. Then Andrew started work for the MSF team in Visual Studio and relocated to Redmond.
http://www.microsoft.com/downloads/details.aspx?FamilyID=13fe0c9c-b5a9-48b6-bec2-530df5bbe0ab&DisplayLang=en

Microsoft Antigen SP1 Documentation
Brief Description
Microsoft Antigen SP1 Documentation
Overview
The Messaging Security Suite includes Antigen for Exchange, Antigen for SMTP Gateways, and Antigen Spam Manager, and provides server-level protection against the latest e-mail threats.
http://www.microsoft.com/downloads/details.aspx?FamilyID=7d00160e-4d15-4459-98a3-89f393ac008e&DisplayLang=en

Microsoft Security Assessment Tool 4.0
Brief Description
The Microsoft Security Assessment Tool (MSAT) is a risk-assessment application designed to provide information and recommendations about best practices for security within an information technology (IT) infrastructure.
Overview
The Microsoft Security Assessment Tool 4.0 is the revised version of the original Microsoft Security Risk Self-Assessment Tool (MSRSAT), released in 2004 and the Microsoft Security Assessment Tool 2.0 released in 2006. Security issues have evolved since 2004 so additional questions and answers were needed to ensure you had a comprehensive toolset to become more aware of the evolving security threat landscape that could impact your organization.The tool employs a holistic approach to measuring your security posture by covering topics across people, process, and technology. Findings are coupled with prescriptive guidance and recommended mitigation efforts, including links to more information for additional industry guidance. These resources may assist you in keeping you aware of specific tools and methods that can help change the security posture of your IT environment.There are two assessments that define the Microsoft Security Assessment Tool:
Business Risk Profile Assessment
Defense in Depth Assessment (UPDATED)
The questions identified in the survey portion of the tool and the associated answers are derived from commonly accepted best practices around security, both general and specific. The questions and the recommendations that the tool offers are based on standards such as ISO 17799 and NIST-800.x, as well as recommendations and prescriptive guidance from Microsoft’s Trustworthy Computing Group and additional security resources valued in the industry.After completing an Assessment, you will gain access to a detailed report of your results. You may also compare your results with those of your peers (by industry and company size), provided that you upload your results anonymously to the secure MSAT Web server. When you upload your data the application will simultaneously retrieve the most recent data available. To be able to provide this comparative data, we need customers such as you to upload their information. All information is kept strictly confidential and no personally identifiable information whatsoever will be sent. For more information on Microsoft's privacy policy, please visit: http://www.microsoft.com/info/privacy.mspx.

http://www.microsoft.com/downloads/details.aspx?FamilyID=cd057d9d-86b9-4e35-9733-7acb0b2a3ca1&DisplayLang=en

Microsoft Online Services Sign In Tool V1
Brief Description
Client application that enables single sign-on to Microsoft Online Services
Overview
Service Client application that enables single sign-on to Microsoft Online Services. With this tool, users can configure Outlook, Internet Explorer and LiveMeeting, then use it logon to the licensed, hosted applications subscribed on Microsoft Online Services.
http://www.microsoft.com/downloads/details.aspx?FamilyID=01f6c0e4-f897-442a-8462-425f8edddad9&DisplayLang=en

Critical Product Vulnerability - October 23, 2008 Microsoft Security Bulletin Release (Out of Band) MS08-067

2008-10-24T21:10:00.002-07:00

Red Alert: Critical Product Vulnerability - October 23, 2008 Microsoft Security Bulletin Release (Out of Band) MS08-067

This alert contains an overview of the new out of band security bulletin released this morning. Microsoft has released security bulletin MS08-067, Vulnerability in Server Service Could Allow Remote Code Execution (958644), to address vulnerability in all currently supported versions of Windows.

As this is an out-of-band release, we urge you to review this update and apply an accelerated testing and release schedule across your enterprise.

At this time we are not releasing a new version of the Windows Malicious Software Removal Tool and we recommend that you ensure your Antivirus and malware product definitions are remaining up-to-date.

What is the purpose of this alert?

This alert is to provide you with an overview of the new security bulletin released (out of band) on October 23, 2008. Microsoft has released security bulletin MS08-067, Vulnerability in Server Service Could Allow Remote Code Execution (958644), to address vulnerability in all currently supported versions of Windows. This security update was released outside of the usual monthly security bulletin release cycle in an effort to protect customers.

Executive Summary

This security update resolves a privately reported vulnerability in the Server service. The vulnerability could allow remote code execution if an affected system received a specially crafted RPC request. On Microsoft Windows 2000, Windows XP, and Windows Server 2003 systems, an attacker could exploit this vulnerability without authentication to run arbitrary code. It is possible that this vulnerability could be used in the crafting of a wormable exploit. Firewall best practices and standard default firewall configurations can help protect network resources from attacks that originate outside the enterprise perimeter. The security update addresses the vulnerability by correcting the way that the Server service handles RPC requests.

Recommendations

Microsoft recommends customers prepare their systems and networks to apply this security bulletin immediately once released to help ensure that their computers are protected from attempted criminal attacks. For more information about security updates, visit http://www.microsoft.com/protect.

New Security Bulletin Technical Details

Identifier	MS08-067
Severity Rating	This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, and rated Important for all supported editions of Windows Vista and Windows Server 2008.
Impact of Vulnerability	Remote Code Execution
Detection	Microsoft Baseline Security Analyzer can detect whether your computer system requires this update.
Affected Software	All currently supported versions of Windows
Restart Requirement	The update requires a restart.
Removal Information	· For Windows 2000, Windows XP, Windows Server 2003: Use Add or Remove Programs tool in Control Panel or the Spuninst.exe utility · For Windows Vista and Windows Server 2008: WUSA.exe does not support uninstall of updates. To uninstall an update installed by WUSA, click Control Panel, and then click Security. Under Windows Update, click View installed updates and select from the list of updates.
Bulletins Replaced by This Update	MS06-040 is superseded on these operating systems: Windows 2000 SP4, Windows XP SP2, Windows XP X64, Windows Server 2003 SP1, Windows Server 2003 X64, Windows Server 2003 SP1 for Itanium-based Systems.
Full Details:	http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx

Public Bulletin Webcast

Microsoft will host a Webcast to address customer questions on the bulletin:

Title: Information Regarding an Out-of-Band Security Bulletin Release (Level 200)

Date: Thursday, October 23, 2008 1:00 P.M. Pacific Time (U.S. & Canada)

URL: http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?culture=en-US&EventID=1032393978

Regarding Information Consistency

We strive to provide you with accurate information in static (this mail) and dynamic (Web-based) content. Microsoft's security content posted to the Web is occasionally updated to reflect late-breaking information. If this results in an inconsistency between the information here and the information in Microsoft's Web-based security content, the information in Microsoft's Web-based security content is authoritative.

If you have any questions regarding this alert please contact your Technical Account Manager or Application Development Consultant.

Thank you,

Microsoft CSS Security Team

OCTOBER 2008 MICROSOFT SECURITY BULLETIN RELEASE

2008-10-16T01:23:00.000-07:00

What is the purpose of this alert?

This alert is to provide you with an overview of the new security bulletins being released on October 14, 2008. Security bulletins are released monthly to resolve critical problem vulnerabilities.

This alert will also discuss one new security advisory (956391) and a bulletin major revision (MS08-041) released on October 14.

New Security Bulletins:

Microsoft is releasing the following eleven new security bulletins for newly discovered vulnerabilities:

Bulletin Number	Maximum Severity	Affected Products	Impact
MS08-056	Moderate	Microsoft Office XP	Information Disclosure
MS08-057	Critical	Microsoft Excel 2000, Excel 2002, Excel 2003 and Excel Viewer 2003, Excel 2007 and Excel Viewer, Office Compatibility Pack for 2007 File Formats, Office SharePoint Server 2007, Office 2004 and 2008 for Mac, Open XML File Format Converter for Mac	Remote Code Execution
MS08-058	Critical	Internet Explorer on Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008	Remote Code Execution
MS08-059	Critical	Microsoft Host Integration Server 2000, Host Integration Server 2004 and Host Integration Server 2006	Remote Code Execution
MS08-060	Critical	Microsoft Windows 2000 Server	Remote Code Execution
MS08-061	Important	Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008	Elevation of Privilege
MS08-062	Important	Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008	Remote Code Execution
MS08-063	Important	Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008	Remote Code Execution
MS08-064	Important	Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008	Elevation of Privilege
MS08-065	Important	Microsoft Windows 2000	Remote Code Execution
MS08-066	Important	Microsoft Windows XP, Windows Server 2003	Elevation of Privilege

Summaries for these new bulletins may be found at the following pages:

http://www.microsoft.com/technet/security/bulletin/MS08-Oct.mspx.

New Security Advisory Release

On October 14, 2008, Microsoft released security advisory 956391 - Cumulative Security Update of ActiveX Kill Bits. This update sets the kill bits for third-party software.

The update also sets the kill bits for ActiveX controls addressed in previous Microsoft Security Bulletins as a defense-in-depth measure. Here are some answers to common questions:

Q: Why is Microsoft releasing this Cumulative Update of ActiveX Kill Bits with a security advisory when previous kill bit updates were released with a security bulletin?
A: Microsoft is releasing this Cumulative Security Update of ActiveX Kill Bits with an advisory because the new kill bits either do not affect Microsoft software, or had been previously set in a Microsoft Security Bulletin.

Q: Why does this advisory not have a security rating associated with it?
A: This update contains kill bits for third-party controls or controls that have previously been addressed in security updates. Microsoft does not provide a security rating for vulnerable third-party controls.

Q: Does this update contain kill bits that were previously released in a Cumulative Security Update of ActiveX Kill Bits?
A: Yes, this update also includes kill bits that were previously set in Microsoft Security Advisory (953839).

Q: Does this update contain kill bits that were previously shipped in an Internet Explorer security update?
A: No, this update does not include kill bits that were previously shipped in an Internet Explorer security update. We recommend that you install the latest Cumulative Security Update for Internet Explorer.

Complete details are provided in security advisory 956391 at this address: http://www.microsoft.com/technet/security/advisory/956391.mspx.

Microsoft Security Bulletin Major Revision (MS08-041)

On October 14, Microsoft revised security bulletin MS08-041 - Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote Code Execution (955617). Reason for revision: When this bulletin was first released on August 12, an update for the standalone Snapshot Viewer for Microsoft Access was not available. An update for the standalone viewer has now been made available from the Microsoft Download Center.

Microsoft Exploitability Index

The Microsoft Exploitability Index is designed to provide additional information to help customers better prioritize the deployment of Microsoft security updates. This index provides customers with guidance on the likelihood of functioning exploit code being developed for vulnerabilities addressed by Microsoft security updates. Starting in October 2008, Microsoft will be providing the Exploitability Index details for each new bulletin in the Monthly Bulletin Summary Web page: http://www.microsoft.com/technet/security/bulletin/MS08-Oct.mspx.

More information on the Exploitability Index including why the index was developed, how it works and answers to common questions is provided here: http://technet.microsoft.com/en-us/security/cc998259.aspx.

Microsoft Windows Malicious Software Removal Tool

Microsoft is releasing an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Server Update Services (WSUS), Windows Update (WU) and the Download Center. Note that this tool will NOT be distributed using Software Update Services (SUS). Information on the Microsoft Windows Malicious Software Removal Tool can be located here: http://go.microsoft.com/fwlink/?LinkId=40573.

High-Priority Non-Security Updates

High priority non-security updates Microsoft releases to be available on Microsoft Update (MU), Windows Update (WU) or Windows Server Update Services (WSUS) will be detailed in the following KB Article: http://support.microsoft.com/?id=894199.

Public Bulletin Webcast

Microsoft will host a Webcast to address customer questions on these bulletins:

Title: Information about Microsoft October Security Bulletins (Level 200)

Date: Wednesday, October 15th, 2008 11:00 AM Pacific Time (US & Canada)

URL: http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?culture=en-US&EventID=1032374639

New Security Bulletin Technical Details

In the following tables of affected and non-affected software, software editions that are not listed are past their support lifecycle. To determine the support lifecycle for your product and edition, visit Microsoft Support Lifecycle.

Bulletin Identifier	Microsoft Security Bulletin MS08-056
Bulletin Title	Vulnerability in Microsoft Office Could Allow Information Disclosure (957699)
Executive Summary	This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow information disclosure if a user clicks a specially crafted CDO URL. An attacker who successfully exploited this vulnerability could inject a client-side script in the user's browser that could spoof content, disclose information, or take any action that the user could take on the affected Web site.
Maximum Severity Rating	Moderate
Impact of Vulnerability	Information Disclosure
Detection	Microsoft Baseline Security Analyzer can detect whether your computer system requires this update.
Affected Software	Microsoft Office XP. For more information, see the Affected Software and Download Locations section.
Restart Requirement	The update does not require a restart.
Removal Details	Use Add or Remove Programs tool in Control Panel. Note: When you remove this update, you may be prompted to insert the Microsoft Office XP CD in the CD drive. Additionally, you may not have the option to uninstall the update from the Add or Remove Programs tool in Control Panel. There are several possible causes for this issue. For more information about the removal, see Microsoft Knowledge Base Article 903771.
Bulletins Replaced	None
Full Details	http://www.microsoft.com/technet/security/bulletin/MS08-056.mspx

Bulletin Identifier	Microsoft Security Bulletin MS08-057
Bulletin Title	Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (956416)
Executive Summary	This security update resolves three privately reported vulnerabilities in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Maximum Severity Rating	Critical
Impact of Vulnerability	Remote Code Execution
Detection	Microsoft Baseline Security Analyzer can detect whether your computer system requires this update.
Affected Software	Microsoft Excel 2000, Excel 2002, Excel 2003 and Excel Viewer 2003, Excel 2007 and Excel Viewer, Office Compatibility Pack for 2007 File Formats, Office SharePoint Server 2007, Office 2004 and 2008 for Mac, Open XML File Format Converter for Mac. For more information, see the Affected Software and Download Locations section.
Restart Requirement	The update does not require a restart.
Removal Details	Removal steps vary depending on which package is installed. For more information see the Security Update Deployment section of the bulletin at the link below.
Bulletins Replaced	MS08-043
Full Details	http://www.microsoft.com/technet/security/bulletin/MS08-057.mspx

Bulletin Identifier	Microsoft Security Bulletin MS08-058
Bulletin Title	Cumulative Security Update for Internet Explorer (956390)
Executive Summary	This security update resolves five privately reported vulnerabilities and one publicly disclosed vulnerability. The vulnerabilities could allow information disclosure or remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Maximum Severity Rating	Critical
Impact of Vulnerability	Remote Code Execution
Detection	Microsoft Baseline Security Analyzer can detect whether your computer system requires this update.
Affected Software	Internet Explorer on Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008. For more information, see the Affected Software and Download Locations section.
Restart Requirement	The update requires a restart.
Removal Details	· IE on Windows 2000, Windows XP, Windows Server 2003: Use Add or Remove Programs tool in Control Panel or the Spuninst.exe utility. · IE on Windows Vista, Windows Server 2008: WUSA.exe does not support uninstall of updates. To uninstall an update installed by WUSA, click Control Panel, and then click Security. Under Windows Update, click View installed updates and select from the list of updates.
Bulletins Replaced	MS08-045
Full Details	http://www.microsoft.com/technet/security/bulletin/MS08-058.mspx

Bulletin Identifier	Microsoft Security Bulletin MS08-059
Bulletin Title	Vulnerability in Host Integration Server RPC Service Could Allow Remote Code Execution (956695)
Executive Summary	This security update resolves a privately reported vulnerability in Microsoft Host Integration Server. The vulnerability could allow remote code execution if an attacker sent a specially crafted Remote Procedure Call (RPC) request to an affected system. Customers who follow best practices and configure the SNA RPC service account to have fewer user rights on the system could be less impacted than customers who configure the SNA RPC service account to have administrative user rights.
Maximum Severity Rating	Critical
Impact of Vulnerability	Remote Code Execution
Detection	Microsoft Baseline Security Analyzer can detect whether your computer system requires this update.
Affected Software	Microsoft Host Integration Server 2000, Host Integration Server 2004 and Host Integration Server 2006. For more information, see the Affected Software and Download Locations section.
Restart Requirement	The update may require a restart.
Removal Details	Use Add or Remove Programs tool in Control Panel. Note: When you remove this update, you may be prompted to insert the Microsoft Host Integration Server 2004 CD in the CD drive. Additionally, you may not have the option to uninstall the update from the Add or Remove Programs tool in Control Panel. There are several possible causes for this issue. There are several possible causes for this issue. For more information about the removal, see Microsoft Knowledge Base Article 268800.
Bulletins Replaced	None
Full Details	http://www.microsoft.com/technet/security/bulletin/MS08-059.mspx

Bulletin Identifier	Microsoft Security Bulletin MS08-060
Bulletin Title	Vulnerability in Active Directory Could Allow Remote Code Execution (957280)
Executive Summary	This security update resolves a privately reported vulnerability in implementations of Active Directory on Microsoft Windows 2000 Server. The vulnerability could allow remote code execution if an attacker gains access to an affected network. This vulnerability only affects Microsoft Windows 2000 servers configured to be domain controllers. If a Microsoft Windows 2000 server has not been promoted to a domain controller, it will not be listening to Lightweight Directory Access Protocol (LDAP) or LDAP over SSL (LDAPS) queries, and will not be exposed to this vulnerability.
Maximum Severity Rating	Critical
Impact of Vulnerability	Remote Code Execution
Detection	Microsoft Baseline Security Analyzer can detect whether your computer system requires this update.
Affected Software	Microsoft Windows 2000 Server. For more information, see the Affected Software and Download Locations section.
Restart Requirement	The update requires a restart.
Removal Details	Use Add or Remove Programs tool in Control Panel or the Spuninst.exe utility.
Bulletins Replaced	MS08-035
Full Details	http://www.microsoft.com/technet/security/bulletin/MS08-060.mspx

Bulletin Identifier	Microsoft Security Bulletin MS08-061
Bulletin Title	Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (954211)
Executive Summary	This security update resolves one publicly disclosed and two privately reported vulnerabilities in the Windows kernel. A local attacker who successfully exploited these vulnerabilities could take complete control of an affected system. The vulnerabilities could not be exploited remotely or by anonymous users.
Maximum Severity Rating	Important
Impact of Vulnerability	Elevation of Privilege
Detection	Microsoft Baseline Security Analyzer can detect whether your computer system requires this update.
Affected Software	Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008. For more information, see the Affected Software and Download Locations section.
Restart Requirement	The update requires a restart.
Removal Details	· Microsoft Windows 2000, Windows XP, Windows Server 2003: Use Add or Remove Programs tool in Control Panel or the Spuninst.exe utility. · Windows Vista, Windows Server 2008: WUSA.exe does not support uninstall of updates. To uninstall an update installed by WUSA, click Control Panel, and then click Security. Under Windows Update, click View installed updates and select from the list of updates.
Bulletins Replaced	MS08-025
Full Details	http://www.microsoft.com/technet/security/bulletin/MS08-061.mspx

Bulletin Identifier	Microsoft Security Bulletin MS08-062
Bulletin Title	Vulnerability in Windows Internet Printing Service Could Allow Remote Code Execution (953155)
Executive Summary	This update resolves a privately reported vulnerability in the Windows Internet Printing Service that could allow remote code execution in the context of the current user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Maximum Severity Rating	Important
Impact of Vulnerability	Remote Code Execution
Detection	Microsoft Baseline Security Analyzer can detect whether your computer system requires this update.
Affected Software	Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008. For more information, see the Affected Software and Download Locations section.
Restart Requirement	The update requires a restart.
Removal Details	· Microsoft Windows 2000, Windows XP, Windows Server 2003: Use Add or Remove Programs tool in Control Panel or the Spuninst.exe utility. · Windows Vista, Windows Server 2008: WUSA.exe does not support uninstall of updates. To uninstall an update installed by WUSA, click Control Panel, and then click Security. Under Windows Update, click View installed updates and select from the list of updates.
Bulletins Replaced	None
Full Details	http://www.microsoft.com/technet/security/bulletin/MS08-062.mspx

Bulletin Identifier	Microsoft Security Bulletin MS08-063
Bulletin Title	Vulnerability in SMB Could Allow Remote Code Execution (957095)
Executive Summary	This security update resolves a privately reported vulnerability in Microsoft Server Message Block (SMB) Protocol. The vulnerability could allow remote code execution on a server that is sharing files or folders. An attacker who successfully exploited these vulnerabilities could install programs; view, change, or delete data; or create new accounts with full user rights.
Maximum Severity Rating	Important
Impact of Vulnerability	Remote Code Execution
Detection	Microsoft Baseline Security Analyzer can detect whether your computer system requires this update.
Affected Software	Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008. For more information, see the Affected Software and Download Locations section.
Restart Requirement	The update requires a restart.
Removal Details	· Microsoft Windows 2000, Windows XP, Windows Server 2003: Use Add or Remove Programs tool in Control Panel or the Spuninst.exe utility. · Windows Vista, Windows Server 2008: WUSA.exe does not support uninstall of updates. To uninstall an update installed by WUSA, click Control Panel, and then click Security. Under Windows Update, click View installed updates and select from the list of updates.
Bulletins Replaced	MS06-063
Full Details	http://www.microsoft.com/technet/security/bulletin/MS08-063.mspx

Bulletin Identifier	Microsoft Security Bulletin MS08-064
Bulletin Title	Vulnerability in Virtual Address Descriptor Manipulation Could Allow Elevation of Privilege (956841)
Executive Summary	This security update resolves a privately reported vulnerability in Virtual Address Descriptor. The vulnerability could allow elevation of privilege if a user runs a specially crafted application. An authenticated attacker who successfully exploited this vulnerability could gain elevation of privilege on an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.
Maximum Severity Rating	Important
Impact of Vulnerability	Elevation of Privilege
Detection	Microsoft Baseline Security Analyzer can detect whether your computer system requires this update.
Affected Software	Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008. For more information, see the Affected Software and Download Locations section.
Restart Requirement	The update requires a restart.
Removal Details	· Microsoft Windows XP, Windows Server 2003: Use Add or Remove Programs tool in Control Panel or the Spuninst.exe utility. · Windows Vista, Windows Server 2008: WUSA.exe does not support uninstall of updates. To uninstall an update installed by WUSA, click Control Panel, and then click Security. Under Windows Update, click View installed updates and select from the list of updates.
Bulletins Replaced	MS07-022, MS07-066, Microsoft Security Advisory (932596)
Full Details	http://www.microsoft.com/technet/security/bulletin/MS08-064.mspx

Bulletin Identifier	Microsoft Security Bulletin MS08-065
Bulletin Title	Vulnerability in Message Queuing Could Allow Remote Code Execution (951071)
Executive Summary	This security update resolves a privately reported vulnerability in the Message Queuing Service (MSMQ) on Microsoft Windows 2000 systems. The vulnerability could allow remote code execution on Microsoft Windows 2000 systems with the MSMQ service enabled.
Maximum Severity Rating	Important
Impact of Vulnerability	Remote Code Execution
Detection	Microsoft Baseline Security Analyzer can detect whether your computer system requires this update.
Affected Software	Microsoft Windows 2000. For more information, see the Affected Software and Download Locations section.
Restart Requirement	The update requires a restart.
Removal Details	Use Add or Remove Programs tool in Control Panel or the Spuninst.exe utility.
Bulletins Replaced	MS07-065
Full Details	http://www.microsoft.com/technet/security/bulletin/MS08-065.mspx

Bulletin Identifier	Microsoft Security Bulletin MS08-066
Bulletin Title	Vulnerability in the Microsoft Ancillary Function Driver Could Allow Elevation of Privilege (956803)
Executive Summary	This security update resolves a privately reported vulnerability in the Microsoft Ancillary Function Driver. A local attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Maximum Severity Rating	Important
Impact of Vulnerability	Elevation of Privilege
Detection	Microsoft Baseline Security Analyzer can detect whether your computer system requires this update.
Affected Software	Microsoft Windows XP, Windows Server 2003. For more information, see the Affected Software and Download Locations section.
Restart Requirement	The update requires a restart.
Removal Details	Use Add or Remove Programs tool in Control Panel or the Spuninst.exe utility.
Bulletins Replaced	None
Full Details	http://www.microsoft.com/technet/security/bulletin/MS08-066.mspx

Regarding Information Consistency

Technical Cyber Security Alert TA08-288A

2008-10-15T16:56:00.000-07:00

National Cyber Alert System
Technical Cyber Security Alert TA08-288A
Microsoft Updates for Multiple Vulnerabilities
Original release date: October 14, 2008
Last revised: --
Source: US-CERT

Systems Affected
Microsoft Windows
Microsoft Internet Explorer
Microsoft Office

Overview
Microsoft has released updates that address vulnerabilities in Microsoft Windows, Internet Explorer, and Microsoft Office.

I. Description
Microsoft has released updates to address vulnerabilities that affect Microsoft Windows, Internet Explorer, and Microsoft Office as part of the Microsoft Security Bulletin Summary for October 2008. The most severe vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code. For more information, see the US-CERT Vulnerability Notes Database.

II. Impact
A remote, unauthenticated attacker could execute arbitrary code or cause a vulnerable application to crash.

III. Solution
Apply updates from Microsoft
Microsoft has provided updates for these vulnerabilities in the October 2008 Security Bulletin Summary. The security bulletin describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. Administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS).

IV. References
US-CERT Vulnerability Notes for Microsoft October 2008 updates -
Microsoft Security Bulletin Summary for October 2008 -
Microsoft Update -
Windows Server Update Services -

How to recovery your Administrator's password in Windows XP

2008-09-18T18:04:00.000-07:00

Please follow below steps to recover the lost administrator's password. By using these steps you get rid of your problem. Slightly more work needed if you lose or forget the Windows XP administrator password.

1. First reboot Windows XP in safe mode by re-starting the computer and pressing F8 repeated as the computer starts up.

2. Then (in safe mode) click Start and then click Run. In the open box type "control userpasswords2" without the quotes - I have just used quotes to differentiate what you have to type.

3. You will now have access to all the user accounts, including the administrators account and will be able to reset the lost password.

4. Just click the administrators user account, and then click Reset Password.

5. You will need to add a new password in the New password and the Confirm new password boxes, and confirm by clicking OK.

All done, you have recovered the lost adminitrators password!

Microsoft Security: Interesting downloads for this weekend 5-09-2008

2008-09-12T05:03:00.001-07:00

Security, Policy & Compliance

Microsoft Forefront Security for Exchange Server with SP1 Documentation
Brief Description
Microsoft Forefront Security for Exchange Server with SP1 Documentation
Overview
Forefront Security for Exchange Server SP1 integrates multiple scan engines from industry-leading security firms into a comprehensive, layered solution, helping protect your Microsoft Exchange Server messaging environments from viruses, worms, spam, and inappropriate content. This new release provides support for Exchange Server 2007 SP1 and Windows Server 2008, as well as content filtering and manageability enhancements. These enhancements include:
Seamless support for organizations running IPv6.
Improved content filtering with installable keyword lists that can be used to eliminate email containing profanity in eleven supported languages.
Improved integration with Microsoft System Center Operations Manager through new management packs that allow administrators to proactively monitor the state of their Exchange 2007 protection.
Increased flexibility for scanning or blocking high compression zip files and RAR archives.
Note: Forefront Security for Exchange users who are running Exchange 2007 RTM and wish to upgrade to Exchange 2007 SP1 must first upgrade to Forefront Security for Exchange SP1.
http://www.microsoft.com/downloads/details.aspx?FamilyID=5cd4e36e-2dab-44d6-990e-3b8184b1cb1b&DisplayLang=en

Microsoft Antigen 9 with SP1 Readme
Brief Description
The Messaging Security Suite includes Antigen for Exchange, Antigen for SMTP Gateways, and Antigen Spam Manager, and provides server-level protection against the latest e-mail threats.
Overview
The Messaging Security Suite includes Antigen for Exchange, Antigen for SMTP Gateways, and Antigen Spam Manager, and provides server-level protection against the latest e-mail threats.
http://www.microsoft.com/downloads/details.aspx?FamilyID=7793ba73-50c0-4e07-9cd9-211558cbd890&DisplayLang=en

Podcasts: How Microsoft IT Manages Physical Security through Strategic IT Convergence
Brief Description
The purpose of World Wide Security Operations is to protect Microsoft’s assets in a manner consistent with corporate culture.
Overview
The purpose of World Wide Security Operations is to protect Microsoft’s assets in a manner consistent with corporate culture. Through the strategic deployment of security systems, Corporate Security is improving the way that they protect Microsoft assets, information, and employees. The goal of this story is to describe the MS and partner “secure by design” technologies that support access control, monitoring solutions, and incident response and real-time communication solutions.
http://www.microsoft.com/downloads/details.aspx?FamilyID=b72ea3fb-6905-48b6-a987-cc4c032de7e1&DisplayLang=en

Visio 2007 Connector for Microsoft Baseline Security Analyzer (MBSA) 2.1
Brief Description
The Microsoft Office Visio 2007 Connector for Microsoft Baseline Security Analyzer (MBSA) lets you view the results of an MBSA scan in a clear, comprehensive Microsoft Office Visio 2007 network diagram.
Overview
The Visio 2007 Connector for Microsoft Baseline Security Analyzer (MBSA) 2.1 lets you view the results of an MBSA scan in a clear, comprehensive Visio 2007 network diagram. You must have both Microsoft Office Visio 2007 Professional and MBSA 2.1, a free security tool from Microsoft, for this connector to work properly.
http://www.microsoft.com/downloads/details.aspx?FamilyID=95e0f821-9c2c-4287-9157-49c1205e08ef&DisplayLang=en

HP Business Products and Offerings with Vista Business by Kevin Yap, Product Marketing Manager, Hewlett Packard Asia Pacific (Presentation Decks)
Brief Description
HP Business Products and Offerings with Vista Business by Kevin Yap, Product Marketing Manager, Hewlett Packard Asia Pacific (Presentation Decks)
Overview
HP Business Products and Offerings with Vista Business by Kevin Yap, Product Marketing Manager, Hewlett Packard Asia Pacific (Presentation Decks)
http://www.microsoft.com/downloads/details.aspx?FamilyID=f2c21d51-ece5-49b8-a028-d5cd64774881&DisplayLang=en

The Art of Manageability and Security Technology: Intel vPro by Davis Hong, Regional Business Development Manager, Intel Technology Asia Pte Ltd (Presentation Deck)
Brief Description
The Art of Manageability and Security Technology: Intel vPro by Davis Hong, Regional Business Development Manager, Intel Technology Asia Pte Ltd (Presentation Deck)
Overview
The Art of Manageability and Security Technology: Intel vPro by Davis Hong, Regional Business Development Manager, Intel Technology Asia Pte Ltd (Presentation Deck)
http://www.microsoft.com/downloads/details.aspx?FamilyID=1d4cd003-98ca-4bb0-ac30-70b7aa3a92b7&DisplayLang=en

Microsoft Desktop Optimization Pack (MDOP) Demonstration By Christopher Perez Estonina, MDOP Specialist, Microsoft Asia Pacific Presentation Deck
Brief Description
Microsoft Desktop Optimization Pack (MDOP) Demonstration By Christopher Perez Estonina, MDOP Specialist, Microsoft Asia Pacific Presentation Deck
Overview
Microsoft Desktop Optimization Pack (MDOP) Demonstration By Christopher Perez Estonina, MDOP Specialist, Microsoft Asia Pacific Presentation Deck
http://www.microsoft.com/downloads/details.aspx?FamilyID=2d566529-fd6b-49dd-afb8-3217ff8995ce&DisplayLang=en

Realize Value - Microsoft 2007 Office Deployment and Adoption by Alan Dias, Solution Specialist, Information Worker, Microsoft Singapore (Presentation Deck)
Brief Description
Realize Value - Microsoft 2007 Office Deployment and Adoption by Alan Dias, Solution Specialist, Information Worker, Microsoft Singapore
Overview
Realize Value - Microsoft 2007 Office Deployment and Adoption by Alan Dias, Solution Specialist, Information Worker, Microsoft Singapore (Presentation Deck)
http://www.microsoft.com/downloads/details.aspx?FamilyID=28f25862-595d-4e42-a618-5a316c280e09&DisplayLang=en

Vista with the TCS Difference Rajesh R. Bharthi Tata Consultancy Services (Presentation Deck)
Brief Description
Vista with the TCS Difference Rajesh R. Bharthi Tata Consultancy Services (Presentation Deck)
Overview
Vista with the TCS Difference Rajesh R. Bharthi Tata Consultancy Services (Presentation Deck)
http://www.microsoft.com/downloads/details.aspx?FamilyID=13b48f73-44e1-4a1a-b811-dc46d307e7da&DisplayLang=en

Straight From the Source - Optimized Desktop Deployment by Microsoft Services Lutz Seidemann, Lead Architect, Microsoft Asia Pacific (Presentation Deck)
Brief Description
Straight From the Source - Optimized Desktop Deployment by Microsoft Services Lutz Seidemann, Lead Architect, Microsoft Asia Pacific (Presentation Deck)
Overview
Straight From the Source - Optimized Desktop Deployment by Microsoft Services Lutz Seidemann, Lead Architect, Microsoft Asia Pacific (Presentation Deck)
http://www.microsoft.com/downloads/details.aspx?FamilyID=7a468c1e-f0b0-4599-bf56-ba7e25c772fc&DisplayLang=en

Lap top selector downloadable help guide
Brief Description
Lap top selector downloadable help guide
Overview
Lap top selector downloadable help guide
http://www.microsoft.com/downloads/details.aspx?FamilyID=b5cf4b4f-a00b-484a-bf25-40f6c3bd6f03&DisplayLang=en

Top 10 Questions to Ask
Brief Description
Top 10 Questions to Ask
Overview
Top 10 Questions to Ask when selecting new pcs
http://www.microsoft.com/downloads/details.aspx?FamilyID=ce7867a1-4bc4-4063-898a-ebe0a797ddcf&DisplayLang=en

Volume Licensing Program Guides, Datasheets, and FAQs
Brief Description
Volume Licensing documents, including program guides, datasheets, and FAQs
Overview
The Microsoft Volume Licensing program guides provide comprehensive descriptions of Volume Licensing programs, including information about Microsoft Software Assurance. Download these guides to get details about things such as program features, benefits, requirements, pricing, and agreement structure.The datasheets provide an overview of Volume Licensing programs. Use these documents to get at-a-glance information about benefits, licensing options, pricing, Software Assurance benefits, and more.
http://www.microsoft.com/downloads/details.aspx?FamilyID=e8798816-b0ba-4337-ba38-8fe2cf32b5d8&DisplayLang=en

The Microsoft Optimized Desktop Strategy by Jeff Johnson, Enterprise Technology Specialist, Microsoft Corporation
Brief Description
The Microsoft Optimized Desktop Strategy by Jeff Johnson, Enterprise Technology Specialist, Microsoft Corporation Presentation Deck
Overview
The Microsoft Optimized Desktop Strategy by Jeff Johnson, Enterprise Technology Specialist, Microsoft Corporation Presentation Deck
http://www.microsoft.com/downloads/details.aspx?FamilyID=2ffa666d-fe97-46b8-8439-6b9e89bce9cf&DisplayLang=en

Welcome Address & Keynote - Haresh Khoobchandani, Director, Business and Marketing Organization, Microsoft Singapore
Brief Description
Welcome Address & Keynote - Haresh Khoobchandani, Director, Business and Marketing Organization, Microsoft Singapore Presentation Deck
Overview
Welcome Address & Keynote - Haresh Khoobchandani, Director, Business and Marketing Organization, Microsoft Singapore Presentation Deck
http://www.microsoft.com/downloads/details.aspx?FamilyID=003f1c88-0094-41dc-a5f3-fae87252a2aa&DisplayLang=en

EMEA case study resources
Brief Description
EMEA case study resources
Overview
Word and PowerPoint for GCRP programme
http://www.microsoft.com/downloads/details.aspx?FamilyID=76cb47e0-546a-4212-9b4a-c58959427b0d&DisplayLang=en

Downloadable Help Guide
Brief Description
Downloadable Help Guide
Overview
Downloadable Help Guide
http://www.microsoft.com/downloads/details.aspx?FamilyID=d2bded16-7408-4633-a57d-f321cc21327d&DisplayLang=en

Windows Media® Components for QuickTime
Brief Description
With Windows Media® Components for QuickTime, by Flip4Mac™, you can play Windows Media files (.wma and .wmv) directly in QuickTime Player and view Windows Media content on the Internet using a Web browser.
Overview
With Windows Media® for QuickTime, by Flip4Mac™, you can play Windows Media files (.wma and .wmv) directly in QuickTime Player and view Windows Media content on the Internet using a Web browser. Optimized for High-Definition Playback:Windows Media® Components for QuickTime has been highly optimized for Power Mac G4 and G5 and Intel computers and supports playback of high-definition Windows Media video files.Upgrade to Advanced Features:Windows Media playback is provided for free. By upgrading, you can import Windows Media files for editing and create Windows Media files for distribution. To learn more about these advanced features, visit the Flip4Mac Web site.
http://www.microsoft.com/downloads/details.aspx?FamilyID=915d874d-d747-4180-a400-5f06b1b5e559&DisplayLang=en