March 2007 - Posts
A few days ago Microsoft posted Security Advisory (935423). Microsoft is investigating new public reports of attacks exploiting a vulnerability in the way Microsoft Windows handles animated cursor (.ani) files. In order for this attack to be carried out, a user must either visit a Web site that contains a Web page that is used to exploit the vulnerability or view a specially crafted e-mail message or email attachment sent to them by an attacker.
- Mitigating Factors for Animated Cursor Vulnerability:
- if you are using Internet Explorer 7 on Windows Vista you are protected from currently known web based attacks due to Internet Explorer 7.0 protected mode.
- If you are reading email in Outlook 2007 you are protected regardless of if you are reading the mail as plain text or not.
- If you are reading email using Windows Mail on Vista you are protected as long are not forwarding or replying to the attackers email.
- Regardless of if you are reading your mail in plain text on Outlook Express you are not protected.
For more detailed information see: Microsoft Security Advisory (935423).
MSRC Blog: Microsoft Security Advisory 935423 Posted
MSRC Blog: Update on Microsoft Security Advisory 935423
McAfee has added detection for the fake IE7 email. See their writeup: W32/Grum. You need at least DAT version 4996. So check if your version of McAfee is up-to-date.
For Symantec see: W32.Grum.A
There's a email out there, which says that it is coming from admin@microsoft with an attachment called: "IE7.0.exe". The subject of this email is: "Internet Explorer 7 Downloads" and it shows you an image of an IE7 Beta 2 download. Do NOT click on this image! If you do you are offered to download a trojan.
Two reasons why you should know this email is fake:
- Microsoft NEVER sends out updates or downloads by email.
- IE7 has been released and there's no Beta program anymore.
A screenshot of the email can be found at the Sunbelt Blog.
F-Secure detects the file as: Virus.Win32.Grum.A.
Holiday is over and it's back to reality. During the Summit we had a very good session with Mark Russinovich on the security in Windows Vista. I couldn't join the closing dinner where Mark would be present too as I had other arrangements. But there are three good articles at the TechNet web site by Mark Russinovich:
As usual, the day started early. But today is the last day, which means it will end around noon. There are three sessions on the agenda for today. The first one is about Windows Defender presented by Jeff Williams. Jeff spoke about the differences between Malicious Software removal tool, Windows OneCare and the Windows Live OneCare safety scanner. Each product has the same scanner but the signatures are different for each product.
For more information on these products visit the following web sites: Windows Live OneCare, Windows Live OneCare safety scanner and Malicious Software Removal Tool.
This was followed by Peter Eicher with a presentation about Forefront Server Security and Saveen Reddy about Forefront Client Security. For me totally new products but very interesting session. For more information about these products see the Microsoft Forefront web site.
The third and last session was presented by Eric Lawrence on IE7. The differences between the previous version and IE7 and the differences between the IE7 for Windows XP and Windows Vista. This session was just a bit too short. Much information and many questions.
Then it was time for the closing lunch. Saying good-bye to people you see only at the these Summits. Because of a little present I had to go back the store for a while. Unfortunately came back empty handed...
I didn't go back to the hotel or airport but had a "blind date" with Cathy's sister Kim, the Seattleite of the family. Kim showed me lots of Seattle, including the rush hour. But next time she should get a GPS for her birthday... 
We had a wonderful time and dinner at the Space Needle. Visited the gift shops and even made some photos. Roy will enjoy his stay in the bathroom...
One more thing, and this is for Daantje, the Space Needle is near the Experience Music Project where you can find Pearl Jam! Yes, now you can't say I wasn't thinking of you...
As I write this I'm already back in Chicago. The next few days JoAnne and I will visit some breakfast places. When I get back to Holland I really need to visit the health club again...
Yawn... yawn... Yes, it was early when the alarm clock went off: 5:30AM. The bus left for the Microsoft Campus an hour later. Arrived there and had breakfast. This is always something special. Where in the world do you see such a group of people? There are about 1,700 people from all over the world and from so many different nationalities. All trying to speak the same language: English. One better than the other. But everyone tries to understand each other.
Today was a day full of interesting technical sessions. And fortunately everything is in the Auditorium at the Microsoft Conference Building. Including wireless Internet connection. Got there a little early and was welcomed by Camie Schwan, the World Wide MVP Product Group Community Lead. It was Camie who introduced every other speaker for the rest of the day.
The first session was the Executive Discussion and was presented by Lori Woehler. This was followed by a session about BitLocker Drive Encryption, by Russ Humphries, Senior Product Manager, Windows Vista Security. Interesting discussion and whether you should use the TPM + USB, USB only, TPM +Pin or TPM Only. For more information check out this article: BitLocker™ Drive Encryption and Disk Sanitation.
Before lunch it was time for Shawn Travers about wireless security. This was more a Q&A type of session and some very interesting questions were asked and answered.
The following session was the MSRC or PSS presnted by Mark Miller, Andrew Cushman and Mike Reavey. Again a Q&A type of session but they also told the audience what they're doing and what we would like to see changed. In general it was about:
- Security Bulletin Release Process
- Security Incident Response Process
The next speaker was Amith Krishnan about NAP, Network Access Protection. NAP is a new platform to perform computer health policy validation, ensure ongoing compliance with health policies, and optionally restrict the access of computers that do not comply with system health requirements until their health state can be corrected.
Then it was time for Jeff Jones, Director Microsoft Corporation, in his session about Security Compete. And in his presentation he showed us that Windows is more secure and the number of days before a patch is released is better than other OS manufacturers. For numbers and figures, see Jeff Jones Security Blog.
A new feature in Windows Vista is "Card Spaces" and this was the subject of the session by Nigel Watling. If you want to know something more about Card Spaces, then check out this web site: Get Started with CardSpace.
The last session was presented by Mark Russinovich, well known from the tools posted at Sysinternals. Mark had a very interesting discussion about the Vista User Account Control and why you should use it and not turn it off immediately. See also the Windows Sysinternals.
Already two days here in Seattle and so many things have already happened. Arrived an hour later than scheduled, but the chauffeur was waiting for me at the exit at the airport. Then it was only a 20 minutes drive to the hotel. After unpacking a few things I went downstairs to see if there was a bus to the Washington State Convention & Trade Center. But it’s only 5 blocks away from the hotel. So I walked. It’s easier walking to the WSCTC because that is down hill...
Arrived at 2:30PM at the WSCTC and the first thing to do is to register for the event. It was still early and so not many people. Then visiting the Expo and looking for other Dutch and other MVPs. It was nice to see some familiar faces again.
Walked to the hotel again and at 6:30PM the Regional Dinner started. The EMEA dinner was held in the Sheraton hotel.
The next day, Tuesday, I was up early to catch the bus to the WSCTC. I was just too lazy to walk. Probably because I hadn’t had any coffee yet. After breakfast there was the Keynote by Bill Gates. Details of his keynote can be found at: Keynote Remarks by Bill Gates. And this time taking pictures was allowed and I had left the camera in the hotel. So you just have to do it with the cell phone photos, which I posted on the blog.
The keynote was followed by Q&A by Bill Gates and Rich Kaplan. Good questions and good answers.
After the beak it was time for more serious stuff and for me it was a presentation about the next version and new features of Visual Studio. I think the two most interesting presentations of today were after lunch. First the new features in the upcoming new release of SQL Server presented by Prakash Sundaresan followed by a presentation by Ben Fathi about the security in a changing world.
My compliments to Ben Fathi for what he has done already with the security in the new products. And for the wonderful presentation. The best part is always the Q&A where you always have an open and honest discussion. Not the hot air you hear in other places...
At 7:00PM it was time for the Attendee Party and this was held in the Museum of Flight. A good place to be. Of course, there’s always the gift shop. I’ve learned that you always visit the gift shop before you see the rest of the museum. That way you already have an impression of what is there in the museum. I knew that there was a Concorde, but I saw only from the bus on my way back to the hotel.
And if you think the MVPs are only a bunch of geeks then you’re wrong. Several MVPs also play music and the jam sessions were just wonderful. Actually the best thing of the evening...
Tomorrow we have to catch the bus of 6:30AM, which brings us to the Redmond campus. Who said this is a vacation...?!?
Somehow good news... no Microsoft Security Updates for this month:
On March 13, 2007 Microsoft is planning to release:
Security Updates
- No new Microsoft Security Bulletins will be released on March 13, 2007.
Microsoft Windows Malicious Software Removal Tool
- Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services and the Download Center.
Non-security High Priority updates on MU, WU, WSUS and SUS
- Microsoft will release two non-security high-priority updates for Windows on Windows Update (WU) and Software Update Services (SUS).
- Microsoft will release four non-security high-priority updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).
Source: TechNet.
No matter what, there will be enough work on "my" computers on the other side of the pond the next few weeks...
Download an update to the initial release of SQL Server 2005 SP2. This update resolves an issue with maintenance plan cleanup tasks intervals.
The initial release of SQL Server 2005 Service Pack 2 (SP2) contained an issue that caused maintenance plan cleanup tasks to remove data before the specified cleanup interval.
For additional information: Knowledge Base (KB) article 933508
Download at: Download Center
It's almost March 9
th, 2007, that we have to get on the airplane from Amsterdam, Holland, to the USA for the
MVP 2007 Global Summit at the Microsoft Campus in Redmond. The tickets are in, only have to make a reservation for the shuttle that takes me from the
SeaTec Airport to the
Renaissance Seattle hotel in downtown Seattle, WA.
The thing is to arrive there well rested and you should have had enough sleep the days before the
Summit starts. So what is a better place to start this tour than in the midwest? I'm flying to Chicago first to stay a few days with Roy and Cathy plus, we shouldn't forget Manny, the worlds most friendly Pit Bull dog I have ever seen.
When the
Summit starts you don't have time to sleep. Everyone I know thinks I'm going on a holiday, but in reality it's just hard working... :-) The agenda is from 7:00AM to midnight for almost every day. Of course, and then the things you do outside of the agenda...
Speaking of the agenda, it looks something like this:
- Day 1: Monday, March 12 @ the Washington State Convention and Trade Center
As of 1:00PM: Expo Fair and registration/badge pick-up plus a Dinner with regional teams in the evening...
- Day 2: Tuesday, March 13 @ the Washington State Convention and Trade Center
07:00–08:30: Breakfast and at 9:00AM several speeches by Microsoft's executives.
After lunch the "platform sessions" followed by a attendee party with dinner.
- Day 3: Wednesday, March 14 @ the Microsoft Redmond Campus
07:00–08:30: Breakfast at 7:00AM and followed by Technical deep-dive sessions (including break for Lunch) and at 6:30PM Dinner with product groups.
- Day 4: Thursday, March 15 @ the Microsoft Redmond Campus
07:00–08:30: Breakfast followed by another round of Technical deep-dive sessions.
At noon lunch, wrap up, and closing. And at 3:00PM it's back to the hotel, airport or wherever you want to go. I have a "date" with Cathy's sister Kim, who lives only 35 miles south of Redmond. I hope she knows some good local restaurants... See, it's a tough life. But hey, someone has got to do it...
That's why I'm staying another night in Seattle and return to Chicago the next day. On Friday I take the plane from Seattle (
SeaTec) back to
O'Hare, Chicago. Where I'll arrive at 4:55PM. I used to take the "Red-eye" flight back to Chicago, meaning you get the night flight at 11:30PM and arrive at 5:30AM in Chicago, but I was never able to sleep on those flights.
Back in Chicago I'll be going to the LaGrange area where I'll be staying at the
Holiday Inn, Countryside/LaGrange hotel. That's a very nice hotel and what's more important: they have a fast Internet connection. You only have to check the cables and whether it's connected correctly. So I should be able to write some more about this trip.
I'll be staying here for almost a week and spend some time with JoAnne & Marvin and maybe see some other familiar faces again. I think we already have an agenda for breakfasts. They have those wonderful breakfast places. I should start a place of myself here in Holland, but looking for an investor, a cook and a plan on how to get the Dutch out of their homes and into a breakfast place... yeah... right!
The next step on this tour will be Boston, where I'll be visiting Lynn. Of course, I'll also be looking at her oh... so needed for help screaming computer...;)
I've never been in Boston.
Karen and I had plans to go there in the Fall one day because of the wonderful Fall colors. It's almost Spring now and I sure hope they have removed all the snow before I arrive there. However, it just looks like as if I can leave my shorts in Holland.
This trip is a different one than usual. It's a
MVP trip but it also has a private part. I will not be travelling alone. I have some company and traveling with a few young ladies. Meet Snoesje, pronounce: "Snoosjah", Pluisje, pronounce: "ploosjah", Kippensoep (English: chicken soup) and Little "backup" Snoesje (pronounce: Snoosjah). Actually, you could say the "Chicago Bears" are on a mission...
Yes, I have to take
Karen's "kids" back home for someone wants to meet the "bear family" who played such an important role in
Karen's life.
This means that we have some stowaways in my rucksack and we have to fool GWB, his troops and especially that young female police officer with her sniffer dog at O'Hare airport.
You won't believe it, but I have seen her and the dog for several years now. It's not allowed to take pictures at US airports but I really would like to get a picture of that nice little sniffer dog who is running around with a blanket on his back which says: "
Protecting American Agriculture". Yes, that one tiny little dog... it carries a huge burden on his/her little shoulders. If you think you can get some food or fruit into the country then you better think twice. Impossible because the little sniffer dog snifs every bag and suitcase for food, fruit or whatever. That little doggie deserves a Medal of Honour! Sniffing those thousand and thousands of bags, suitcases every day... However, the sniffer dog never found my little tins with Goudse stroopwafels (pronounce: stroop waffles)...;)
That is why we have to put our little stowaways high and dry in the rucksack and hopefuly the police officer won't ask me to put the bag down on the floor...
For those who know me a bit longer they already have received the detailed flight plan, but here it is in a short version:
- March 9, KLM - Schiphol Amsterdam (AMS) to Chicago O'Hare (ORD)
- March 12, UA - Chicago O'Hare (ORD) to Seattle, WA, (SEA)
- March 16, UA - Seattle, WA, (SEA) to Chicago O'Hare (ORD)
- March 22, UA - Chicago O'Hare (ORD) to Boston, MA, (BOS)
- March 26, KLM/NW - Boston (BOS) to Amsterdam Schiphol (AMS) (next day)
Of all my "brothers-in-arms" I know personally, I know that
Kelly Marshall and
Ben "Trafton" Johnstone-Anderson lost their
MVP status,
Harry Waldron is too busy at work to attend the Summit and the same goes for our newly awarded MVP
Grif Thomas, moderator at the
McAfee and the
CNet forums.
So, I think it's up to me to keep them informed. Apart from Tuesday, the Executive Day, which is certainly covered by the NDA (Non-Disclosure Agreement), I'll keep them informed of what is said and update the
Maniacs at the
McAfee forum of what I can share. That could be another little blog at the forum too. Dang... I'll miss having a hamburger, even with beets (!!), with Harry and it would have been great to meet Grif there one day. Just make sure you both get there the next time!
A new service from McAfee Avert Labs as they launched their official PodCast site - AudioParasitics hosted by David Marcus and Jim Walter. One day they might talk about disclosure, the other day about zero-day trends or about new rootkit functionality. AudioParasitics will be there to beat that issue into submission with its two opinionated hosts and a variety of the security industry’s finest minds.
More information at: McAfee AudioParasitics
Source: McAfee Avert Labs Blog
This is a very nice initiative from Windows Live TM Messenger. Every time you start a conversation, Microsoft shares a good portion of the advertising revenue with some of the world's most effective organizations dedicated to social causes.
To participate you need to install Messenger 8.1 and then add one of the following codes to your display name:
- American Red Cross = *red+u
- Boys & Girls Clubs of = *bgca
- National AIDS Fund = *naf
- National MS Society = *mssoc
- ninemillion.org = *9mil
- Sierra Club = *sierra
- StopGlobalWarming.org = *help
- Susan G. Komen for the Cure = *komen
- UNICEF = *unicef
At this moment is more focused on the US, but at least you can start making a difference already. Start now and get involved. Put the banner on your web site or you blog. You can find more information about this initiative at: 
This time, traveling to the USA requires an additional step for me because I now have this very nice HTC smartphone. The US Congress decided that DST starts at March 11th, 2007 and ends at November 4th, 2007 and again in subsequent years. That's three weeks earlier than here in Europe. To make sure your appointments on your Windows Mobile devices are accurate, you’ll need to update your mobile device(s).
There are actually three things you need to do. The first one you probably already done because this one came with the critical updates of last month for the Windows Operating System:
- 2007 Time Zone Update for Microsoft Windows Operating Systems
- Outlook Time Zone Update Tool
- Daylight Saving Time 2007 Update Tool for Windows Mobile
Check for more information at Windows Mobile or at the Daylight Saving Time Help and Support Center.