October 2008 - Posts
Two weeks ago McAfee released their 5th issue of the McAfee Security Journal, formerly known as "Sage". In this issue it's about social engineering techniques. You can download your copy here.
Related links:
Yesterday, at the Microsoft PDC 2008, Ray Ozzie announced in his keynote a new operating environment: Windows Azure, Microsoft’s “Windows in the cloud”. A new service based operating environment.
At the Windows Azure website it’s described as follows:
The Azure™ Services Platform (Azure) is an internet-scale cloud services platform hosted in Microsoft data centers, which provides an operating system and a set of developer services that can be used individually or together.
Azure reduces the need for up-front technology purchases, and it enables developers to quickly and easily create applications running in the cloud by using their existing skills with the Microsoft Visual Studio development environment and the Microsoft .NET Framework. In addition to managed code languages supported by .NET, Azure will support more programming languages and development environments in the near future.
Got your attention? Check it out at: Windows Azure! For event videos and keynote clips go to Presspass.
Last night, European time, Microsoft released an out-of-band security update. This update resolves a vulnerability in the Server service. The vulnerability could allow remote code execution if an affected system received a specially crafted RPC request.
For more information check the Microsoft Security Bulletin MS08-067. See also Microsoft Security Response Center (MSRC) post: Additional Microsoft Security Bulletin Webcasts and Information Available for MS08-067. For an in-dept technical version check the Microsoft Security Vulnerability Research & Defense blog: More detail about MS08-067, the out-of-band netapi32.dll security update.
In the meantime, move your mouse to the Microsoft Update web site and start patching your system. Me, myself and I have installed it on Windows XP Pro machines and Server 2003 machines without any problem.
Lots of updates this week! Yesterday Microsoft released 4 "critical", 6 "important" and 1 "moderate" updates. Needless to say that if you haven't updated yet then move your mouse over to Microsoft Update web site and start downloading and update your system. Here's the list:
Critical:
- MS08-060 - Vulnerability in Active Directory Could Allow Remote Code Execution (957280)
- MS08-058 - Cumulative Security Update for Internet Explorer (956390)
- MS08-059 - Vulnerability in Host Integration Server RPC Service Could Allow Remote Code Execution (956695)
- MS08-057 - Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (956416)
Important:
- MS08-066 - Vulnerability in the Microsoft Ancillary Function Driver Could Allow Elevation of Privilege (956803)
- MS08-061 - Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (954211)
- MS08-062 - Vulnerability in Windows Internet Printing Service Could Allow Remote Code Execution (953155)
- MS08-063 - Vulnerability in SMB Could Allow Remote Code Execution (957095)
- MS08-064 - Vulnerability in Virtual Address Descriptor Manipulation Could Allow Elevation of Privilege (956841)
- MS08-065 - Vulnerability in Message Queuing Could Allow Remote Code Execution (951071)
Moderate:
- MS08-056 - Vulnerability in Microsoft Office Could Allow Information Disclosure (957699)
All this and of course the update of the Windows Malicious Software Removal Tool. A more technical version of the Security Bulletin can be found at TechNet and an end-user version is available at Microsoft's Security At Home site.
You can obtain the security updates offered this month on Windows Update, from Download Center on Security and Critical Releases ISO CD Image files. For more information, see Microsoft Knowledge Base Article 913086.
Support:
See also MSRC blog: October 2008 Monthly Bulletin Release and for a more technical version, the Security Vulnerability Research & Defense blog.
So far installed on 5 XP Pro SP3 machines without any problems.
Stay on the safe side and have a great day!
The word is out. Mike Nash announced that the next version of Windows will be called: "Windows 7". The lucky ones who are attending the PDC will hear more details about this new version.
See Mike Nash announcement at: Windows Vista Blog.
If your boss is not convinced yet that you really need to attend the Microsoft PDC (Professional Developers Conference), then try to persuade your boss with this Letter To Your Boss and maybe he/she let you go... ;)
Thanks to Steve Lamb's blog...
Okay, I'm here in Holland. So, we don't really have a "national cyber security awareness month". But still... wherever you are, there should always be cyber security awareness and not only this month. There are always some basic steps to take like keep that firewall running, keep the Windows software updated and run only updated antivirus and spyware software.
For information about this year's events, visit the NCSA (National Cyber Security Alliance) Web site at http://www.staysafeonline.info.
Related link: Microsoft's Security at Home.
Good news: the Windows Live OneCare Team was blogging again and the news is that there's a version of OneCare for server, and in this case especially for Small Business Server 2008, available. Check the OneCare for server web site.
More info at the Windows Live OneCare Team blog article here.
The last week of September is usually a bit weird the last couple if years. Actually for the last 5 years... ;) There's a lot of pacing, sleepless nights and the highlight is always the night of September 30th. Then I hope to receive an email that I'm re-awarded again as Microsoft MVP. You leave the computer running and hope to hear that an email has arrived with the good news... but not this year...
This year, thank goodness my wife Kim was, and still is, visiting family across the pond, the email arrived a bit late... to be exact it was 3:55PM on October 1st. But who cares! It came with the good news! Re-awarded for another year! And yes, I'm as happy as the first time I got it!
This year we couldn't make it to the MVP Summit in Seattle, but next year it will be in March. And Kim and I are definitely going to be there. And hopefully we'll meet some other MVP's from the McAfee Support Forums too. It's time to have a hamburger again with Harry even though he likes to eat them with beets... ;(
See you all in March!
We all know what software is, we have heard of "spyware", we have heard of "malware". But ever heard of "scareware"? Well, I didn't until I saw this article "Fighting the scourge of scareware" at the BBC News web site. You know... sometimes you get those pop-ups saying: "you're system is corrupt... buy our software...", while your computer is perfectly okay and the problem doesn't even exists. It's just a trick to get you to buy their products, their software.
The good new is that Microsoft, together with the Washington State's Attorney General, is doing something about it. They already filed a lawsuit against a company in Texas which tries to trick you to get you their Registry Cleaner XP software.
Together with this, according to the news article, Microsoft also filed five other lawsuits for programs like "Scan & Repair", "Antivirus 2009", "MalwareCore", "WinDefender", "XPDefender" and "WinSpywareProtect".
Another step in the right direction to keep your computer safe and healthy. For the news article check the BBC web site.