DavidOverton.com
This site is my way to share my views and general business and IT information with you about Microsoft, IT solutions for ISVs, technologists and businesses, large and small.  
David Overton's Blog » All Tags » SBS 2003 R2 » Security (RSS)

Browse by Tags

  • Internet Explorer security vulnerability fix now available – think of it as an early Christmas present… now about Firefox’s 3 issues this week…

    I think everyone knows that an urgent security issue has arisen in IE this week and Microsoft has taken the (wise) decision to publish a fix outside the normal 2nd Tuesday release cycle. Some have said switch browser because of this issue, but not only can that be complex, but most browsers suffer security issues so once again the only real protection is to wrap in cotton wool and hide. Or, use the built in features of Vista and IE7/8 which means protected mode and NOT running as admin. You might ask why a Christmas present? Well, if this continued un-patched then your information is seriously at risk and that would make for a very bad Christmas if your credit card information was stolen!! Either way, if you have IE on your systems then you will need to update your systems urgently. Of course, my Hyper-V server (or Windows Core for that matter) don’t have IE, so no updates for them!!! Just for completeness, here is the information from the Technet newsletter Internet Explorer Security Update I wanted to...

  • Important Microsoft security update – update your machines now!

    DavidOverton.com rebooted today due to an emergency security update – an “out of band” release from the normal “patch Tuesday” process.  It is worth considering updating and reboot your computers and servers asap.   More information on this can be found at http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx .  Impacted systems below:   Operating System Maximum Security Impact Aggregate Severity Rating Bulletins Replaced by this Update Microsoft Windows 2000 Service Pack 4 Remote Code Execution Critical MS06-040 Windows XP Service Pack 2 Remote Code Execution Critical MS06-040 Windows XP Service Pack 3 Remote Code Execution Critical None Windows XP Professional x64 Edition Remote Code Execution Critical MS06-040 Windows XP Professional x64 Edition Service Pack 2 Remote Code Execution Critical None Windows Server 2003 Service Pack 1 Remote Code Execution Critical MS06-040 Windows Server 2003 Service Pack 2 Remote Code Execution Critical None Windows Server 2003 x64 Edition Remote...

  • How to get DNS and DHCP working on a Windows Server from behind the Windows Firewall

    I have a Windows Home Server at home and I decided I wanted it to be responsible for handing out DHCP and DNS addresses in the house. All very good, but when I set up the services none of it worked because of the built in Windows Firewall. While I could have just turned off the Firewall I decided to learn how to put the holes into the firewall to make it work with the firewall, thus maintaining better security. A quick search of the web showed me many settings, but it did not seem to cover the whole picture – then I came across the MS site Windows Firewall Settings which has things broken down into these four handy sections that shall for ever more be my guides to ports and firewalls in the Microsoft world. What is more, as you will see later, the tips in here as to how to get things working, getting over common hurdles is quite stunning too: Windows Firewall Settings: Optional Components Windows Firewall Settings: Remote Administration Tools Windows Firewall Settings: Server Roles Windows Firewall Settings: Services...

  • Windows Small Business Server 2003 at risk from critical flaw

    Hopefully everyone has seen this, but if not: Windows Small Business Server at risk from critical flaw Microsoft initially omitted Small Business Server from its list of critically affected OSes, but is now offering patches via its automatic update services In an update to its MS08-001 security bulletin, Microsoft said that the latest release of Windows Small Business Server was also critically at risk from a bug in Windows' networking software. The flaw is also considered critical for Windows XP and Vista users. Microsoft did not say why it had initially omitted Small Business Server from its list of critically affected operating systems, but it said that the product's users were being offered patches via Microsoft's various automatic update services. "Customers with Windows Small Business Server 2003 Service Pack 2 should apply the update to remain secure," Microsoft said in its updated bulletin. The bug lies in the way Windows processes networking traffic that uses IGMP (Internet Group...

  • From the Official SBS Blog - SBS now has a Best Practices Analyzer!

    You have seen the Exchange, SQL, Security and Windows best practice scanners, well now we have all that SBS expertise wrapped up into an SBS scanner - enjoy!! SBS now has a Best Practices Analyzer! The Microsoft Windows Small Business Server 2003 Best Practices Analyzer examines a server that is running Windows Small Business Server 2003 (Windows SBS) and presents a list of information and errors that administrators should review. The Windows SBS Best Practices Analyzer examines the server and collects configuration information from many sources including: Active Directory Windows Management Instrumentation (WMI) Registry Metabase After collecting information about server configuration, the Windows SBS Best Practices Analyzer verifies that the information is correct and then presents administrators with a list of issues sorted by severity. The list describes each issue and provides a recommendation or possible solution. System Requirements Supported Operating Systems: Windows Small Business Server 2003 (Any version...

  • WSUS on SBS and helping clients that think they are up to date, but WSUS does not

    I saw this posted internally and thought I would share. If you have clients that think they are up to date, but WSUS does not, have a look at this KB and also try these commands: 940357 An update is available to enable automatic approval of definition updates and to fix two problems in the Update Services component of Windows Small Business Server 2003 R2 - http://support.microsoft.com/default.aspx?scid=kb;EN-US;940357 and Wuauclt /detectnow /resetauthorization or wuauclt /reportnow from a cmd prompt on the client box (elevated if running on Vista) ttfn David Technorati Tags: SBS 2003 R2 , WSUS , Security

  • SharePoint User Group Meetings in UK (Newcastle and Reading) in September

    I got this e-mail today from the UK SharePoint User Group. They have two meetings coming up, one in Reading and one in Newcastle. Since SBS includes WSS and you can easily load WSS v3 onto it too, here are the details: Newcastle - 10th September MOSS MVP and general all round nice guy Spencer Harbar will be presenting an evening of goodness for all that attend. Arrive 6:30 for a 7pm start 1st Presentation: MOSS Server Farm Architecture & Design. This session introduces the fundamentals of MOSS Farm design including server roles, topology constraints and design goals which are paramount for delivery of a secure, available and scalable MOSS hosting platform. Each server roles’ unique characteristics will be covered with their associated trade-offs. In addition, three common models will be presented with a discussion of their strengths and weaknesses. 20 minute food and drinks break 2nd Presentatoin: Top 10 Tips for your SharePoint Development Environment. This session will present 10 essential tips, tricks,...

  • Vlad Mazek - "What is service management" and "how to avoid being hit by a truck when it is most inconvenient"

    I love Vlad's straight talking. If you get a chance read the whole of the blog entry Vlad Mazek - Vladville Blog » Blog Archive » Windows Server 2003 SP2 EEULA & CYA because as far as I am concerned he is preaching to the converted. I will stand by my view that Service Packs are tested as much as possible, but you need to do your own validation (see Who should test software and service packs - I think vendors,customers and partners - others thi ) to ensure that your application vendor is also happy to support their products on that service pack. If you only have MS products, check the release notes AND SUPPORT.MICROSOFT.COM as both may well have important information. I've extracted part of Vlads process to avoid a bloody head - read his post for more as people like Susan Bradley wishes she had :-) However, a part of me wonders just how heavy the rock was. You know, the one that he was under since Microsoft started releasing service packs. As painful as the above is to read, and as painful as this...

  • May security updates for Server DNS and Office 2003/2007 and IE7. Also Quicktime needs an update

    I did a quick scan and it seems that this month Office is the main target of updates, along with one critical one for Windows Server (for DNS RPC attack) and one for IE7. Worth a quick download and install :-) I also got this in the mail today: Apple QuickTime 7.x must be upgraded to 7.1.5 or higher. On the security updates: Microsoft is releasing the following new security bulletins for newly discovered vulnerabilities: Bulletin Number Maximum Severity Affected Products Impact MS07-023 Critical Microsoft Excel (all currently supported versions) Remote Code Execution MS07-024 Critical Microsoft Word 2000, 2002, 2003, 2004 (Mac) Remote Code Execution MS07-025 Critical Microsoft Office (all currently supported versions) Remote Code Execution MS07-026 Critical Microsoft Exchange (all current versions) Remote Code Execution MS07-027 Critical Internet Explorer - all current versions on all currently supported versions of Microsoft Windows Remote Code Execution MS07-028 Critical CAPICOM, BizTalk Server Remote Code Execution...

  • From the The Official SBS Blog : Installing a Self-Signed Certificate as a Trusted Root CA in Windows Vista

    I've talked about this before, but thought it was worth pointing people to this Installing a Self-Signed Certificate as a Trusted Root CA in Windows Vista [Today's post comes to us courtesy of Wayne McIntyre] In order for RPC over Http to work you must have a Trusted CA Root Certificate installed and configured. In a situation where you are using a self-signed cert you will need to install the certificate into the Trusted Root Certification Authorities store. 1. Connect to your OWA site by going to https://host.domainname.com/exchange FOR THE REST OF THE INSTRUCTIONS PLEASE FOLLOW THE LINK TO THE SOURCE BELOW Source: The Official SBS Blog : Installing a Self-Signed Certificate as a Trusted Root CA in Windows Vista ttfn David Technorati Tags: Vista , Certificate , SBS

  • Installing WSUS 3.0 on SBS White Paper Released, including when you already got WSUS on there, or need to upgrade

    I thought you should be aware of this WSUS 3.0 on SBS White Paper Released [Today's post comes to us courtesy of Chris Puckett] WSUS 3.0 has released. You can download it here . For information on installing WSUS 3.0 on your SBS 2003 SP1 or R2 server, check out the Installing WSUS 3.0 on SBS 2003 whitepaper. The issue blogged in February 2007 regarding Vista updates not synching in SBS 2003 R2 has been fixed in WSUS 3.0. If you experienced performance issues like high cpu usage by svchost, a UI hang and long scan times, the new new WUA client included with WSUS 3.0 addresses these issues in combination with the MSI update in KB 927891 . It’s important to note that the new client is only a partial solution for the svchost/msi issue and clients must have both KB 927891 and the new 3.0 client installed for a full solution. Source: The Official SBS Blog : WSUS 3.0 on SBS White Paper Released Having looked at the whitepaper it seems it covers the following areas: Install WSUS v3 on 2003 SBS SP1 and R2 (when to...

  • Got SBS Premium (or an ISA firewall) and Vista customers - you will need the updated ISA Server Firewall Client

    Just a quick note to say that if you have a SBS customer who has some PCs with Vista then you will need the updated ISA firewall client. You will need to go to this page - ISA Server Firewall Client Firewall Client for ISA Server Brief Description Firewall Client for ISA Server installs the Firewall Client software on 32-bit and 64-bit computers running supported Windows operating systems. It is also worth noting that the install script will look something like this \\Servername\shared folder\SETUP.EXE /Q /P "SERVER_NAME_OR_IP=Servername ENABLE_AUTO_DETECT=0 REFRESH_WEB_PROXY=1" Note this will almost certainly force a reboot due to the changes in the Winsock stack. ttfn David Technorati Tags: ISA , ISA Firewall client , SBS , SBS Premium

  • Symantec "Microsoft Listed as Most Secure OS"

    Wow, you have to wonder whether this hurt them to say this :-) Now I am a believer that any security vulnerability is bad and that the longer it is out there then the more likely it is to exploit it. If "people" only have one way to crack into your system, then they can still get in and the longer it is out there then the more likely it is that it will be used, however always nice to see that MS is trying hard and while not perfect, is doing better than other people who throw stones at MS. Of course, Windows also has more in it, so being better with more features in the box is even nicer and this is across all versions of Windows, not just the latest (Vista) for example. I think it shows that the IT industry has more work to do in this area - as Ed the Fed said - "this is a journey." Surprise, Microsoft Listed as Most Secure OS By Andy Patrizio UPDATED: Microsoft is frequently dinged for having insecure products, with security holes and vulnerabilities. But Symantec ( Quote ), no friend of Microsoft, said in its...

(c)David Overton 2006-23