Browse by Tags

I think everyone knows that an urgent security issue has arisen in IE this week and Microsoft has taken the (wise) decision to publish a fix outside the normal 2nd Tuesday release cycle. Some have said switch browser because of this issue, but not only can that be complex, but most browsers suffer security issues so once again the only real protection is to wrap in cotton wool and hide. Or, use the built in features of Vista and IE7/8 which means protected mode and NOT running as admin. You might ask why a Christmas present? Well, if this continued un-patched then your information is seriously at risk and that would make for a very bad Christmas if your credit card information was stolen!! Either way, if you have IE on your systems then you will need to update your systems urgently. Of course, my Hyper-V server (or Windows Core for that matter) don’t have IE, so no updates for them!!! Just for completeness, here is the information from the Technet newsletter Internet Explorer Security Update I wanted to...

I have a Windows Home Server at home and I decided I wanted it to be responsible for handing out DHCP and DNS addresses in the house. All very good, but when I set up the services none of it worked because of the built in Windows Firewall. While I could have just turned off the Firewall I decided to learn how to put the holes into the firewall to make it work with the firewall, thus maintaining better security. A quick search of the web showed me many settings, but it did not seem to cover the whole picture – then I came across the MS site Windows Firewall Settings which has things broken down into these four handy sections that shall for ever more be my guides to ports and firewalls in the Microsoft world. What is more, as you will see later, the tips in here as to how to get things working, getting over common hurdles is quite stunning too: Windows Firewall Settings: Optional Components Windows Firewall Settings: Remote Administration Tools Windows Firewall Settings: Server Roles Windows Firewall Settings: Services...

I saw these and they just made me laugh while sharing a few things about WS2008 vs 2003. Unlike some "new and improved" washing powders, Windows Server 2003 is a good product, but some key areas have been improved to meet people's new and different needs, such as more security, sharing of information, web based applications, minimal systems and virtualisation. The blog entry (which was obviously written before RC1 appeared, but posted afterwards) can be found at Windows Server Division WebLog : About Lone Server . If you want some fun, skip the soapbox video and look at the long video from the blog / link below. About The Lone Server Once I was almost famous. For years, my friends and I were on the front lines: we were the Windows Server 2003 servers that powered Microsoft.com, one of the hottest Web sites in the world. Then, early last summer, everything changed. Quietly, without warning, the new kids took over. Windows Server 2008. Yes, I know, the product’s not even done yet. These were Beta 3...

Security is always a big subject area. Over the last two months Technet have published the following items that will help understanding and delivery of secure systems base do Microsoft technology. Windows Vista TechNet Magazine: Inside Windows Vista User Account Control Mark Russinovich explains that User Account Control (UAC) is one of the most misunderstood new features in Windows Vista. But its goal -- to enable users to run with standard user rights -- can solve many security issues. Get an inside look at the problems UAC addresses and see exactly how this new feature works. http://go.microsoft.com/?linkid=6803653 Network Security Internet Protocol Security Enforcement in the Network Access Protection Platform This white paper describes the Network Access Protection (NAP) platform, how IPsec protects traffic, and how IPsec Enforcement in NAP provides system health policy enforcement for IPsec-secured communication. http://www.microsoft.com/downloads/details.aspx?FamilyID=144cc69f-790f-4f52-8846-3f3b8584d7cd&DisplayLang...

I did a quick scan and it seems that this month Office is the main target of updates, along with one critical one for Windows Server (for DNS RPC attack) and one for IE7. Worth a quick download and install :-) I also got this in the mail today: Apple QuickTime 7.x must be upgraded to 7.1.5 or higher. On the security updates: Microsoft is releasing the following new security bulletins for newly discovered vulnerabilities: Bulletin Number Maximum Severity Affected Products Impact MS07-023 Critical Microsoft Excel (all currently supported versions) Remote Code Execution MS07-024 Critical Microsoft Word 2000, 2002, 2003, 2004 (Mac) Remote Code Execution MS07-025 Critical Microsoft Office (all currently supported versions) Remote Code Execution MS07-026 Critical Microsoft Exchange (all current versions) Remote Code Execution MS07-027 Critical Internet Explorer - all current versions on all currently supported versions of Microsoft Windows Remote Code Execution MS07-028 Critical CAPICOM, BizTalk Server Remote Code Execution...

I am sure you have seen these already, but if not, these are great tools to help when you quickly need a machine to test something on, or spend longer learning about a product. I know you can get the disks in the action pack, but then you have to load it up on a PC or VPC - this saves you all the trouble. Windows Server 2003 R2 Windows Server 2003 R2 helps to simplify branch server management, can improve identity and access management, helps to reduce storage management costs, provides a rich Web platform, and offers cost-effective server virtualization. In this VHD, you'll have the opportunity to road-test new and improved features and functionality of Windows Server 2003, including management and usability enhancements to Active Directory. Exchange Server 2007 Learn how to take advantage of key features of Exchange Server 2007. This VHD provides an exploration of Active Directory and the new features in Exchange Server 2007, new features in Outlook Web Access 2007, enforcing compliance and retention policies...

I still fear Susan and what she would do if I ever made a serious security blunder. Luckily for me, I haven't yet. I also love the way she tells you the way it should be and makes it easy. I went through the process of evaluating my patches and then installing those I thought were needed (I do have some Office components on my test server, but I am hoping she will let me off for that). I was thinking on how to write this up when I say Susan's entry The risk evaluation of patching and saw she put it exactly how I would have done. What is my message - use her process and your customers will be as safe as can be expected. In fact, I applied the IMF patch immediately, which resulted in Exchange being offline for a few minutes, which when using Outlook 2003 or 2007 is no biggie at all. ttfn David

This one was a bit of a surprise to me, but my Dad, who is an IT Consultant phoned me up to explain that when he range business critical support for a customer down situation he was told that his registration had lapsed. He then had to go through a process to re-register before his call could be processed - and this all took valuable time. I put this down to my Dad's unique way of finding problems with systems, however the very next day I got a mail from another partner who hit exactly the same thing, so think of this as a warning, go give yourself the ability to call MS Support without them charging you when your customers are "down". To get more information and registration information (it is not a long process honest), go to Register for free- Business Critical Telephone Support for registration and http://www.microsoft.com/uk/partner/tech_support/b... for information. Once you are set up, you MUST note your Support ID - this is the magic that will make it work when you need it. ttfn David