Top 10 Overlooked Windows Server 2008 Features

Windows Server 2008 is on its way. With the first release candidate in the pipeline, it shouldn’t be long before release to manufacturing and general availability.

With such a long development time (it’s the first new Windows Server OS since 2003,) the showstopping new features have been well publicized: Most IT pros are familiar with at least some of the details of Server Core, PowerShell and Windows Server Virtualization (codenamed Viridian). But Windows 2008 includes a lot more than those headliners.

To that end, we’re presenting the Top 10 overlooked features of Windows 2008. We spoke with Ward Ralston, senior technical product manager for Windows Server, to help us build our list. These items haven’t garnered the same kind of press attention, hype and word-of-mouth as the others, but they’re nonetheless important – maybe very important – to your network.

Full article here.

Seven Patches Coming From Microsoft

Microsoft expects to release seven security patches with four “Critical” and three “Important” bulletins as part of its upcoming Patch Tuesday release.

The critical patches affect Windows Server Service Packs for 2000 and 2003 versions as well as Internet Explorer, versions 5 through 7 and Outlook Express for Windows 2000, 2003 and Windows XP.

The common thread of the four “critical” patches is their remote code execution (RCE) implications, a risk consideration that has been pretty consistent over the last few patch release announcements. Microsoft suggests using Baseline Security Analyzer to flesh out any potential bugs or problems.

Meanwhile, the three “important” issues are more varied in nature, with two bulletins affecting almost all Windows OS and server versions, including multiple service pack releases of Windows 2000 and 2003, XP and Vista. A third patch is related to Windows SharePoint Services.

The first important bulletin, given its breadth in affecting every Windows OS program, bears watching. That bulletin pertains to the prospect of denial of service attacks, which are attempts to make IT resources unavailable, locking users out of programs and applications.

The second important item deals with spoofs, also known in techie world as “masquerade ball” attacks, where a hacker as a user or malicious program passes his/itself off as another user/program using erroneous data and gaining unwarranted Read and/or Write access. This would affect all OSes except XP and Vista.

The last important patch affects all versions of SharePoint services and remedies concerns over potential elevation of privilege attacks, where malicious users can change profile settings, usurp access configurations and gain greater entry into the system than intended.

Of the total seven bulletins, three will require restarts.

As it does most months, Redmond will also release another update to the Microsoft Windows Malicious Software Removal tool and has plans to release three non-security, high-priority updates on Microsoft Update and Windows Server Update Services and one non-security, high-priority update for Windows on Windows Update.

Although things can still change, Thursday’s advance notification points to a pretty busy Tuesday.

Microsoft updates Vista to block counterfeit copies

Software giant Microsoft has issued an update for the Vista operating system as they aim to block counterfeit copies of Vista from working properly.

The company said in a statement on this update: “In the event illegal workarounds or other counterfeit Windows Vista code are posted to the Internet or become available through other means, Microsoft will take appropriate action to protect users from the risks of using counterfeit copies and to protect its intellectual property.”

This update was released through Windows Update and it detects the frankenbuild counterfeit, and then demands a valid activation key.

Alex Kochis of the Windows Genuine Advantage team added in a blog post: “Windows Vista will use the new Windows Update client to require only the ‘frankenbuild’ systems to go through a genuine validation check. These systems will fail that check because we have blocked the RC keys for systems not authorized to use them. In other words, the wrong key is being used. The systems will then be flagged as non-genuine systems and the experience will be what we announced back in October, including losing certain functionality, and the system will have 30 days to activate with a good product key.”

Microsoft patches zero-day Windows Media flaw

Microsoft on Tuesday in the US released seven security updates with patches for 11 security vulnerabilities, most of which affect the Windows operating system.

The software maker originally planned to release only six security bulletins as part of its monthly patch cycle. However, it added a seventh to deliver a fix for two flaws that affect the Windows Media Format, including one zero-day bug, a company representative said in a statement.

Microsoft also provided a patch for a zero-day vulnerability that affects Visual Studio 2005 developer tools. This security hole was disclosed last month and, contrary to the Windows Media issue, has already been used in cyberattacks, the company said.

However, there were no fixes Tuesday for a pair of known flaws in Microsoft Word that are also being exploited in malicious software.

“While we see Microsoft making an attempt to patch zero-day vulnerabilities, they are still struggling to keep up with the continuous influx of zero-day attacks,” said Amol Sarwate, a research manager at vulnerability management company Qualys. “Microsoft is making a genuine effort. However, users are still exposed to attacks via the unpatched Word vulnerabilities.”

Particulars of patches The Windows Media issues are addressed in bulletin MS06-078, one of three “critical” security updates published by Microsoft on this “Patch Tuesday.” The other high-risk vulnerabilities lie in Internet Explorer and in Visual Studio 2005.

Somebody could exploit the Windows Media flaws by tricking a user into opening a rigged media file or stream, Microsoft said. “An attacker who successfully exploited this vulnerability could take complete control of an affected system,” it said.

Four vulnerabilities in Internet Explorer expose Windows PCs to a similar risk. Somebody could exploit the holes in the Web browser creating a malicious Web site, Microsoft said. None of the IE flaws had been previously disclosed, it said.

Deemed less serious by Microsoft are problems that affect the Windows Simple Network Management Protocol service, the Windows Client-Server Run-time Subsystem and the Windows Remote Installation Services, the company said. These were all rated “important” — one notch less serious than Microsoft’s highest rating of “critical.”

A vulnerability in the Outlook Express mail client was also tagged as “important”.

Though Microsoft rates the SNMP flaw “important”, it should still be considered very serious for business users, said Gunter Ollmann, director of IBM Internet Security Systems’ X-Force unit.

“Although SNMP is not a default service, it is the de facto standard for monitoring critical business assets,” Ollmann said in an e-mailed statement. “Because SNMP uses user datagram protocol, which doesn’t require a handshake, internal attackers can spoof an identity and gain complete control of the network.”

Microsoft offers a summary of its patches on its Web site. The fixes will be delivered via Automatic Updates in Windows and are available on Microsoft’s Web site.

More on zero-day threats security:

• Define server roles, counterattack zero-day threats
• Harden your network services and contain zero-day threats
• Eliminate zero-day threats with virtual server technology

Three of the Top Ten Malware Threats Run on Microsoft Vista

Sophos, a world leader in IT security, has revealed the most prevalent malware threats and hoaxes causing problems for computer users around the world during November 2006.

The figures, compiled from Sophos’s global network of monitoring stations, show that the W32/Stratio-Zip worm has overtaken W32/Netsky-P as the most widely circulated piece of malware, accounting for one third of the total number of reports.

Sophos experts note that on the launch date of Microsoft’s Windows Vista operating system, three of the top ten – including Stratio-Zip – are capable of bypassing the operating system’s security defences and infecting users’ PCs. The Vista-resistant malware – W32/Stratio-Zip, W32/Netsky-P and W32/MyDoom-O – comprise 39.7% of all malware currently circulating.

Read the full article here.

Microsoft to Roll Out New Version of Wga

Interesting article. Saved it just to track when they’ll update WGA again 🙂

Microsoft Corp. on Tuesday released a revamped version of its Windows Genuine Advantage tool that it hopes will reduce complaints arising from paid-up users of Windows XP caught in the dragnet of the controversial anti-piracy program.

The main change in WGA Notifications is a new category of results for PCs with Windows installations of questionable validity.

 Source Blog

Security enhancements in Windows Vista

This new white paper from Microsoft describes in detail the enhancements that have been made to the security in Windows Vista.

Each key area of security is highlighted and further links to in depth technical information on each topic are included.

Click here to read this white paper now!

No Shutdown Switch for Office 2007

Microsoft Corp. has no plans to add a controversial Windows Vista antipiracy feature directly to its Office 2007 suite, but will consider offering it as an add-on system, the company said Tuesday. In an e-mail through its public relations firm, Microsoft said although it has not built its Software Protection Platform (SPP) into Office 2007, it is considering adding it to its Office Genuine Advantage (OGA) Program.

Read the original article here.

Firefox Password Manager bug in Firefox 2.0

The Mozilla Foundation, which maintains code for the Firefox browser, has acknowledged that there is a problem with the Firefox Password Manager and has named it bug #360493. Microsoft has also admitted that the newly discovered password bug can affect Internet Explorer as well, but most reports indicate that Firefox is the more likely target because of the way it stores usernames and passwords.

Mozilla’s Firefox 2.0 has long been considered a safer Web browser than Microsoft’s Internet Explorer, but a new flaw in the Firefox Password Manager, which lets users store usernames and passwords for trusted Web sites, could let hackers steal their login data.

The problem, known as a reverse cross-site request, or RCSR, was first discovered by Robert Chapin, a Microsoft Certified Systems Engineer (MCSE) and I.T, consultant. The RCSR appears on blogs, message boards, or group forums that let users add comments with embedded HTML code.

On sites that allow users to enter code, a hacker can embed a form that tricks the user’s browser into sending its username and password information to the hacker’s computer. Because the form is embedded on a trusted Web site, the browser’s built-in antiphishing protection, which is designed to alert users to fraudulent Web sites, does not detect the problem.

Even worse, hackers can make the deceptive form invisible, meaning users can transmit their private data without even knowing it.

Bug #360493

The Mozilla Foundation, which maintains code for the Firefox browser, has acknowledged the problem and named it bug #360493. Microsoft has also admitted that RCSR attacks can affect Internet Explorer, but most reports indicate that Firefox is the more likely target because of the way it stores usernames and passwords.

Neither Mozilla nor Microsoft has released a patch for the problem, but users can avoid RCSR attacks simply by disabling their browsers’ autosave features for usernames and passwords. In Firefox, the feature is found in the “Options” window under the “Tools” menu.

Mozilla has indicated that it plans a fix in Firefox version 2.0.0.1 or 2.0.0.2.

Battle of the Titans

Most experts agree that Firefox is by and large the safer of the two major Web browsers, largely because Microsoft, on account of its size, draws more attention from hackers.

Indeed, the last two years have seen monthly and sometimes weekly reports of new bugs in Internet Explorer, letting hackers do everything from hijack a user’s computer to corrupt its private data.

But Microsoft released a new version of IE — version 7.0 — in October, and Mozilla quickly followed suit with version 2.0 of Firefox. Both versions boast enhanced security Relevant Products/Services, including antiphishing features that check Web sites against an online database of known frauds. And Internet Exporer 7 also offers much-requested improvements to the interface, such as tabbed browsing.

Microsoft says not to use pirated Vista

In a statement of the bleeding obvious given Microsoft’s foray into the world of Windows Genuine Activation, making the act of pirating Windows XP or Vista almost pointless, Microsoft has advised customers wanting Vista not to use a pirated copy but to wait for the real thing.

While nothing will ever stop the pirates from getting whatever content they want and making it available for download from the Internet, including Microsoft’s latest Windows Vista, Microsoft has come out with a statement telling users they’re flattered by all the attention, but that pirated copies of Vista aren’t worth it and won’t last very long even if you can install it.

“Microsoft is happy that customers are eager to begin using Windows Vista; however, the copies available for download are not final code and users should avoid unauthorized copies which could be incomplete or tampered”.

They continue by saying that “This unauthorized download relies on the use of pre-RTM activation keys that will be blocked using Microsoft’s Software Protection Platform. Consequently, these downloads will be of limited value.”

Now, some pirates would readily argue that they do indeed have the final code and are using it with some kind of crack to get around Microsoft’s protections, we can hardly be surprised that Microsoft is saying that the copies floating on the Internet aren’t the real deal.

The possibility of other malware, keyloggers or another net nasties waiting to pounce on you in an act of almost instant karma is real, and along with all the checks Microsoft do on a regular basis, it’s just not worth it if you’re a regular everyday computer user.

This is also going to continue the war between the pirates and hackers trying to break Microsoft’s protections, with Microsoft no doubt analyzing all of the latest discoveries as they are posted onto the Internet, basically so they’d be able to block the new Vista activation work-arounds very quickly.

Anyone that’s ever needing to re-install an operating system, then load their other software and transfer all of their data, knows that it’s a right royal pain the backside to have to go through this procedure time after time.

So… it will definitely be fun to watch the war unfold, but in the meantime, don’t risk any production computers – the one or ones you use to earn money and perform your important work with until you can get your hands on the final code.

Until then, it’s timely to remember that bad pirates often ended up walking the plank!