Today Microsoft announced that its net patch Tuesday coming up next week (2/9/2010) will contain a record 13 security fixes. If history is any guide, I predict that there will be problems at the workstation and server level, so my suggestion to you, if you are a network administrator or tech support go-to man, brace for impact. In my experience, Microsoft’s security patches often break as many PCs and they cure, particularly when Microsoft release a large number of them without doing enough QA. I have seen servers not be able to connect to the network to workstations bluescreening right after an update, and everything in between. so if you’re a network admin, here’s what I suggest: modify the Windows Update behavior to download but not install the updates. You can easily do this through Group Policy without having to go to each and every workstation (Server should all be set up this way by default). Next, on Wednesday, update a couple of workstations manually and see if they come back up OK. If you are satisfied that the patches are safe, then go back to the Group Policy and change it back to auto install.
I suggest updating servers manually, while standing in front of it, not remotely, during down time. or slow network activity.
Posted in Uncategorized.
By admin
– 02/05/2010
Today, Microsoft released a patch (KB978207) to address the IE security hole discovered after the Google attacks of last week. Interestingly, if you notice the patch isn’t just for IE6, but also IE7 and IE8, as discussed in our previous post.
If you have automatic updates enabled (as you should) this patch will be downloaded and installed automatically, but if you can’t wait (for example if you have a Windows Server 2003 or 2008 with auto-updates disabled), you can go to the link below and download and install it yourself:
http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=a38aa9d0-c3fe-4d41-8805-7d5370263c1b
Posted in Microsoft, Security, Windows.
By admin
– 01/21/2010
Apparently the method used in compromising the Google emails last week (termed Aurora) was traced to an as yet unknown security hole in Internet Explorer. Microsoft claims that the security flaw is limited to Internet Explorer 6 and Windows XP only and very unlikely under Windows Vista or Windows 7, however experts, including McAfee disagree with Microsoft’s threat assessment.
http://www.mcafee.com/us/threat_center/aurora_enterprise.html
http://www.betanews.com/joewilcox/article/Should-you-dump-Internet-Explorer-NOW/1263750606
http://news.bbc.co.uk/2/hi/technology/8465038.stm
Even if you take Microsoft’s claim at face value, XP must be SP3 or later and Vista SP1, assuming the user didn’t disable Data Execution Prevention (DEP). Furthermore, DEP is not a panacea against memory buffer overflow attcks, as stated here:
http://www.microsoft.com/windows/internet-explorer/readiness/developers-existing.aspx
McAfee has so far explored only one of the attach vectors exploited in the Aurora attack. There may be, and likely are, more which we don’t know about, yet, and in fact those vectors may extend to Firefox, Opera and Chrome. We just don’t know yet.
Microsoft will likely come up with an out-of-band patch shortly. Until then, I am recommending using Firefox (all patched up, of course).
Experts, including the citation in my original message and McAfee disagree
with Microsoft's threat assessment.
http://www.mcafee.com/us/threat_center/aurora_enterprise.html
XP must be SP3 or later and Vista SP1, assuming the user didn't disable
Data Execution Precention (DEP). Furthermore, DEP is not a panacea against
memory buffer overflow attcks, as stated here:
http://www.microsoft.com/windows/internet-explorer/readiness/developers-existing.aspx
McAfee has so far explored only one of the attach vectors exploited in the
Aurora attack. There may be, and likely are, more which we don't know
about, yet, and in fact those vectors may extend to Firefox, Opera and
Chrome. We just don't know yet.
Microsoft will likely come up with an out-of-band patch shortly. Until
then, I am recommending using Friefox (all patched up, of course).
Posted in Microsoft, Security, Windows.
By admin
– 01/15/2010
Adobe has issued an advisory pointing out a new vulnerability in the Acrobat Reader 9.2 and earlier due to its Javascript feature. I short, a malicious website (or a link in an email pointing to a malciously crafted PDF file) could execute arbitrary code including installing malware/viruses/Trojans on a Windows XP and prior machine. Windows 7 and Vista as well as Mac and Linux operating systems will crash, but are otherwise not vulnerable. Adobe has not yet explained how they will address this problem other that to say they are investigating it.
Adobe’s Acrobat Reader has had a string of serious security vulnerabilities in the past year. Acrobat users are encouraged to update their software by going to the Adobe site and to disable the Javascript feature.
Posted in Uncategorized.
By admin
– 12/15/2009
Today, the popular bittorrent site mininova.org removed all torrents uploaded by its users and replaced its front page with a slim selection from content distributors.
On their blog, the operators cited for its reason the court ruling by the Dutch court in August of this year, which deemed the content hosted on the site in breach of copyright laws and therefore illegal. Facing heavy fines, mininova.org, which had become the most popular site for bittorrent users, decided to remove all content that could be considered a copyright violation.
Mininova.org was formed in 2005 by five Dutch students to take the place of supernova.org, which was also forced to take down their site as a result of a similar ruling
Posted in Uncategorized.
By admin
– 11/26/2009
Cisco Systems, EMC, and VMware announced Tuesday a joint venture to sell a new integrated data center product called V-Bloc. It will combine EMC’s storage equipment, Cisco’s virtualized servers and networking equipment, and VMware’s virtualization technology for helping clients build cloud computing infrastructures.
The partnership, made up of virtualization software vendor VMware, storage management vendor EMC (which owns 85% of VMWare) and Cisco, the world’s leading computer networking company, is made up of a Virtual Computing Environment coalition to develop new products and Acadia, a joint venture for training customers and partners on how to install and use the products.
The announcement is considered by the industry as a direct challenge to HP and IBM and Dell as the leading providers of storage and computing platforms for server virtualization and secondarily to Microsoft as the published to Hyper-V virtualization platform.
Posted in Industry News.
By admin
– 11/04/2009
On Tuesday afternoon (November 3rd, 2009) cell phone and data services from T-Mobile were interrupted in an outage that lasted up to 8 hours. Customers in Orange County were also affected and in checking with a few clients in Irvine, Santa Ana and Lake Forest who use T-Mobile’s wireless and broadband services confirmed that they were unreachable. Calls placed to those numbers resulted in either a fast busy tone or “Network Unavailable” recordings.
The outage affected customers in the US as well as worldwide and began (at least in Orange County) around 4:00PM. Service for some customers was restored as early as 5:00 PM and as late as 10:30 PM. Guardian Networks performed testing by calling cell phone numbers in the local area (Costa Mesa, Irvine, Santa Ana, Lake Forest and Newport Beach) and attempting to connect to clients using T-Mobile’s business broadband service and confirmed that those clients were unreachable.
T-Mobile confirmed the outage on their forum, but did not immediately explain the reason for the outage
Posted in Local Orange County.
By admin
– 11/04/2009
According to Microsoft’s latest Security Intelligence Report, released today, Windows Vista (Service pack 1) is 61.9 percent less likely to be infected by malware than Windows XP (Service Pack 3).
The biennial report covers the first half of 2009 and most of the current Microsoft operating system, but not Windows 7.
The report states that the Conficker worm continued to be the most prevalent mlware for the fist half of 2009, infecting more than 5,000,000 PCs. Conficker spreads either by exploiting vulnerable Microsoft Windows Servers, through infected USB or thumb drives or by brute-forcing weak passwords on PCs. (see Common Strategies for Securing your PC)
The data is collected from Windows Defender, the Malicious Software Removal Tool (MRT) and Security Essentials.
Posted in Uncategorized.
By admin
– 11/02/2009
Juniper Networks () announced its listing at the NYSE by ringing the ceremonial bell at the stock exchange floor and holding a conference in which Juniper CEO Kevin Johnson announced a range of new products and system, including Junos Space, a new software integration program which present an open platform through which third parties can develop applications to run under the company’s flagship, Junos network operating system. Also unveiled was Junos Pulse, which is an integrated software client, and the Trio chipset, which powers a new family of Juniper MX 3D routers.
With that, Juniper unveiled its strategy for opening and licensing its JUNOS operating system to developers and partners. It also rolled out a new generation of processors, called Trio, designed to massively scale the edge of the service provider network. It also introduced new MX-series Ethernet edge routers with “3D” scaling of bandwidth, subscribers and services.
In addition, Juniper disclosed Project Falcon, an initiative to develop products for the mobile packet core and subscriber management of 4G networks, as well as “universal edge” applications integrating wireline and wireless networks.
Lastly, Juniper provided an update on its Stratus cloud computing project that included three steps to cloud-enable a data center: simplify the environment through a unified fabric managed as a single switch; sharing resources through virtual partitioning and VPLS; and securing the environment with security policies based on the new JUNOS Space platform and enhancements to Juniper’s SRX Services Gateway.
Posted in Industry News, Juniper, Security.
By admin
– 10/29/2009
Less than a week after Microsoft’s record-size patch update, Firefox disabled one of the Microsoft’s updates due to security flaws.
the recent Microsoft patch, which included 13 patches addressing 34 separate vulnerabilities in the Windows operating system, included a patch for the .NET Framework as well as two plug-ins for the Firefox browser called “Microsoft .Net Framework Assistant” and “Windows Presentation Foundation”, which got installed silently if you had Automatic Updates turned on. After discovering the vulnerability in this plug in, today Mozilla, with the knowledge and consent of Microsoft, disabled this plug-in from Firefox. You might see this screen pop up the next time you open Firefox:
Notice that the plug in is still installed on your system. If you want to completely remove it, go here for a removal tool.
Posted in Microsoft, Security.
By admin
– 10/17/2009
