Tech News

Out-of-band Microsoft Update (KB981793)

admin — Tue, 25 May 2010 14:37:27 +0000

This is not a critical update, but apparently Microsoft thought it was important enough to release it before scheduled monthly release due out in two weeks. It updates the computer clock to the revised daylight savings time in certain countries (not US) and affects all current versions of Windows including:

Windows 7
Windows 7 x64
Windows Server 2008 R2 x64
Windows Server 2008 IA-R2
Windows Server 2008 IA-64
Windows Server 2008
Windows Vista
Windows Vista x64
Windows Server 2008 x64
Windows Server 2003
Windows Server 2003 IA-64
Windows Server 2003 x64
Windows XP x64
Windows XP

More info is available here: http://support.microsoft.com/kb/981793

Note that if you are running Microsoft Exchange Server in your environment, you need to take additional measures to make sure correct time zone changes for Outlook and Exchange calendar users: http://support.microsoft.com/kb/941018/

Internet Outage for SoCal DSLExtreme customers

admin — Fri, 30 Apr 2010 00:43:34 +0000

Today, DSLExtreme apparently suffered a “core router” breakdown which left most if not all Southern California (both business and residential) customer including those is Orange County without internet access for about 3 hours. The problem started about 1:30 PDT, but DSL Extreme NOC engineers were able to get the system back online by about 4:30 PM.

Although DSLExtreme uses cables and switches and the backbone provided by first tier providers like AT&T, then also have their own network through which internet traffic gets directed.

Out-Of-Band IE Security Update (KB980182)

admin — Tue, 30 Mar 2010 16:05:15 +0000

Today, Microsoft released an out-of-band security update (KB980182) and related security bulletin (MS10-018) for all version of IE including IE8. The vulnerability affect virtually all version of Windows desktop and server platforms including 32-bit 64-bit and Itanium editions and can result in code execution by visiting a malicious or compromised website. This patch is marked as critical and Microsoft recommends that users install the fix immediately. (Also see Microsoft Security Advisory 981374 for more info)

Status: Critical
Version Affected:

Windows Internet Explorer 8, when used with:
- Windows Server 2008 for Itanium-Based Systems
- Windows Server 2008 Datacenter
- Windows Server 2008 Enterprise
- Windows Server 2008 Standard
- Windows Web Server 2008
- Windows Server 2008 R2 Datacenter
- Windows Server 2008 R2 Enterprise
- Windows Server 2008 R2 Standard
- Windows Web Server 2008 R2
- Windows 7 Enterprise
- Windows 7 Home Basic
- Windows 7 Home Premium
- Windows 7 Professional
- Windows 7 Ultimate
- Windows Vista Business
- Windows Vista Enterprise
- Windows Vista Home Basic
- Windows Vista Home Premium
- Windows Vista Ultimate
- Windows Vista Enterprise 64-bit Edition
- Windows Vista Home Basic 64-bit Edition
- Windows Vista Home Premium 64-bit Edition
- Windows Vista Ultimate 64-bit Edition
- Windows Vista Business 64-bit Edition
- Microsoft Windows XP Professional
- Microsoft Windows XP Home Edition
- Microsoft Windows XP Professional x64 Edition
- Microsoft Windows Server 2003, Datacenter x64 Edition
- Microsoft Windows Server 2003, Enterprise x64 Edition
- Microsoft Windows Server 2003, Standard x64 Edition
- Microsoft Windows Server 2003, Web Edition
- Microsoft Windows Server 2003, Standard Edition (32-bit x86)
- Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
- Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
- Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
- Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
Windows Internet Explorer 7, when used with:
- Windows Server 2008 for Itanium-Based Systems
- Windows Server 2008 Datacenter
- Windows Server 2008 Enterprise
- Windows Server 2008 Standard
- Windows Web Server 2008
- Windows Vista Business
- Windows Vista Enterprise
- Windows Vista Home Basic
- Windows Vista Home Premium
- Windows Vista Ultimate
- Windows Vista Enterprise 64-bit Edition
- Windows Vista Home Basic 64-bit Edition
- Windows Vista Home Premium 64-bit Edition
- Windows Vista Ultimate 64-bit Edition
- Windows Vista Business 64-bit Edition
- Microsoft Windows XP Professional
- Microsoft Windows XP Home Edition
- Microsoft Windows XP Professional x64 Edition
- Microsoft Windows Server 2003, Datacenter x64 Edition
- Microsoft Windows Server 2003, Enterprise x64 Edition
- Microsoft Windows Server 2003, Standard x64 Edition
- Microsoft Windows Server 2003, Web Edition
- Microsoft Windows Server 2003, Standard Edition (32-bit x86)
- Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
- Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
- Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
- Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
Microsoft Internet Explorer 6.0, when used with:
- Microsoft Windows XP Professional
- Microsoft Windows XP Home Edition
- Microsoft Windows XP Professional x64 Edition
- Microsoft Windows Server 2003, Datacenter x64 Edition
- Microsoft Windows Server 2003, Enterprise x64 Edition
- Microsoft Windows Server 2003, Standard x64 Edition
- Microsoft Windows Server 2003, Web Edition
- Microsoft Windows Server 2003, Standard Edition (32-bit x86)
- Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
- Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
- Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
- Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
Microsoft Internet Explorer 6.0 SP1, when used with:
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional Edition
- Microsoft Windows 2000 Server
Microsoft Internet Explorer 5.01 Service Pack 4, when used with:
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional Edition
- Microsoft Windows 2000 Server

Another Big “Patch Tuesday” Coming Up

admin — Fri, 05 Feb 2010 21:01:43 +0000

Today Microsoft announced that its net patch Tuesday coming up next week (2/9/2010) will contain a record 13 security fixes. If history is any guide, I predict that there will be problems at the workstation and server level, so my suggestion to you, if you are a network administrator or tech support go-to man, brace for impact. In my experience, Microsoft’s security patches often break as many PCs and they cure, particularly when Microsoft release a large number of them without doing enough QA. I have seen servers not be able to connect to the network to workstations bluescreening right after an update, and everything in between. so if you’re a network admin, here’s what I suggest: modify the Windows Update behavior to download but not install the updates. You can easily do this through Group Policy without having to go to each and every workstation (Server should all be set up this way by default). Next, on Wednesday, update a couple of workstations manually and see if they come back up OK. If you are satisfied that the patches are safe, then go back to the Group Policy and change it back to auto install.

I suggest updating servers manually, while standing in front of it, not remotely, during down time. or slow network activity.

Microsoft Releases IE Patch for Aurora Vulnerability

admin — Fri, 22 Jan 2010 04:52:28 +0000

Today, Microsoft released a patch (KB978207) to address the IE security hole discovered after the Google attacks of last week. Interestingly, if you notice the patch isn’t just for IE6, but also IE7 and IE8, as discussed in our previous post.

If you have automatic updates enabled (as you should) this patch will be downloaded and installed automatically, but if you can’t wait (for example if you have a Windows Server 2003 or 2008 with auto-updates disabled), you can go to the link below and download and install it yourself:

http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=a38aa9d0-c3fe-4d41-8805-7d5370263c1b

Behind the Google attacks

admin — Sat, 16 Jan 2010 04:42:57 +0000

Apparently the method used in compromising the Google emails last week (termed Aurora) was traced to an as yet unknown security hole in Internet Explorer. Microsoft claims that the security flaw is limited to Internet Explorer 6 and Windows XP only and very unlikely under Windows Vista or Windows 7, however experts, including McAfee disagree with Microsoft’s threat assessment.

http://www.mcafee.com/us/threat_center/aurora_enterprise.html

http://www.betanews.com/joewilcox/article/Should-you-dump-Internet-Explorer-NOW/1263750606

http://news.bbc.co.uk/2/hi/technology/8465038.stm

Even if you take Microsoft’s claim at face value, XP must be SP3 or later and Vista SP1, assuming the user didn’t disable Data Execution Prevention (DEP). Furthermore, DEP is not a panacea against memory buffer overflow attcks, as stated here:

http://www.microsoft.com/windows/internet-explorer/readiness/developers-existing.aspx

McAfee has so far explored only one of the attach vectors exploited in the Aurora attack. There may be, and likely are, more which we don’t know about, yet, and in fact those vectors may extend to Firefox, Opera and Chrome. We just don’t know yet.

Microsoft will likely come up with an out-of-band patch shortly. Until then, I am recommending using Firefox (all patched up, of course).

Experts, including the citation in my original message and McAfee disagree
with Microsoft's threat assessment.

http://www.mcafee.com/us/threat_center/aurora_enterprise.html

XP must be SP3 or later and Vista SP1, assuming the user didn't disable
Data Execution Precention (DEP). Furthermore, DEP is not a panacea against
memory buffer overflow attcks, as stated here:

http://www.microsoft.com/windows/internet-explorer/readiness/developers-existing.aspx

McAfee has so far explored only one of the attach vectors exploited in the
Aurora attack.  There may be, and likely are, more which we don't know
about, yet, and in fact those vectors may extend to Firefox, Opera and
Chrome.  We just don't know yet.

Microsoft will likely come up with an out-of-band patch shortly.  Until
then, I am recommending using Friefox (all patched up, of course).

New Acrobat Reader Exploit Revealed

admin — Wed, 16 Dec 2009 06:12:47 +0000

Adobe has issued an advisory pointing out a new vulnerability in the Acrobat Reader 9.2 and earlier due to its Javascript feature. I short, a malicious website (or a link in an email pointing to a malciously crafted PDF file) could execute arbitrary code including installing malware/viruses/Trojans on a Windows XP and prior machine. Windows 7 and Vista as well as Mac and Linux operating systems will crash, but are otherwise not vulnerable. Adobe has not yet explained how they will address this problem other that to say they are investigating it.

Adobe’s Acrobat Reader has had a string of serious security vulnerabilities in the past year. Acrobat users are encouraged to update their software by going to the Adobe site and to disable the Javascript feature.

Popular Bittorrent Site Goes Dark

admin — Fri, 27 Nov 2009 01:38:41 +0000

Today, the popular bittorrent site mininova.org removed all torrents uploaded by its users and replaced its front page with a slim selection from content distributors.

On their blog, the operators cited for its reason the court ruling by the Dutch court in August of this year, which deemed the content hosted on the site in breach of copyright laws and therefore illegal. Facing heavy fines, mininova.org, which had become the most popular site for bittorrent users, decided to remove all content that could be considered a copyright violation.

Mininova.org was formed in 2005 by five Dutch students to take the place of supernova.org, which was also forced to take down their site as a result of a similar ruling

Cisco, EMC and VMware Form Alliance to Serve Data Centers

admin — Wed, 04 Nov 2009 17:46:09 +0000

Cisco Systems, EMC, and VMware announced Tuesday a joint venture to sell a new integrated data center product called V-Bloc. It will combine EMC’s storage equipment, Cisco’s virtualized servers and networking equipment, and VMware’s virtualization technology for helping clients build cloud computing infrastructures.

The partnership, made up of virtualization software vendor VMware, storage management vendor EMC (which owns 85% of VMWare) and Cisco, the world’s leading computer networking company, is made up of a Virtual Computing Environment coalition to develop new products and Acadia, a joint venture for training customers and partners on how to install and use the products.

The announcement is considered by the industry as a direct challenge to HP and IBM and Dell as the leading providers of storage and computing platforms for server virtualization and secondarily to Microsoft as the published to Hyper-V virtualization platform.

T-Mobile Outage Hits Southern California

admin — Wed, 04 Nov 2009 16:17:02 +0000

On Tuesday afternoon (November 3rd, 2009) cell phone and data services from T-Mobile were interrupted in an outage that lasted up to 8 hours. Customers in Orange County were also affected and in checking with a few clients in Irvine, Santa Ana and Lake Forest who use T-Mobile’s wireless and broadband services confirmed that they were unreachable. Calls placed to those numbers resulted in either a fast busy tone or “Network Unavailable” recordings.

The outage affected customers in the US as well as worldwide and began (at least in Orange County) around 4:00PM. Service for some customers was restored as early as 5:00 PM and as late as 10:30 PM. Guardian Networks performed testing by calling cell phone numbers in the local area (Costa Mesa, Irvine, Santa Ana, Lake Forest and Newport Beach) and attempting to connect to clients using T-Mobile’s business broadband service and confirmed that those clients were unreachable.

T-Mobile confirmed the outage on their forum, but did not immediately explain the reason for the outage