|
|
| |
| |
Sorted by Date / Sorted by Topic
| | If you're a big fan of Mark Russinovich's SysInternals tools, I have good news for you. Microsoft has released new versions of the Process Monitor and Process Explorer.
Yeah, they're geeky. But they're cool. | |
| | Steve Sinofsky and Jon De Vaan have started a blog about the next version of Windows, code-named Windows 7.
Far as I can tell, they haven't let any cats out of any bags as yet, but I'll keep an eye on their postings to see if anything substantive comes out.
As a side note... it's great to see two experienced Office guys in charge of Windows. Perhaps the dog will get back to wagging the tail. | |
| | Microsoft has just released SyncToy version 2.0.
I talk about SyncToy a lot in Windows Home Server For Dummies. Ends up that it's the ideal way to sync TV shows between the Media Center machine that records them and your Windows Home Server.
SyncToy, a free PowerToy for Microsoft Windows, is an easy to use, highly customizable program that helps users to do the heavy lifting involved with the copying, moving, and synchronization of different directories. Most common operations can be performed with just a few clicks of the mouse, and additional customization is available without additional complexity. SyncToy can manage multiple sets of folders at the same time; it can combine files from two folders in one case, and mimic renames and deletes in another case. Unlike other applications, SyncToy actually keeps track of renames to files and will make sure those changes get carried over to the synchronized folder.
If you have similar or duplicated files scattered all over Hell's Half Acre, SyncToy can be a lifesaver. It's a great program. | |
| | For those of you who have been trying to install Windows Search (formerly Windows Desktop Search) on your Windows XP machines, this just in from the MS Update team blog:
Windows Search 4.0 has been available on WU [Windows Update, and Microsoft Update] for a few weeks now, and we've been getting some questions about installation failures and error code 0x643. We've done some investigation and found out that the installation failure in this case may actually be caused by the computer configuration, which in most cases can be easily changed to allow for successful installation and functionality of Windows Search 4.0.
In this case, when WS4.0 runs under Windows Server 2003 or Windows XP, it requires Terminal Services to be running. By default, Terminal Services are set to start automatically in Windows XP and Windows Server 2003; however, system administrator or third-party software may have chosen to disable them. In order to enable installation and subsequent functionality of Windows Search 4.0 on your machine, you need to have Terminal Services running first.
If you can't get Windows Search to install and you get an error code 0x643, hit the blog for details on cranking up Terminal Services.
Personally, I use Google Desktop Search, the pioneer in the field, but it's a toss-up as to which one is better. | |
| |  If you have an HP Media Smart Server, the Windows Home Server Power Pack 1 (which includes numerous patches) may present some, uh, special challenges.
With WHS PP1 due to be "pushed" starting today, those of you who have and HP Media Smart Server with Automatic Updates turned on should rush over to Terry Walsh's We Got Served site and get the inside story on the update.
Good reading. Excellent advice. | |
| |  Microsoft just released the details about this month's bumper crop of Security Bulletins.
MS08-041 fixes the 0day hole in the Access snapshot viewer, when used by Internet Explorer, that I talked about more than a month ago. If you avoid using Internet Explorer, you don't need to install this patch immediately.
MS08-042 plugs the 0day hole in Word 2002 (the version in Office XP) Service Pack 3, Word 2003 Service Pack 2, and Word 2003 Service Pack 3. I talked about it more than a month ago.
The threat arrives in a .doc file with a jiggered Smart Tag. The easiest workaround? Use the Word Viewer to open documents of unknown pedigree.
Unfortunately, if you have Word 2002 SP3, Word 2003 SP 2 or Word 2003 SP3 (click on Word's Help, About to find out), and you open documents with Word that could be bad, and you don't want to use the Word Viewer, you need to apply the MS08-042 / KB 955048 patch and pray that it doesn't screw up anything. Unfortunately, with exploits out in the wild, you don't have much choice.
MS08-043 patches four separate security holes in Excel, but there aren't any known exploits out yet. Every modern version of Excel is vulnerable, including the Excel Viewer and the Office Compatibility Pack (which lets you open Excel 2007 files in Excel 2003 and earlier). There's a technical discussion on the Security Vulnerability blog.
MS08-044 patches five separate security holes related to file conversion in Office 2000, Office XP, Office 2003, the Office File Converter Pack, and MS Works 8. (The Office File Converter Pack allows you to open older WordPerfect, CDR, CGM, EPS, and other old format files in Office 2003 and earlier). No known exploits.
MS08-045 yet another massive patch for Internet Explorer. You use Firefox, so you don't need to worry. Yet.
MS08-046 patches a hole in the Windows Image Color Management System, in Windows 2000, XP and Server 2003. No known exploits.
MS08-047 yet another IPsec patch. Only applies to Vista and Server 2008. No known exploits.
MS08-048 patches Outlook Express (and its near-identical twin, Windows Mail) in Windows 2000, XP, and Vista. You're only vulnerable to the security hole if you use Internet Explorer. You use Firefox, so... do I hear an echo in here?
MS08-049 is a yawner that fixes two holes in the Event Scheduler, both for XP and Vista. No known exploits. Not particularly insidious.
MS08-050 only applies to the original Windows Messenger, the program that ships in Windows XP. It doesn't apply to Windows Live Messenger, which is a completely different product. The hole arises because of the way Windows Messenger uses (here's that echo again) Internet Explorer. If you avoid Windows Messenger like the plague, you don't need to worry about it.
MS08-051 every dog has his day, and this Bulletin fixes three separate holes in the way PowerPoint opens files. (I'm not sure why this one's separate from MS08-044, but nevermind.) Every modern version of PowerPoint is affected, as is the PowerPoint viewer and the Office Compatibility Pack (see MS08-044). No known exploits as yet, but I'll be keeping an eye on this one.
All in all, it's a horrendous month for patches. If you use Word 2003 or earlier to open documents of unknown origin, you need to apply MS08-042 / KB 955048. Otherwise, you're safe for the moment, if you use Firefox and the Word Viewer. Expect to hear loud cries from many corners of the earth - we're going to see bugs galore with this crop of patches.
I'm sticking to MS-DEFCON 2, unless you need to use Word 2003 or earlier to open unknown documents. Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it.
| |
| |  No doubt you've heard that the broadcast of the Olympics opening ceremony was faked, with the folks inside the stadium being treated to a big-screen version of fireworks unreality.
Did you also know that the infamous Blue Screen of Death appeared during the ceremony? Gizmodo has an interesting shot.
I guess it's just another example of photo charlatanism, along the lines of the National Geographic view of the pyramids, but it still gives me the willies. | |
| |  I love the Black Hat conferences. They always generate thrilling headlines that have little or nothing to do with the presentations.
Case in point: the "Vista security rendered useless" headlines that have been screaming across the trade press.
Ed Bott has posted a well-researched article pointing out the considerable discrepancies between the headlines and the presentation made during the conference.
Here's what Mark Dowd (IBM) and Alexander Sotirov (VMware) actually said:
Over the past several years, Microsoft has implemented a number of memory protection mechanisms with the goal of preventing the reliable exploitation of common software vulnerabilities on the Windows platform. Protection mechanisms such as GS, SafeSEH, DEP and ASLR complicate the exploitation of many memory corruption vulnerabilities and at first sight present an insurmountable obstacle for exploit developers.
In this paper we will discuss the limitations of all aforementioned protection mechanisms and will describe the cases in which they fail. We aim to show that the protection mechanisms in Windows Vista are particularly ineffective for preventing the exploitation of memory corruption vulnerabilities in browsers. This will be demonstrated with a variety of exploitation techniques that can be used to bypass the protections and achieve reliable remote code execution in many different circumstances.
Dowd and Sotirov's presentation goes on to demonstrate precisely what they promised.
Jim Allchin spoke highly of ASLR before he left Microsoft. It's a good technology. Although it didn't originate with Microsoft, ASLR has made it considerably more difficult for the bad guys to break into your Vista PC. Down and Sotirov's discoveries don't negate the good points of ASLR. But they do point the way to getting around it.
Anyway, if you're convinced that Vista's security features have gone to Hades in a Handbasket, read Ed's article before you start believing all those screaming headlines. | |
| |  Microsoft has just posted an updated version of the March MS08-015 patch, specifically for Outlook 2002 (the version of Outlook in Office XP).
The new downloadable is dated August 8.
I have no idea why MS has re-posted the file. The original Security Bulletin hasn't been changed since June. Knowledge Base article 949031, which describes the MS08-015 patch in general hasn't been changed. Nor has KB 946985, which is specific to Outlook 2002.
Whuzzup? I dunno.... | |
| | Microsoft's usual monthly advance notification says that the company is planning on releasing a full dozen security bulletins next Tuesday.
A quick glance shows that we're in for "Critical" patches for all the usual suspects - Windows, Internet Explorer, and Media Player, plus one for Office as a whole, plus one apiece for Excel, Access and PowerPoint.
The "Important" patches (which rarely are) cover Windows twice, Outlook Express - er - Winidows Mail, Windows Messenger (maybe MSN Mess... - uh - Windows Live Messenger?), and Word.
If you haven't yet followed my earlier advice, apply all outstanding Microsoft patches except Windows XP Service Pack 3 and the KB 952709 patch for Vista. Follow the instructions in any of my books to disable automatic updating, or click Start | Control Panel | Security Center (in Vista, Security) and take it from there.
I'm moving us back up to MS-DEFCON 2: Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it.
| |
| |  News has been awfully slow lately - NVidia is getting out of the chipset business; Microsoft released a white paper on modifying Vista with absolutely no new tips; Gates is now talking about "Creative Capitalism," leaving one to wonder about the opposite. Seems that everybody in the computer biz goes on vacation in late July and early August, or hunkers down and stays out of the limelight.
I'm headed out for a few days, too. Going north to help a friend in one of the Akkha hilltribe villages outside of Chiang Rai. Should be interesting.
In the interim, make sure you know about the problems, then get yourself patched. I'm close to giving the go-ahead on Windows XP Service Pack 3, but the Vista KB 952709 patch still looks like a loose cannon. For now, I still recommend that you avoid both.
See ya on the flipside... | |
| |  According to the official Google blog, Google has just counted one trillion unique pages on the Web.
We don't index every one of those trillion pages -- many of them are similar to each other, or represent auto-generated content... that isn't very useful to searchers... and the number of individual web pages out there is growing by several billion pages per day.
I can just hear Carl Sagan, "billions and billions and... trillions."
| |
| |  "Microsoft Announces Reorganization of Windows and Online Services Business" reads the headline on Microsoft's Press Release.
If you wade through the back slapping and good-ol-boy gladhanding, this re-org may actually mean something. Kevin Johnson is out - which isn't much of a surprise to anybody. (Looks like he's joining Juniper Networks, and almost everyone believes he was asked to leave.)
In his place, the newly christened "Windows/Windows Live unit" triumvirate of Steve Sinofsky, Jon DeVaan and Bill Veghte will report directly to SteveB, as will an as-yet-unnamed head of the "Online Services Business unit."
It's an odd situation, with no single person being officially designated head of "Windows/Windows Live". Presumably one of the three will become de-facto head of Windows Live, another the head of Windows Dead, and the third... oh, nevermind.
I've watched both Sinofsky and DeVaan for many years. I don't like Sinofsky, don't like the way he does business. He's been shipping products too fast and too buggy for nearly a decade, racking up big sales numbers but all-too-frequently leaving his customers in the lurch. DeVaan, on the other hand, is like a breath of fresh air. He's the antithesis of the stereotypical Microsoft exec. If you met him in the grocery store, you'd like the guy. Really.
Unlike most Microsoft re-orgs, this one may make a real difference. Let the games begin anew. | |
| | You may have read about the probably-accidental leak of details of Dan Kaminski's DSN server crack. Dan was going to talk about the details at his Black Hat presentation, but the cat's outta the bag.
It looks like there's real, live exploit code out and about. Bad news for people who run Domain Name Servers.
Windows users haven't been zapped yet, but it's likely that somebody will figure out a way to crack the security hole that's plugged by MS08-037.
So it is with some fear and trepidation that I'm recommending you go ahead and install this month's security patches. The big problems seem to have been corrected. In this case, I think the cure is marginally better than the disease.
I'm moving us to MS-DEFCON 3: Patch reliability is unclear, but widespread attacks make patching prudent. Go ahead and patch, but watch out for potential problems.
Do NOT apply Windows XP Service Pack 3 yet. It hasn't yet proven itself. Do NOT install the KB 952709 patch for Vista. But go ahead with the rest of the Microsoft patches. | |
| | Check out College Humor for the funniest font film ever...
Thanks, Steve! | |
|
|
|
| |
|
|
|
