This post is to notify you that Microsoft released two out-of-band security bulletins on July 28, 2009.
One bulletin contains defence-in-depth changes to Internet Explorer to address attack vectors related to the Visual Studio bulletin, as well as fixes for unrelated vulnerabilities that are rated Critical.
The second bulletin is for the Microsoft Visual Studio product line; application developers should be aware of updates available affecting certain types of applications.
This security update was released outside of the usual monthly security bulletin release cycle in an effort to protect customers. Microsoft recommends customers prepare their systems and networks to apply this security bulletin immediately to help ensure that their computers are protected from attempted criminal attacks. For more information about security updates, visit http://www.microsoft.ie/protect.
NEW SECURITY BULLETIN SUMMARY
Bulletin ID: MS09-034
Bulletin Title: Cumulative Security Update for Internet Explorer (972260)
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: All supported versions of Internet Explorer on Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008
Bulletin ID: MS09-035
Bulletin Title: Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution (969706)
Maximum Severity Rating: Moderate
Affected Software: Microsoft Visual Studio .NET 2003, Visual Studio 2005, Visual Studio 2008, Visual C++ 2005, and Visual C++ 2008
The full version of the Microsoft Security Bulletin Notification can be found here: http://www.microsoft.com/technet/security/advisory/973882.mspx.
The purpose of this notification is to assist customers with resource planning for this security bulletin release. The information offered in this notification is purposely general in nature to provide enough information for customers to plan for deployment without disclosing vulnerability details or other information that could put them at risk. Anyone believed to have been affected can visit: http://www.microsoft.com/protect/support/default.mspx and should contact the Gardaí.
Microsoft continues to encourage customers to follow the “Protect Your Computer” guidance of enabling a firewall, applying all software updates, and installing anti-virus and anti-spyware software. Additional information can be found at: http://www.microsoft.com/ireland/protect/.
If you have any questions regarding this alert, please contact your local (Technical) Account Manager, or Ciara Murphy from the local Response Management Team – contactable via email@example.com and +353 1 7064014.
Windows 7 has now RTM’d, and the next big step for people like me in Microsoft is to get the product successfully deployed on Partners and Customers desktops. We have built an entire set of new tools to deploy these technologies in and automated fashion.
MDT 2010 is the next version of Microsoft Deployment Toolkit, a Solution Accelerator for operating system and application deployment. New features such as flexible driver management, optimized user interface workflow, and Windows PowerShell™ can simplify deployment and make your job easier. MDT 2010 will support deployment of Windows 7 and Windows Server 2008 R2 in addition to deployment of Windows Vista®, Windows Server 2008, Windows Server 2003, and Windows XP. Join the beta now!
Microsoft Deployment Toolkit is the recommended process and toolset for automating desktop and server deployment. MDT provides you with the following benefits:
· Unified tools and processes required for desktop and server deployment in a common deployment console and collection of guidance.
· Reduced deployment time and standardized desktop and server images, along with improved security and ongoing configuration management.
· Fully automated zero touch installation deployments by leveraging System Center Configuration Manager 2007 Service Pack 2 beta and Windows deployment tools. For those without a System Center Configuration Manager 2007 infrastructure, MDT leverages Windows deployment tools for lite touch installation deployments.
Microsoft Deployment Toolkit 2010 Beta 2 is a significant upgrade over MDT 2010 Beta 1. MDT 2010 Beta 2 adds the following new features and functionality:
Deployment Workbench Enhancements
Task Sequence and Script Enhancements
Configuration Manager Enhancements
Microsoft Deployment Toolkit (MDT) 2010 Beta 2 is now available!
Download the Microsoft Deployment Toolkit 2010 Beta 2 and give your feedback (Live ID login and registration required). If already a member, click here.
Learn more about this toolkit by visiting MDT TechNet site
After a lot of speculation and hype all over the blogosphere, Windows 7 and Windows Server 2008 officially was RTM’d today! We have spent a great deal of time and money as a company over the last number of months promoting these 2 products. This has included here in Ireland where we have twice toured around the country showcasing Windows 7 and Windows Server 2008 R2 and the better together message these products bring. Now all of the hype over and the job of selling and deploying these solutions.
“Of course, today’s release is also the result of the amazing amount of feedback we received from the millions of people who tested Windows 7 – from Beta to RC. We actually had over 10 million people opt-in to the Customer Experience Improvement Program (CEIP). That’s a lot of people opting in to help us make Windows 7 a solid release. Through CEIP, our engineers were guided by customer feedback all the way to RTM. We also have had a great group of beta testers who have dedicated a great deal of their time to testing Windows 7 too. A special thank you goes out to all the people who helped test Windows 7.”
For more detailed information on the RTM process and information from the product teams see the Window 7 Team Blog and Windows Server 2008 R2 Team Blog.
As I blogged yesterday, there is a very specific set of release dates for Windows 7 and Windows Server 2008 R2 from early August through to October 22nd and the official release of the consumer version.
For Business Customers:
If you are a Volume License (VL) customer with an existing Software Assurance (SA) license you will be able to download Windows 7 RTM in English starting August 7th via the Volume License Service Center (VLSC). The rest of the languages for Windows 7 RTM should be available within a couple of weeks after that.
For IT Professionals:
There are a few ways you can get Windows 7 RTM. IT Professionals with TechNet Subscriptions will be able to download Windows 7 RTM in English on August 6th and remaining languages by October 1st.
IT Professionals at companies with Volume Licensing see above on how you can get Windows 7 RTM.
We have quite a bit of resources for IT Professionals to use to become experts on Windows 7 and to aid in their deployments. Those resources can be found at the Springboard Series.
There is so much fun ahead of us!!!!!!!
I have been testing Morro for a little while on my home netbook and my wife’s tablet with great success. I previously had OneCare running on these home computers so I thought I would continue with Microsoft’s consumer AV solution. Are you a consumer interested in a no-cost anti-malware/anti-virus product that provides real-time protection to address the ongoing security needs of a Windows PC?
Enter “Microsoft Security Essentials”.
WHAT IS MICROSOFT SECURITY ESSENTIALS? Microsoft Security Essentials is essentially our free anti-virus product for consumers based on the same #1 detection engine built into Microsoft’s Enterprise/Corporate anti-malware security & protection software, “Forefront for Clients & Servers”.
Today, few do a better job of protecting desktops & servers from new virus, worm, and trojan threats than Microsoft’s Anti-Malware engine. This is why “Microsoft Forefront Security for Clients” was ranked in the top 3 anti-virus products specifically for undiscovered or ‘zero-day’ threats, recently outperforming common names such as Symantec, Computer Associates, McAfee, TrendMicro, Kaspersky, and other smaller names like AVG and Panda.
HOW DO I GET IT? Microsoft Security Essentials is available to the first 75,000 visitors at http://www.microsoft.com/security_essentials. It will be accessible to beta testers in English in the US and Israel as well as Brazilian Portuguese testers. Support for Simplified Chinese in China is scheduled to follow in 30 days.
Microsoft Security Essentials is scheduled to release in the second half of 2010 in 19 geographies.
DIFFERENCES BETWEEN FOREFRONT CLIENT SECURITY & MICROSOFT SECURITY ESSENTIALS
Forefront Client Security
Microsoft Security Essentials
Email & Phone, including Premier Support
Community & email support only
Windows 7 & Windows Server 2008 R2 Support
Group Policy Controls
Centralized Management & Reporting
Integrated Host Firewall Management
Security State Assessments & Remediation
Network Access Protection Integration
External Device Control
Automatic Endpoint Discovery
There is some exciting new emerging from Microsoft around SharePoint 2010 that I wanted to share with you. We have reached the Technical Preview, an engineering milestone, and are excited to publically share some features and resources.
Microsoft.com has posted a set of “sneak-peek” features and videos http://sharepoint.microsoft.com/2010/Sneak_Peek/Pages/default.aspx. You can now look through
· SharePoint Server 2010 Sneak Peek FAQ
· SharePoint Server 2010 Sneak Peek Overview
· SharePoint Server 2010 Sneak Peek Overview Video
· SharePoint Server 2010 Sneak Peek IT Pro Video
· SharePoint Server 2010 Sneak Peek Developer Video
· SharePoint Server 2010 Sneak Peek Get Ready
Microsoft SharePoint 2010 will enter Beta in 2009 and is targeted for general availability in the first half of 2010. We will announce our Public Beta availability later this year and will have more information to share on how customers can participate.
The best way to get started with SharePoint 2010 is to get a great SharePoint 2007 deployment today. Use your software assurance benefits such as SharePoint Deployment Planning Services to help get deployed on SharePoint 2007. Run the Upgrade Checker in SharePoint 2007 Service Pack 2 to scan your SharePoint 2007 systems to see how ready your system is for upgrade to SharePoint 2010. For a comprehensive list of readiness resources and the right steps to take today, check out the SharePoint 2010 Get Ready section.
Additionally, I strongly encourage you to attend the SharePoint Conference in Las Vegas in October if you live and work with SharePoint as a developer or an Administrator. This will be the key event for the SharePoint Server 2010 release. More information is available at http://www.mssharepointconference.com.
There is a very detailed posting on the Windows Team Blog from Brandon LeBlanc on when different organizations and individuals will be able to get Windows 7. For most of you this is an important statement from with in that statement:
For Business Customers:
Volume License customers without a SA license will be able to purchase Windows 7 through Volume Licensing on September 1st as we announced last week at WPC09. Mark these dates on your calendar and start making your deployment plans!
For more detailed information, including information for ISV’s and home users, check the Blog Posting
It is getting closer!
I have an exchange server running with no SPAM solution on it to track the effects of SPAM and publically available email addresses. While sorting through the emails in one of the accounts I came across endless numbers of message like the one at the end of this message purporting to be from Microsoft asking you to apply an update.
How many people fall for these emails you might ask? Well the answer will shock you when I save 10’s of thousands! The funny thing is that even with a good SPAM solution in pace some of these messages will get through but Outlook itself will allow users to make an educated choice on selecting the hyperlink. Simply hovering over the link first will show if the URL is what they are saying it is, this will give you the information needed before selecting.
Simply but effective!
Microsoft has released an update for Microsoft Outlook / Outlook Express. This update is critical and provides you with the latest version of the Microsoft Outlook / Outlook Express and offers the highest levels of stability and security.
You may have heard me talk of the EBS Network Analyzer tools, the EBS tools are used as part of our server and network health checks on the source SBS 2003 or Windows Server environment that will be eventually be migrated to EBS 2008. I have said in the past at SBS/EBS events that this is a great tool for every administrator’s tool kit as it would give a detailed report of the health of AD, DNS, DHCP, etc, regardless if you were upgrading or not. Apparently someone was listening, as the tool has been rebranded The Microsoft IT Environment Health Scanner.
The Microsoft IT Environment Health Scanner is designed for administrators who want to assess the overall health of their Active Directory and network infrastructure. The tool identifies common problems that can prevent your network environment from functioning properly.
The Microsoft IT Environment Health Scanner is a diagnostic tool that is designed for administrators of small or medium-sized networks (recommended up to 20 servers and up to 500 client computers) who want to assess the overall health of their network infrastructure. The tool identifies common problems that can prevent your network environment from functioning properly as well as problems that can interfere with infrastructure upgrades, deployments, and migration.
When run from a computer with the proper network access, the tool takes a few minutes to scan your IT environment, perform more than 100 separate checks, and collect and analyze information about the following:
If a problem is found, the tool describes the problem, indicates the severity, and links you to guidance at the Microsoft Web site (such as a Knowledge Base article) to help you resolve the problem. You can save or print a report for later review. The tool does not change anything on your computer or your network.
The Windows Virtualization Team Blog posted an overview of SCONFIG, a new tool for the implementation and management of Server Core. If you have attended any of the TechNet tour events I have spoken at, you will remember that I have talked of Server Core with Hyper-V and the free Hyper-V Server as options for SMB and Enterprise customers to virtualize with. Here is overview of the current and R2 methods as outlined by the Windows Virtualization team.
Windows Server 2008 R1: Core Deployment
In Windows Server 2008, we introduced the ability to deploy Windows Server in a core deployment. Server Core is a minimal server installation option which provides a low-maintenance server environment with limited functionality. Just to be clear, Server Core isn't a SKU. You don't buy "Server Core" it's simply a deployment option presented during Windows Server Setup. For example, here's a screen shot during Windows Server Setup, notice that there are options for Full Installations and Server Core Installations.
The benefits are smaller attack surface, a reduction in patches and reduction of server reboots. If you compare the number of reboots between running a server running Windows Server 2008 core deployment versus Windows Server 2008 a full installation, there's a substantial reduction in the number of reboots which, in turn, helps reduce management costs.
While customers like the idea of core installations, the fact that a server core deployment is a command-line interface (CLI) only (no GUI, no Start Menu, etc) with a very differently deployment mechanism introduces a challenging learning curve for those considering core deployments. For those of you who've never seen a Windows Server 2008 server core deployment it looks like this:
As you can see, there's no Start Menu. It's all command-line all the time. For enterprise customers, this isn't a big deal because very often they deploy Windows Server in an automated fashion. However, for small and mid-sized customers a command-line only interface can make some of the most rudimentary tasks a challenge. For example, here are the commands to rename your computer and then join a domain via a Windows Server 2008 core deployment.
Not the easiest thing to remember. We knew we could do better.
While Windows Server 2008 R1 was in development, a few of us were quietly working on the Hyper-V Server 2008 standalone SKU which also uses a CLI. We spent time working on improving the server configuration experience with an easy to use CLI called HVCONFIG. Within hours of our first private releases of Hyper-V Server 2008 to testers, we received email asking/begging/pleading/cajoling/offering bribes for a similar tool for Windows Server as well.
Happy to oblige.
Introducing SCONFIG for Windows Server 2008 R2 Core Deployments
We are pleased to announce that in Windows Server 2008 R2, there's an easy to use CLI, SCONFIG. SCONFIG dramatically eases server configuration for Windows Server 2008 R2 core deployments. With SCONFIG, you can easily set your system up, get it on the network so you can easily manage the server remotely.
Simple and fast.
With SCONFIG you can easily have a Windows Server 2008 R2 Server Core deployment setup in minutes. I should also mention that SCONFIG is also localized in almost 20 languages.
All you have to do is type sconfig at the command line.
Great! Now What?
Remember, the goal with a server core deployment is to get the server on the network so you can manage it remotely. With SCONFIG this is a snap. Now from another system you can enable roles, run PowerShell scripts, manage it using System Center, manage it using Server Manager from another server running Windows Server 2008 R2, or manage it using the free Remote System Administration Tools (RSAT) for Windows 7.
The Service Level Dashboard Management Pack 2.0 for System Center Operations Manager 2007 R2 was delivered late last week by the Microsoft Solution Accelerators team, and is available for you to download today from the System Center Catalog.
Assisting you in tracking, managing, and reporting on your line-of-business (LOB) application service levels, the Service Level Dashboard displays a list of applications and their performance and availability against service level goals.
Download the SLD 2.0 here: http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=1d9d709f-9628-46a8-952b-a78f5dd2bdd9
About the Service Level Dashboard Management Pack 2.0
Using the information collected by Operations Manager 2007 R2, and leveraging the service level objectives that you can set against IT services and their components, this graphical dashboard presents detailed information through Microsoft SharePoint that helps customers:
To read more about this Solution Accelerator online at TechNet click here, or read more at the Operations Manager team blog. Also watch the TechNet EDGE video blog that presents the dashboard as part of the overview on Operations Manager 2007 R2.