Revelations of a Confused Mind : Forefront Server Security

Get Help with Your Pilot from Microsoft - IT Pro Momentum!

shawnt — Tue, 04 Nov 2008 04:08:25 GMT

Need some help to test/pilot the latest Microsoft infrastructure technologies list here?

Windows Server 2008
SQL Server 2008
IIS7
Forefront Edge (ISA)
Forefront Client & Server
Virtual Server 2005 R2 SP1 or Windows Server Virtualization
Windows Vista
MOSS 2007
System Center
Windows PowerShell
Network Access Protection

What is the Momentum Program?

Momentum is a Microsoft program focused on supporting “early adopters” – IT professionals who bet on the newest technologies to drive business value for their companies and advance their career.

Is IT Pro Momentum right for you?

Interested in learning more about the newest Microsoft technologies?
Need help to evaluate different Microsoft products and features?
Willing to test and pilot in production Microsoft beta products?
Would like to have access to exclusive forums and Microsoft product support?
Want to share your early adoption experience with the IT Pro community world-wide?

Through the Momentum Portal, participants will have access a number of benefits including:

In-Depth Technical Content
Managed Forums
TechNet+ Direct Subscription
Help from me
PSS Support Requests

What's in it for you?

Exposure and Career Opportunities
By sharing early adoption successes, IT Pro's receive community recognition and increase their opportunities for networking and career growth.
Your Voice is Heard
Through Momentum, IT Pros establish a direct, two-way communication channel with Microsoft which allows you to provide feedback and influence the future of our products and services.
Reduce Risk of Failure
Momentum benefits such as free TechNet subscription and PSS support requests reduce the risk and complexity of deploying new technologies.
Competitive Advantage – Be the First to Use & Know

Program participants have access to the latest information and cutting-edge technologies developed by Microsoft.

Does this sound interesting to you? Then click here to get in touch with me.

Now’s the time for you to get involved!

New "Wormable" Exploit Discovered Affecting Windows OS's...

shawnt — Thu, 23 Oct 2008 21:51:50 GMT

There was a new critical vulnerability announced today that could lead to remote code execution against Windows Operating Systems. (Specifically, Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.) And, unless you are running Windows Vista or Windows Server 2008*, this exploit even works for non-authenticated users - remotely!

In short, this means that this exploit could be turned into a new Internet Worm. In fact, consistent exploit code has already been discovered in limited, targeted attacks, which is precisely why this update is a "zero day" update. It needs to be patched now, folks. Don't delay. Again, the vulnerability can be exploited consistently, remotely, and without authentication. These three factors are not good in combination.

Needless to say, this kind of exploit is potentially very damaging, and the wise administrators among us will reduce their exposure immediately - either by applying the update, or, if updating is not an option due to a lengthy testing and deployment process, then by disabling the computer and server browser services temporarily. Check out this bulletin for more details on how to perform these actions.

For more information and to download the update (Select your OS version): http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx

To get the Update directly from Microsoft Update (US Site): http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us

* If you are running Windows Vista or Windows Server 2008, the update severity is mitigated by the likelihood that the exploit will only work for authenticated users, even with UAC turned off. Plus, improvements like ASLR (Address Space Layout Randomization) further reduce the ease of exploit. It's nice to see the security investment we made in Windows Vista and Windows Server 2008 paying off in situations like this.

FSSMC to RTM on October 10th

shawnt — Thu, 13 Sep 2007 09:55:00 GMT

The Forefront Server Security Management Console (FSSMC) is set to release to manufacturing on October 10th! It will be available solely through Micorosoft's volume licensing program around that time. FSSMC stands to be a very solid and necessary addition to the Forefront suite of products.

For those of you who aren't familiar with the FSSMC, essentially it provides for central configuration, deployment, and updating for all Forefront server security products. It enables IT administrators to manage servers remotely, generate comprehensive reports, and receive outbreak alerts. You might think of it as being very similar to the server-side functionality in FCS (Forefront for Client Security), if you are familar with that functionality.

For those of you who are running or planning to run any combination of Forefront Security for Exchange Server, Forefront Security for SharePoint, Antigen for Exchange, Antigen for SMTP Gateways, or Antigen Spam Manager, you'll want to take a close look at the FSSMC. As an FYI, Forefront Server Security Management Console does not support Sybari Antigen 8.0 or earlier products.

If you are interested in learning more about the features included in the FSSMC, check out: http://www.microsoft.com/forefront/serversecurity/mgmt/features.mspx.

Also, I highly recommend you check out the webcast being put on by Kelli Cook, a security product manager and resident expert on the FSSMC. The webcast will be delivered on October 19, 2007 at 11:30am Pacific Time. For more information and to register, check out: http://msevents.microsoft.com/cui/WebCastEventDetails.aspx?EventID=1032352491&EventCategory=4&culture=en-US&CountryCode=US