You might have seen several reports that MS09-008 does not protect you from the vulnerabilities. We reviewed these claims and customers who have deployed MS09-008 are protected from the four vulnerabilities.

If you want to have the details, you should consult our Security Research & Defense Blog, where we posted MS09-008: DNS and WINS Server Security Update in More Detail as the problem is somewhat more complex than just “yes/no”

Roger

I was recently caught in a tricky problem: The clock of one of my host servers ran out of sync.. – significantly. The core problem was that my Mediacenter (which is domain integrated) started to record about 6-8 minutes too late but this is not the reason why I post.

The actual reason was that I tried to resolve this: My DCs are virtualized – one on a Hyper-V server and one on a Virtual Server. As both have the corresponding add-ins installed, by default the guest synchronizes the time with the host. If the host clock is now not accurate anymore, this is transferred to the guest (which is a DC and which then synchronizes this across the whole infrastructure). As this happens slowly, I did not realize this until my Mediacenter did not capture the whole news anymore…

Now I checked the time server settings of my DC and it synchronizes its clock with time.windows.com and NTP is open for the DC – therefore the synchronization is successful, resets the clock to the right time and then the Hyper-V Integration Services kick in and set the clock back to the time of the host (which is wrong) and the wrong time is again synchronized across the network . (I hope this was now confusing enough)

What I did now – and what I would suggest that you do that (at least with the knowledge I have today) – is disabling the time synchronization between host and guest at least for DCs as they update their time from the time server as described above. Since then, my time is correct again.

Roger

P.S. As you know – I am Swiss. And one of the worst thing which could happen to a Swiss is an incorrect watch

I would love to know… You probably saw a lot of blog posts recently about “Conficker to strike back on April 1st” or similar.

If you are interested in what is know about Conficker and April 1st, read our encyclopedia entry on Conficker.D and you should choose the “Analysis” tab there, which gives you the details.

To be clear from my side: Please, concentrate on deploying the Security Update and cleaning Conficker (if you are infected) much more than being sidetracked by that.

Roger

I recently had a chat with Tonny Bjorn after my recent blog post and he pointed me to a solution he is using to have users running as non-admin on Windows XP and still having the ability to elevate: He uses a freeware called Sudo for Windows and seems to be fairly happy with it. I have to possibility to look into it (I am running Windows 7 or Windows Vista) but you might want to consider something like that. The real disadvantage is that it installs a service (I think as Local System). So, if this service has a vuln, you are toast as well…

So, I cannot recommend this as I do not know it well enough but it might be worth a look

Roger

I like that: As you probably know, I did a tour through the Gulf when we launched the Security Intelligence Report last year. One of the reasons was that we know that the Gulf has a pretty high malware infection rate. You can read this in the corresponding blog post: Security Intelligence Report v5 Live!

Now, QTEL (the ISP in Qatar) released an interesting document called Qtel’s Guide to a Faster Internet Experience. What I like about it is that most of it is about security but it actually addresses the user where it “really hurts”: Internet performance.

You can read it yourself at the link above

Roger