Recently in Windows 7 Category

Will Microsoft pursue a single Windows kernel?

| No Comments
| More

During the Build developer's conference in April, Microsoft is expected to reveal more details of a future version of Windows codenamed Threshold.

Rumours on the web suggest that Threshold could become Windows 9. The OS is set to bring together Windows Phone, Windows 8 and the xBox One operating systems.

Microsoft's previous attempts at simplifying its various operating systems have had varying degrees of success.

Windows 2000 Workstation and Windows Millenium merged into Windows XP with a single kernel for home and professional users.

On the mobile side, Microsoft attempted to provide a common look and feel with Windows CE, and cross-platform development, but at the time, a desktop-like GUI on a smartphone did not gain acceptance.

With the evolution of the Windows Phone OS, Microsoft introduced a touch UI with tiles, that has made its way onto the Windows 8 OS. This time, however, the touchscreen UI, has not sat very well in the corporate market and home users have generally preferred cheaper Android-powered tablets over Windows 8 powered tablets.

The fact that Microsoft is looking to rebrand Windows RT, its low-end ARM-powered Windows operating system, suggests the company is moving towards a single Windows OS across all devices. Interestingly, the xBox One also runs a version of Windows .

A single core OS would greatly simplify application development and integration. For Microsoft, it would mean core services like Skype, Windows Live and Office 365 would work seamlessly between the xBox One, Windows-powered tablets and smartphones and traditional PCs.

The wider MS ecosystem would benefit - so, in theory, B2C companies could develop services once and  target customers across all three platforms.

All will be revealed at Build 2014, but Microsoft has some big changes to make this year, not least, hiring a new CEO to take over from Steve Ballmer. 

Windows 8.1: Start failure

| No Comments
| More

It has been a while since my last post. Today I spent the last few hours updating Windows 8 and I thought I'd share my experiences.

Window 8.1 is the free update to Windows 8, which supposedly fixes the biggest bug-bear for enterprise users: the lack of a start button.

Windows 8.1

It's a 3 GB download and will reboot your PC a few times and configure the system before booting the new OS. A network connection is required after the download for user authentication.

On my configuration I needed to enter my Windows Live login and a code that Microsoft texted to my registered mobile phone.

Finally, the machine boots up and....there is a Start button. Not quite,...my machine still boots into the Windows 8 Start screen with the sliding tiles of apps. The desktop tile does indeed bring up a Start button, but don't hold your breath. It's no Windows 7 start menu. It is a button that will bring you back to the Start screen. Amazing.

For anyone like me, who really wants the Start menu, download Classic Start menu. It's free and still works on Windows 8.1.

MS user CAL fails BYOD

| No Comments
| More

The changes Microsoft has made to client access licences (CAL) reflects a change in how people use the company's software. Today, people expect to have access to the MS Exchange Server via their Andoid or iOS device. This is not added-value. Email access from any device is essential to enable people to use their own devices at work. So why does Microsoft want to charge extra?

The problem Microsoft faces is that its traditional business model, where people would run out and buy a new Windows PC, every time it released a new OS, is broken. Windows 8 is a massive departure from previous OSes, and it will take an awful long time before people feel the need to upgrade. In the meantime, it is losing out, because Apple and Google devices are able to connect to Microsoft servers.

It still makes money:  the users who connect to Microsoft systems have to pay a Microsoft client access user licence. Just because a user may have more than one device, does not give Microsoft the right to charge more. After all, most of the time they will only ever use one device at a time to access a Microsoft system. How often will someone want to accesses email simultaneously on a PC, a tablet and a smartphone. Come on Microsoft, we only have two eyes, two hands and one brain.

Forrester analyst Duncan Jones says per-device licensing for software is obsolete in the mobile and virtual world.

So rather than charging a premium for user-based CALs, Microsoft should make device CALs cheaper, since they are more restrictive.

How to boost Windows 7

| 1 Comment
| More
vaio.jpgSome people may hold out for Windows 8, but my Windows 7 laptop has started running seriously slow. It's a Sony Vaio and less than 18 months old, but now Windows takes ages to boot-up and applications are slow, even though there's nearly 50% of unused disc space.
Why does this happen. Over time Windows tends to slow down because the Windows registry and computer's hard disc get cluttered.

  • The first task was to clean up the applications, by using the Programs and Features option in Windows Control Panel to uninstall things not required any more. At the same time, I cleaned up My Documents, My Pictures, My Videos, My Music, browsing history etc. Altogether I managed to get the machine's footprint down to around 55 Gbytes of used disc space.
  • Next remove unwanted Windows processes. Here is a really useful site that explains how to go about this: http://www.blackviper.com/service-configurations/black-vipers-windows-7-service-pack-1-service-configurations/
  • Third, upgrade memory. Although Windows 7 64-bit Edition runs in 4 Gbytes, applications benefit from more RAM. I upgraded to  8 Gbytes of RAM, using a system scanner  tool on the Crucial website.
  • Finally, there is the option of using a solid state disc (SSD), which improves disc performance particularly start-up and shutdown and launching applications. I decided on 256 Gbytes to future-proof the system, and bought the data transfer kit, which allows you make a disk image of your existing Sata disc drive. My system disk was 512 Gbytes, but the imaging software had no problem transferring the data to the 256 Gbyte SSD.
RAM currently costs around £30 for 8 Gbytes and a 128 Gbyte SSD is under £80 (less if you can squeeze your operating environment in 64 Gbytes). So for little over £100 it is possible to make a big on how fast Windows runs.

Enhanced by Zemanta

Microsoft Patch Tuesday Report - March 13

| No Comments
| More

Application Compatibility Update with Quest ChangeBASE


Executive Summary

With this March Microsoft Patch Tuesday update, we see a set of 6 updates; 1 with the rating of Critical, 4 with the rating of Important and 1 with that of Moderate. This is a relatively small update from Microsoft, and the potential compatibility impact for these updates is likely to be low.

 

Notably, the Patch Tuesday Security Update analysis performed by the ChangeBASE team has not identified any compatibility issues across the thousands of applications included in testing for this release. This makes us confident that this set of patches may be deployed with low risk of issue across the entire application portfolio.

 

Given the nature of the changes and updates included in each of these patches, most systems will require a reboot to successfully implement any and all of the patches and updates released in this March Patch Tuesday release cycle.



Sample Results

Here is a sample Summary report for a sample database where the Quest ChangeBASE Patch Impact team has run the latest Microsoft Updates against a test application portfolio. As you can see, no issues have been detected:

patch mar 1.png



 

Testing Summary

 

MS12-017

 

Vulnerability in DNS Server Could Allow Denial of Service (2647170)

MS12-018

Vulnerability in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2641653)

MS12-019

Vulnerability in in DirectWrite Could Allow Denial of Service

MS12-020

Vulnerabilities in Remote Desktop Could Allow Remote Code Execution (2671387)

MS12-021

Vulnerability in Visual Studio Could Allow Elevation of Privilege (2651019)

MS12-022

Vulnerability in Expression Design Could Allow Remote Code Execution (2651018)

 

 

Quest ChangeBASE RAG Report Summary

patch mar 2.PNG

Security Update Detailed Summary

MS12-017

Vulnerability in DNS Server Could Allow Denial of Service (2647170)

Description

This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if a remote unauthenticated attacker sends a specially crafted DNS query to the target DNS server.

Payload

Afd.sys, Dns.exe, Dnsperf.dll, Dnsperf.h, Dnsperf.ini, Mswsock.dll, Tcpip.sys, Tcpip6.sys, W03a3409.dll, Wdnsperf.dll, Wmswsock.dll, Ww03a3409.dll

Impact

Important - Denial of Service

 

MS12-018

Vulnerability in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2641653)

Description

This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.

Payload

Win32k.sys

Impact

Important - Elevation of Privilege

 

MS12-019

Vulnerability in DirectWrite Could Allow Denial of Service

Description

 Could Allow Denial of Service (2665364)

Payload

D2d1.dll, Dwrite.dll, D3d10_1.dll, D3d10_1core.dll, D3d10warp.dll

Impact

Moderate - Denial of Service

 

MS12-020

Vulnerabilities in Remote Desktop Could Allow Remote Code Execution (2671387)

Description

This security update resolves two privately reported vulnerabilities in the Remote Desktop Protocol. The more severe of these vulnerabilities could allow remote code execution if an attacker sends a sequence of specially crafted RDP packets to an affected system. By default, the Remote Desktop Protocol (RDP) is not enabled on any Windows operating system. Systems that do not have RDP enabled are not at risk.

Payload

Rdpwd.sys

Impact

Critical - Remote Code Execution

 

MS12-021

Vulnerability in Visual Studio Could Allow Elevation of Privilege (2651019)

Description

This security update resolves one privately reported vulnerability in Visual Studio. The vulnerability could allow elevation of privilege if an attacker places a specially crafted add-in in the path used by Visual Studio and convinces a user with higher privileges to start Visual Studio. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.

Payload

Vsaenv.exe, BaseConfig.pkgdef, BaseConfig.pkgdef.version

Impact

Important - Elevation of Privilege

 

MS12-022

Vulnerability in Expression Design Could Allow Remote Code Execution (2651018)

Description

This security update resolves one privately reported vulnerability in Microsoft Expression Design. The vulnerability could allow remote code execution if a user opens a legitimate file (such as an .xpr or .DESIGN file) that is located in the same network directory as a specially crafted dynamic link library (DLL) file. Then, while opening the legitimate file, Microsoft Expression Design could attempt to load the DLL file and execute any code it contained. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a legitimate file (such as an .xpr or .DESIGN file) from this location that is then loaded by a vulnerable application.

Payload

No specific file payload

Impact

Important - Remote Code Execution

Security Update Detailed Summary

MS12-017

Vulnerability in DNS Server Could Allow Denial of Service (2647170)

Description

This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if a remote unauthenticated attacker sends a specially crafted DNS query to the target DNS server.

Payload

Afd.sys, Dns.exe, Dnsperf.dll, Dnsperf.h, Dnsperf.ini, Mswsock.dll, Tcpip.sys, Tcpip6.sys, W03a3409.dll, Wdnsperf.dll, Wmswsock.dll, Ww03a3409.dll

Impact

Important - Denial of Service

 

MS12-018

Vulnerability in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2641653)

Description

This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.

Payload

Win32k.sys

Impact

Important - Elevation of Privilege

 

MS12-019

Vulnerability in DirectWrite Could Allow Denial of Service

Description

 Could Allow Denial of Service (2665364)

Payload

D2d1.dll, Dwrite.dll, D3d10_1.dll, D3d10_1core.dll, D3d10warp.dll

Impact

Moderate - Denial of Service

 

MS12-020

Vulnerabilities in Remote Desktop Could Allow Remote Code Execution (2671387)

Description

This security update resolves two privately reported vulnerabilities in the Remote Desktop Protocol. The more severe of these vulnerabilities could allow remote code execution if an attacker sends a sequence of specially crafted RDP packets to an affected system. By default, the Remote Desktop Protocol (RDP) is not enabled on any Windows operating system. Systems that do not have RDP enabled are not at risk.

Payload

Rdpwd.sys

Impact

Critical - Remote Code Execution

 

MS12-021

Vulnerability in Visual Studio Could Allow Elevation of Privilege (2651019)

Description

This security update resolves one privately reported vulnerability in Visual Studio. The vulnerability could allow elevation of privilege if an attacker places a specially crafted add-in in the path used by Visual Studio and convinces a user with higher privileges to start Visual Studio. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.

Payload

Vsaenv.exe, BaseConfig.pkgdef, BaseConfig.pkgdef.version

Impact

Important - Elevation of Privilege

 

MS12-022

Vulnerability in Expression Design Could Allow Remote Code Execution (2651018)

Description

This security update resolves one privately reported vulnerability in Microsoft Expression Design. The vulnerability could allow remote code execution if a user opens a legitimate file (such as an .xpr or .DESIGN file) that is located in the same network directory as a specially crafted dynamic link library (DLL) file. Then, while opening the legitimate file, Microsoft Expression Design could attempt to load the DLL file and execute any code it contained. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a legitimate file (such as an .xpr or .DESIGN file) from this location that is then loaded by a vulnerable application.

Payload

No specific file payload

Impact

Important - Remote Code Execution

*All results are based on a ChangeBASE Application Compatibility Lab's test portfolio of over 1,000 applications.


For more information, please visit www.changebase.com

 


Enhanced by Zemanta

ChangeBASE Microsoft Patch Tuesday Report 11th October 2011

| 1 Comment
| More

Application Compatibility Update

By: Greg Lambert

 

Executive Summary

With this October Microsoft Patch Tuesday update, we see again a relatively small set of updates. In total there are eight Microsoft Security Updates, 2 with the rating of Critical and 6 with the rating of Important. This is a moderate update from Microsoft and the potential impact for the updates is minor.

 

As part of the Patch Tuesday Security Update analysis performed by the ChangeBASE AOK team, we have seen very little cause for potential compatibility issues.

 

Given the nature of the changes and updates included in each of these patches, most systems will require a reboot to successfully implement any and all of the patches and updates released in this October Patch Tuesday release cycle.

 

Sample Results

MS10-028: Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution.

patch tuesday oct 1.png

 

Testing Summary

 

MS11-075

Vulnerability in Microsoft Active Accessibility Could Allow Remote Code Execution (2623699)

MS11-076

Vulnerability in Windows Media Center Could Allow Remote Code Execution (2604926)

MS11-077

Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2567053)

MS11-078

Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2604930)

MS11-079

Vulnerabilities in Microsoft Forefront Unified Access Gateway Could Cause Remote Code Execution (2544641)

MS11-080

Vulnerability in Ancillary Function Driver Could Allow Elevation of Privilege (2592799)

MS11-081

Cumulative Security Update for Internet Explorer (2586448)

MS11-082

Vulnerabilities in Host Integration Server Could Allow Denial of Service (2607670)

 

patch tuesday oct 2.jpg















































 

Security Update Detailed Summary

 

MS11-075

Vulnerability in Microsoft Active Accessibility Could Allow Remote Code Execution (2623699)

Description

This security update resolves a privately reported vulnerability in the Microsoft Active Accessibility component. The vulnerability could allow remote code execution if an attacker convinces a user to open a legitimate file that is located in the same network directory as a specially crafted dynamic link library (DLL) file. Then, while opening the legitimate file, the Microsoft Active Accessibility component could attempt to load the DLL file and execute any code it contained. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a document from this location that is then loaded by a vulnerable application.

Payload

Oleacc.dll, Oleaccrc.dll, Uiautomationcore.dll, Wow_oleacc.dll, Wow_oleaccrc.dll, Wow_uiautomationcore.dll

Impact

Important - Remote Code Execution

 

MS11-076

Vulnerability in Windows Media Center Could Allow Remote Code Execution (2604926)

Description

This security update resolves a publicly disclosed vulnerability in Windows Media Center. The vulnerability could allow remote code execution if an attacker convinces a user to open a legitimate file that is located in the same network directory as a specially crafted dynamic link library (DLL) file. Then, while opening the legitimate file, Windows Media Center could attempt to load the DLL file and execute any code it contained. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a legitimate file.

Payload

Mpeg2data.ax, Msdvbnp.ax, Msnp.ax, Psisdecd.dll, Psisrndr.ax

Impact

Important - Remote Code Execution

 

MS11-077

Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2567053)

Description

This security update resolves four privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow remote code execution if a user opens a specially crafted font file (such as a .fon file) in a network share, a UNC or WebDAV location, or an e-mail attachment. For a remote attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open the specially crafted font file, or open the file as an e-mail attachment.

Payload

Win32k.sys, W32ksign.dll

Impact

Important - Remote Code Execution

 

MS11-078

Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2604930)

Description

This security update resolves a privately reported vulnerability in Microsoft .NET Framework and Microsoft Silverlight. The vulnerability could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs) or Silverlight applications. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a Web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions.

Payload

 N/A

Impact

Critical - Remote Code Execution

 

MS11-079

Vulnerabilities in Microsoft Forefront Unified Access Gateway Could Cause Remote Code Execution (2544641)

Description

This security update resolves five privately reported vulnerabilities in Forefront Unified Access Gateway (UAG). The most severe of these vulnerabilities could allow remote code execution if a user visits an affected Web site using a specially crafted URL. However, an attacker would have no way to force users to visit such a Web site. Instead, an attacker would have to persuade users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker's Web site.

Payload

Adfs.internalerror.inc, Adfs.internalsite.de_de.xml, Adfs.internalsite.en_us.xml, Adfs.internalsite.es_es.xml, Adfs.internalsite.fr_fr.xml, Adfs.internalsite.it_it.xml, Adfs.internalsite.ja_jp.xml, Adfs.internalsite.ko_kr.xml, Adfs.internalsite.pt_br.xml, Adfs.internalsite.ru_ru.xml, Adfs.internalsite.zh_cn.xml, Adfs.internalsite.zh_tw.xml, Internalerror.inc, Internalsite.de_de.xml, Internalsite.en_us.xml, Internalsite.es_es.xml, Internalsite.fr_fr.xml, Internalsite.it_it.xml, Internalsite.ja_jp.xml, Internalsite.ko_kr.xml, Internalsite.pt_br.xml, Internalsite.ru_ru.xml, Internalsite.zh_cn.xml, Internalsite.zh_tw.xml, Mobileinternalsite.microsoft.uag.mobilebrowsing.dll, Monitor.default.asp, Monitor.exceltable.asp, Monitor.sessionparameters.asp, Signurl.asp, Whlfilter.dll, Whlfiltsecureremote.dll

Impact

Important - Remote Code Execution

 

MS11-080

Vulnerability in Ancillary Function Driver Could Allow Elevation of Privilege (2592799)

Description

This security update resolves a privately reported vulnerability in the Microsoft Windows Ancillary Function Driver (AFD). The vulnerability could allow elevation of privilege if an attacker logs on to a user's system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit the vulnerability.

Payload

Afd.sys

Impact

Important - Elevation of Privilege

 

MS11-081

Cumulative Security Update for Internet Explorer (2586448)

Description

This security update resolves eight privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Payload

 N/A

Impact

Critical - Remote Code Execution

 

MS11-082

Vulnerabilities in Host Integration Server Could Allow Denial of Service (2607670)

Description

This security update resolves two publicly disclosed vulnerabilities in Host Integration Server. The vulnerabilities could allow denial of service if a remote attacker sends specially crafted network packets to a Host Integration Server listening on UDP port 1478 or TCP ports 1477 and 1478. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed. In this case, the Host Integration Server ports should be blocked from the Internet.

Payload

 N/A

Impact

Important - Denial of Service

 

*All results are based on an AOK Application Compatibility Lab's test portfolio of over 1,000 applications.

September 13th Microsoft Patch Tuesday Application Compatibility Report by ChangeBASE

| No Comments
| More

Application Compatibility Update

By: Greg Lambert

 

Executive Summary

With this September Microsoft Patch Tuesday update, we see again a relatively small set of updates in comparison to the lists of updates released by Microsoft in the previous months. In total there are five Microsoft Security Updates with the rating of Important. This is a minor update from Microsoft and the potential impact for the updates is likely to be moderate.

 

As part of the Patch Tuesday Security Update analysis performed by the ChangeBASE AOK team, we have seen very little cause for potential compatibility issues.

 

Given the nature of the changes and updates included in each of these patches, most systems will require a reboot to successfully implement any and all of the patches and updates released in this September Patch Tuesday release cycle.

 

Sample Results 1: MS11-070 Vulnerability in WINS Could Allow Elevation of Privilege

 patch sept 1.png

 

Sample Results 2: MS11-073 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution

 

patch sept 2.png

 

Testing Summary

 

MS11-070

Vulnerability in WINS Could Allow Elevation of Privilege (2571621)

MS11-071

Vulnerability in Windows Components Could Allow Remote Code Execution (2570947)

MS11-072

Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2587505)

MS11-073

Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2587634)

MS11-074

Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2451858)

 

Sample Results 3: AOK Summary Report Sample from a small database

patch sept 3.png

AOK Patch Summary Results

Patch sept 4.PNG

Security Update Detailed Summary

 

MS11-070

Vulnerability in WINS Could Allow Elevation of Privilege (2571621)

Description

This security update resolves a privately reported vulnerability in the Windows Internet Name Service (WINS). The vulnerability could allow elevation of privilege if a user received a specially crafted WINS replication packet on an affected system running the WINS service. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.

Payload

W03a3409.dll, Wins.exe, Winsevnt.dll, Ww03a3409.dll, Wwins.exe, Wwinsevnt.dll

Impact

Important - Elevation of Privilege

 

MS11-071

Vulnerability in Windows Components Could Allow Remote Code Execution (2570947)

Description

This security update resolves a publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a legitimate rich text format file (.rtf), text file (.txt), or Word document (.doc) that is located in the same network directory as a specially crafted dynamic link library (DLL) file. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Payload

Imjpapi.dll

Impact

Important - Remote Code Execution

 

MS11-072

Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2587505)

Description

This security update resolves five privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Installing and configuring Office File Validation (OFV) to prevent the opening of suspicious files blocks the attack vectors for exploiting the vulnerabilities described in CVE-2011-1986 and CVE-2011-1987.

Payload

Excel.exe

Impact

Important - Remote Code Execution

 

MS11-073

Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2587634)

Description

This security update resolves two privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Office file or if a user opens a legitimate Office file that is located in the same network directory as a specially crafted library file. An attacker who successfully exploited either of the vulnerabilities could gain the same user rights as the logged on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Payload

Ietag.dll, Mso.dll

Impact

Important - Remote Code Execution

 

MS11-074

Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2451858)

Description

This security update resolves five privately reported vulnerabilities and one publicly disclosed vulnerability in Microsoft SharePoint and Windows SharePoint Services. The most severe vulnerabilities could allow elevation of privilege if a user clicked on a specially crafted URL or visited a specially crafted Web site. For the most severe vulnerabilities, Internet Explorer 8 and Internet Explorer 9 users browsing to a SharePoint site in the Internet Zone are at a reduced risk because, by default, the XSS Filter in Internet Explorer 8 and Internet Explorer 9 helps to block the attacks in the Internet Zone. The XSS Filter in Internet Explorer 8 and Internet Explorer 9, however, is not enabled by default in the Intranet Zone.

Payload

Groove.exe, Groovedocumentsharetool.dll, Grooveutil.dll, Groovewebplatformservices.dll, Groovewebservices.dll

Impact

Important - Elevation of Privilege

 

*All results are based on an AOK Application Compatibility Lab's test portfolio of over 1,000 applications.

 

 

Patch Tuesday Report 9th August

| No Comments
| More

Executive Summary

With this August Microsoft Patch Tuesday update, we see a moderate set of updates in comparison to those lists of updates released by Microsoft for the months of June and July. In total there are 13 Microsoft Security Updates with the following rating; 2 rated as Critical, 9 rated as Important and 2 as Moderate by Microsoft. Given the scope of this month's update, the ChangeBASE team expects to find a small number of issues raised by the AOK Automated Patch Impact Assessment. In particular, Microsoft Security Update M11-060 will require careful testing prior to deployment due to the core operating system DLL's contained within this update.

 

Due to the nature of the changes and updates included in each of these patches, most systems will require a reboot to successfully implement any and all of the patches and updates released in this August Patch Tuesday release cycle.

 

Sample Results 1: MS11-060 Vulnerability in VISIO Could Allow Remote Code Execution

patch aug 1.png 

 

Testing Summary

 

MS11-057

Cumulative Security Update for Internet Explorer (2559049)

MS11-058

Vulnerabilities in DNS Server Could Allow Remote Code Execution (2562485)

MS11-059

Vulnerability in Data Access Components Could Allow Remote Code Execution (2560656)

MS11-060

Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (2560978)

MS11-061

Vulnerability in Remote Desktop Web Access Could Allow Elevation of Privilege (2546250)

MS11-062

Vulnerability in Remote Access Service NDISTAPI Driver Could Allow Elevation of Privilege (2566454)

MS11-063

Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2567680)

MS11-064

Vulnerabilities in TCP/IP Stack Could Allow Denial of Service (2563894)

MS11-065

Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (2570222)

MS11-066

Vulnerability in Microsoft Chart Control Could Allow Information Disclosure (2567943)

MS11-067

Vulnerability in Microsoft Report Viewer Could Allow Information Disclosure (2578230)

MS11-068

Vulnerability in Windows Kernel Could Allow Denial of Service (2556532)

MS11-069

Vulnerability in .NET Framework Could Allow Information Disclosure (2567951)

patch aug 3.PNGPatch aug 4.PNG

Microsoft Patch Tuesday Update - 14th December 2010

| No Comments
| More

With this week's Microsoft Patch Tuesday update, we see the largest collection of updates ever delivered by Microsoft in a single Patch Tuesday release with 17 updates having the following rating; 2 Critical, 14 Important and 1 Moderate. Aside from the significant number of Security and Application updates with this Patch Tuesday release cycle, we see a moderate number of issues affecting a small number of applications. The ChangeBASE team recommends a particular focus on the Microsoft Security Update MS10-106 as it raised a significant number of issues on the AOK sample server platform portfolio.

Here is a sample of the results for one application and a summary of the Patch Tuesday results for one of our AOK Sample databases:


MS10-105 Vulnerabilities in Microsoft Office Graphics Filters Could Allow for Remote Code Execution
Patch Tuesday - image 1.JPG


And here is a sample AOK Summary report for a sample database where the AOK Patch Impact team has run the latest Microsoft Updates against a small application portfolio:


Patch Tuesday - image 2.JPG


You can read a full analysis of the AOK Patch Impact Testing Summary here.




Windows 7: 12 Months On

| 2 Comments
| More

The 22nd of October 2009 represented one of the most eagerly anticipated dates in the history of desktop computing. The launch of Windows 7 promised easier, faster and more secure computing for all. And, boy oh boy, did Windows 7 deliver.

Over the past 12 months, we've worked with more than 200 global organisations to assist them in their Windows 7 migrations and during this time, we've started to see a number of emerging trends.

To celebrate the anniversary of Windows 7, we've put together a brief report, which you can request a copy of here. In the report we look at the emerging application compatibility trends, the primary issues and give some suggestions on how organisations can best approach their Windows 7 migration.

Over the past 12 months I experienced a number of situations with organisations that have made me really think again. Here is a quick synopsis of those surprises:

  • Windows 7 adoption rates have been higher than expected, which has been led by 64-bit as the primary delivery platform.
  • The introduction of IE8 has added another layer of complexity into the migration. Organisations need to address compatibility issues for core web applications and browser presentation and rendering issues for internal and external websites and portals.
  • Virtualisation has not been embraced as quickly as expected and organisations are looking towards a hybrid model of virtualised platforms to suit application capabilities
  • Windows 7 migration is easier than previous migrations, such as XP to Vista
  • Shims are not the answer to application compatibility issues
  • You need a level of technical expertise to fully use Microsoft's application compatibility issue fixes

And, as you have probably seen already, we are still seeing the same top five application compatibility issues across all verticals and industry sectors including:

Windows 7 - 12 months on.JPG

So, now that Windows 7 is a year old, has it met market expectations? In my view, Windows 7 has been a great success, with a rapid adoption rate, good industry acceptance, a stable OS, a small number of resolvable issues and it delivers some great benefits such as increased security.

Given these factors and our experience to date, we estimate that at least 60% of global organisations will have fully deployed Windows 7 in the next three years.

About this Archive

This page is a archive of recent entries in the Windows 7 category.

Waste and inefficiency is the previous category.

Find recent content on the main index or look in the archives to find all content.

Archives

Category Archives

 

-- Advertisement --