Wednesday, January 9, 2008

Microsoft January 2008 Security Bulletins

As part of Microsoft's routine, monthly security update cycle, today they released two new security bulletins that affects Windows system.
Note: There may be latency issues due to replication, if the page does not display keep refreshing.

Critical

  • MS08-001 - Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (941644)

Important

  • MS08-002 - Vulnerability in LSASS Could Allow Local Elevation of Privilege (943485)

Microsoft also released Non-Security, High-Priority Updates on MU, WU, and WSUS:
- Five non-security, high-priority updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).
- Two non-security, high-priority updates for Windows on Windows Update (WU) and WSUS.

Microsoft Windows Malicious Software Removal Tool
Microsoft has released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

References:
January 2008 Security Bulletin Summary: http://www.microsoft.com/technet/security/bulletin/ms08-jan.mspx
Security Bulletin for end-users: http://www.microsoft.com/protect/computer/updates/bulletins/200801.mspx
MSRC Blog: http://blogs.technet.com/msrc/archive/2008/01/08/january-2008-monthly-release.aspx

Support:
Call 1-866-PCSAFETY. There is no charge for support calls that are associated with security updates. International users should go to http://support.microsoft.com/common/international.aspx

Security Bulletin Webcast:
Microsoft will host a Webcast tomorrow. The webcast focuses on addressing your questions and concerns about the security bulletins. Therefore, most of the live webcast is aimed at giving you the opportunity to ask questions and get answers from their security experts.

Update sources:
Microsoft NEVER send security updates via e-mail. As always, download the updates only from the vendors' website - visit Windows Update and Office Update or Microsoft Update. You may also get the updates thru Automatic Updates functionality in Windows.
Security updates are available on ISO-9660 DVD5 image files from the Microsoft Download Center. For more information, please see http://support.microsoft.com/kb/913086
Note: Don't be a victim of spoofed emails. Read "How to tell whether a security e-mail message is really from Microsoft"

Recommendations:
Microsoft advises customers to install the latest product releases, security updates, and service packs to remain as secure as possible. Older products, such as Microsoft Windows NT 4.0, may not meet today's more demanding security requirements. It may not be possible for Microsoft to provide security updates for older products. More info at Microsoft Support Lifecycle website.

Report Security Vulnerability to Microsoft:
If you have found a Microsoft security vulnerability, please report: https://www.microsoft.com/technet/security/...in/alertus.aspx

Tool:
Check your system for missing or misconfigured patches using Microsoft Baseline Security Analyzer (MBSA).
For 3rd Party tools in scanning your computer for missing updates, hotfixes, end of life or out-dated version, please see the list at http://www.dozleng.com/updates/index.php?showtopic=13587

Saturday, January 5, 2008

Microsoft .NET Compact Framework 3.5 Redistributable

The Microsoft® .NET Compact Framework 3.5 Redistributable contains the common language runtime and class libraries built for the .NET Compact Framework. In addition to version 3.5 support, it also supports applications developed for version 1.0 and 2.0. The .NET Compact Framework 3.5 provides new features such as Windows Communication Foundation, LINQ, SoundPlayer, new runtime tool support, and many other features.
Important: To develop .NET Compact Framework applications, Microsoft Visual Studio 2008 is required.
This package uses ActiveSync 4.0 to update the device. Before running NETCFSetupv35.msi, connect your device to your PC. If your device is not connected, ActiveSync will store the CAB file and will not install the package until you connect. If you are not using ActiveSync, run the CAB files on the device that correspond to the device–specific CAB files found in the install folder.
System Requirements
Supported Operating Systems: Windows 2000 Service Pack 4; Windows CE .NET; Windows Mobile 2003 SE software for Pocket PC; Windows Mobile 5.0; Windows Mobile 6; Windows Vista; Windows XP
Supported Device Operating Systems: Windows Mobile Software for Pocket PC 2003, Windows Mobile 5.0 for PocketPC and Smartphone, Windows CE .NET 5.0 and higher.
Important: This download utilities Microsoft® Windows® Installer technology. Windows 98 and Windows ME users should install the Microsoft® Windows® Installer 2.0 before proceeding with this download.
Download: Microsoft .NET Compact Framework 3.5 Redistributable
Link: Home Page

Sysinternals Suite Build 2008.01.04

The Sysinternals Troubleshooting Utilities have been rolled up into a single Suite of tools. This file contains the individual troubleshooting tools and help files. It does not contain non-troubleshooting tools like the BSOD Screen Saver or NotMyFault. Microsoft acquired Sysinternals in July, 2006. Whether you’re an IT Pro or a developer, you’ll find Sysinternals utilities to help you manage, troubleshoot and diagnose your Windows systems and applications. If you have a question about a tool or how to use them, please visit the Sysinternals Forum for answers and help from other users and our moderators.
What's New ( January 4th, 2008 ):

  • Updated Autoruns to version 9.01: Autoruns v9.01 fixes a bug in the way that it handles certain shell extension points and adds awareness of several additional shell extensions.
  • Updated PsExec to version 1.94: This update fixes a bug in the timeout option and it makes it possible to use more options when launching local processes, like processor affinity, without administrative rights.
  • Updated Tcpview to version 2.52: Tcpview v2.52 fixes a bug that causes partial display of UDP endpoints on Windows XP.
  • Sigcheck to version 1.41: This Sigcheck update correctly displays long comments in file version information.

Download: Sysinternals Suite
View: Applications Descriptions
Link: Home Page | Official Forum | Official Blog

Tuesday, January 1, 2008

SideShow Coming To Windows Mobile, iPhone

Ikanos Consulting is developing a framework which is in beta testing which will, when completed, allow you to run Windows SideShow Gadgets on a Windows Mobile device, finally bringing SideShow to the masses.

SideShow is a wonderful technology in Vista, allowing the display and access of data from a Vista PC on external mini-devices (usually little screens with a few buttons on the outside of a PC case), but the hardware is very specific and very rarely implemented. With support for running SideShow programs (Gadgets, just like the Sidebar kind) on mobile phones, SideShow can be used by any of the millions of Windows Mobile phones.

With SideShow, you can check email on your host PC, select music for the PC to play, see the weather or your Messenger buddy list, or load up any Gadget that's been created by anyone for the purpose. There aren't a ton of Gadgets now, but once the hardware gets out there (and by enabling existing devices, it gets out there a lot faster), developers will start creating even more cool functionality.

http://microsoft.blognewschannel.com/archives/2007/12/31/sideshow-coming-to-windows-mobile-iphone/