Vol. 13, #6 - Feb 11, 2008 - Issue #660
Microsoft Replaces Vista Kernel In SP1
|This issue of WServerNews is sponsored by|
- Editor's Corner
- Microsoft Replaces Vista Kernel In SP1
- Tell Me Which VIPRE Logo You Like Best?
- Google Bypasses System Admins With 'Team Edition'
- Upcoming Sunbelt/Double-Take Seminars
- Quote Of The Week
- Admin Toolbox
- Admin Tools We Think You Shouldn't Be Without
- Tech Briefing
- Free Vista Adoption Seminar With Mark Minasi
- Former NSA Code-breaker Reviews Jihadists Encryption Tool
- Microsoft Slates 12 Patches For Next Week
- iSCSI SAN storage for Microsoft Exchange -- 5 tips in 5 minutes
- Tipcast: How To Fix Corrupt Microsoft Outlook Calendar Entries
- 2008 CPU Forecast: Quad-cores For Everyone!
- Windows Server News
- WServer Third Party News
- New PerfectDisk 2008 for VMware
- Transform Your Desktop Infrastructure With Virtualization
- Check Out The Next Batch Of Multi Platform Holes
- WServerNews FAVE Links
- This Week's Links We Like. Tips, Hints And Fun Stuff.
- WServerNews - Product of the Week
- What Makes myPassword(r) Different?
rDirectory - The Most Sophisticated Web Directory on the Market
rDirectory is a secure directory-powered, web-based solution that you can
trust and your users will love.
- Leverage and showcase your Active Directory investment
- Increase the value, accuracy and consistency of directory data
- No programming or long development cycles
- Increase employee productivity and communication
Microsoft Replaces Vista Kernel In SP1
The APCMag site came out with a very interesting item this week. "One of the
"big" features discussed in early speculation of Windows Vista SP1 was the
kernel upgrade, which was supposed to bring the operating system into line
with the Longhorn kernel used in Windows Server 2008. And yet with Vista SP1
going RTM, there hasn't been so much as a peep from Microsoft about the
kernel update. Has it happened?
Well the answer is yes it has, and presumably the main reason for Microsoft's
silence on the subject is that as they're keen to promote the improvements
and enhancements to Vista, rather than placing emphasis on a kernel upgrade,
which some people might see as a risk of newly-introduced instability. The
details are here:
Tell Me Which VIPRE Logo You Like Best?
Sunbelt will soon release our new anti-malware product. It is a next
generation security tool (which includes CounterSpy technology) that
integrates anti-virus, anti-spyware and other anti-malware technology
(like protection against rootkits) in one single, effective, low memory
We decided to introduce this product into the antivirus 'category' as
many AV products now include all the above technologies, and this
would communicate the security benefits most effectively to customers.
Please let us know which of these below you think best represents the
PS: In an earlier survey people asked us where we got the VIPRE name to
begin with. It's an acronym: Virus Intrusion Protection Remediation Engine.
Google Bypasses System Admins With 'Team Edition'
You may be aware of Google Apps Premier Edition that tries to be a competitor
for Office. Google also came up with a way to bypass any admin trying to block
the Google apps. The 'Team Edition' allows employees' rogue deployments by
letting people in the same domain use the Google Docs, Calendar, Talk and
Start Page code. From a security perspective this is not something I
In the near future, Google will releasing SharePoint-style functionality. What
they are trying to do is sneak the 'Team Edition' (whose team you wonder?)
into organizations as a trojan, and then get it upgraded to the Google Apps
Standard or paid $50-a-user Premier versions. Oh, and accidentally, those
latter versions do permit admin control. And this is the company that has
'Do No Harm' as its motto?
Upcoming Sunbelt/Double-Take Seminars
We'd like to invite you to attend the following seminars: "Recovery Made
Easy for Exchange, SQL, and other Critical Applications" - Join Sunbelt
and Double-Take Software as we discuss strategies for implementing high
availability, remote availability and offsite disaster recovery solutions for
SQL, Exchange and other mission critical applications using Double-Take.
Learn about Double-Take v5.0 and Double-Take's NEW solutions that power your
keys to recoverability.
Hosted at Microsoft in St. Louis, MO on Thursday, February 21st. Register here:
Hosted at the Courtyard Sheraton Vancouver Wall Centre Hotel in Vancouver,
BC on Tuesday, February 26th. Register here:
Hosted at The Westin Columbus in Columbus, OH on Thursday, February 28th.
(Special presentation by Riverbed Technology on optimizing the transfer
of data over the WAN for comprehensive data protection) Register here:
Quote Of The Week
"Nobody made a greater mistake than he who did nothing because he could only
do a little." -- Edmund Burke
Thank you for being a WServerNews subscriber. Please
tell your friends about us. They can subscribe here:
A Happy Ninja User
"Ninja seems to be working great. The distribution of spam messages has passed
the 50-50 mark. We do actually get like 60% SPAM and 40% mail on average. My
users are commenting that they are seeing a noticeable reduction of unwanted
e-mails daily. And that is with NO special configuration on the NINJA program!
The reports make the owners happy that their money was well spent! Feel free
to use that quote in your marketing..grin. Thanks, -- Dave King, MCSE, MCITP,
Try Ninja out for 30 days on your Exchange Server:
Free Vista Adoption Seminar With Mark Minasi
Attend this 1-day event, where independent expert and best-selling author
Mark Minasi will tell you all you need to know about Vista Service Pack 1
and the most (and least) important Vista innovations for improving desktop
security. This seminar is coming to Chicago, Denver, Raleigh, Washington
DC, and Minneapolis starting in March. Seating is limited, register today!
Former NSA Code-breaker Reviews Jihadists Encryption Tool
CSO blogger extraordinaire Jeff Bardin, who used to be a code-breaker and
Arabic translator for the USAF/NSA, has reviewed the new encryption tools
available from an Islamic network used by Al Qaeda jihadists. He detects
a software development lifecycle with an increasing level of sophistication.
Go to his blog for details:
Microsoft Slates 12 Patches For Next Week
Redmond announced they will release a dozen security updates next week,
matching the patch record set a year ago. Seven of the 12 will be tagged
with the highest threat ranking. "There's not a Windows shop anywhere in
the world that won't need to deploy at least one of these patches," said
Andrew Storms, director of security operations at nCircle Network Security
Inc. And most everyone will be taking all 12."
iSCSI SAN storage for Microsoft Exchange -- 5 tips in 5 minutes
In this excerpt from "The Shortcut Guide to Exchange Server 2007 Storage
Systems," author Jim McBee leads you through the process of implementing
an iSCSI SAN storage system for Microsoft Exchange 2003 or Exchange 2007
using Windows Server 2003 and the Microsoft iSCSI Initiator software.
Tipcast: How To Fix Corrupt Microsoft Outlook Calendar Entries
If Microsoft Outlook calendar entry reminders continuously pop up when you
open Outlook, you may be experiencing problems with corrupt calendar entries.
Learn how to fix corrupt Microsoft Outlook calendar entries, in the six-minute
audio version of SearchExchange.com's top performing tips of 2007.
2008 CPU Forecast: Quad-cores For Everyone!
ComputerWorld has a good story here: "Penryn. Nehalem. Phenom. Fusion.
Inside these four cryptic code names lies the future of computer desktop
processing for 2008. Ultimately, however, it's all about the epic, age-old
battle between chip giant Intel Corp. and underdog Advanced Micro Devices
Inc. for desktop dominance. The harsh reality for AMD is that over the last
two years, Intel has absolutely dominated in terms of performance. But
performance is only half of the price-performance ratio, and AMD's
willingness to slash prices and aggressively pursue the low- and midrange
tiers of the desktop computing market cannot be overrated, despite the
company's technological lag. Read on for in-depth details about both Intel's
and AMD's desktop processor plans for 2008, along with a quick glance at
both companies' mobile CPU strategies. Along the way, you'll find the
information you need to make the best purchasing decisions for your
company or home.
||Windows Server News
W2K8 Goes RTM
Beta Testers were sent the following useful information: "We are pleased
to announce that Windows Server 2008 has been Released to Manufacturing (RTM).
Thanks to you, our dedicated beta participants, this is the most tested
version of Windows Server ever released!
Windows Server 2008 has an array of new features and technologies that are
too numerous to list completely, but some of the highlights are:
- Internet Information Services (IIS) 7.0 - next gen web and app platform
- Server Core - key roles, low footprint, no GUI
- Terminal Services Gateway - access your apps without a RAS client
- Network Access Protection - keep your network safe from un-healthy clients
- PowerShell - powerful scripting tools for admins
- Failover Clustering - improved cluster management, security, and stability
- Next Generation Net Stack - fast and reliable
- Server Manager - setup & manage server roles and features in one place
- Read-Only Domain Controller - safe branch office DCs
- Hyper-V Beta - server virtualization. Hyper-V RTM in 180 days
||WServer Third Party News
New PerfectDisk 2008 for VMware
Brand new to the family is PerfectDisk 2008 for VMware. With this industry
first, VMware users can now defrag their virtual machines without installing
a defragmenter inside each machine and without the need to have them running.
Another unique feature is its ability to defrag internal disk structures and
reclaim free space on the host computer by shrinking the virtual drives. As
a VMware Select Technology Alliance Partner (TAP), PerfectDisk for VMware
strictly adheres to VMware's recommendations for performance optimization.
The best part is the cost. Now you only need purchase one license for each
host (physical) machine - that's it. For only $99.99, each PerfectDisk for
VMware Workstation or Server host license allows you to defragment an unlimited
amount of workstation or server virtual machines running on that host at no
additional cost. 1 host - 1 license - 1 cost - That's it!
Transform Your Desktop Infrastructure With Virtualization
For a limited time, VMware is providing customers with a free VMware Virtual
Desktop Infrastructure (VDI) Starter Kit (an $1815 value) with a qualifying
VI3 purchase. The VMware VDI Starter Kit contains everything you need for a
serverbased virtual desktop computing solution for ten virtual desktops,
including VMware ESX Server, VirtualCenter and the new Virtual Desktop Manager
2 for desktop connection brokering.
This is a promotion for VMware customers to receive the opportunity to try
a small deployment of Virtual Desktop Infrastructure (VDI), in the format of
a VDI Starter Kit, free of charge, (subject to the terms and conditions).
A year of VMware Gold Support and Subscription will also be included with
the free VDI Starter Kit. The total commercial list price value of the VDI
Starter Kit is $1500, plus $315 for VMware Gold Support and Subscription
for one year. Ask your VMware Reseller for more.
Check Out The Next Batch Of Multi Platform Holes
SNSI uses the latest Mitre Common Vulnerabilities and Exposures (CVE) list
of computer incidents. It also contains the latest SANS/FBI top 20
vulnerability list. SNSI also uses the latest CERT, CIAC Microsoft and
FedCIRC (Department of Homeland Security) advisories.
W1978 BitTorrent and uTorrent client string handling vulnerability
W2568 Cisco WCS Tomcat mod_jk.so Vulnerability
W3259 Adobe Connect Enterprise non secure SWF content generation vulnerability
W3260 Adobe Dreamweaver / Contribute non secure SWF content generation
W3261 Citrix IMA service vulnerability
W3262 Lotus Samename Client Vulnerability
W3263 Aurigma/FaceBook/MySpace image load ActiveX Vulnerabilities
W3264 Yahoo! Music Engine / Jukebox parameter handing vulnerabilities
S0544 ImageMagick file metacharacter handling Vulnerabilities - Solaris 9-10
S0545 Java JRE 1.6.0 (6.0) XML parsing vulnerability - Solaris
N0076 CUCM Certificate Trust List flaw - ICS MCS
L0403 Exiv2 exif.cpp EXIF crafting error - SuSE
L0404 Tetex dvips and dviljk errors - SuSE
L0405 Libsndfile FLAC crafted PCM error - SuSE
L0407 ClamAV multiple code errors - SuSE
L0409 Tog-pegasus CIM server PAM authentication errror - SuSE
L0410 Xine-lib rmff_dump_cont SDP error - SuSE
L0411 Libxml2 invalid UTF-8 xml CurrentChar error - SuSE
L0412 QT4 SSL verification flaw - SuSE
L0413 KRB5 multiple access vulnerabilities - SuSE
L0414 OpenAFS callback race condition error - SuSE
L0415 Apache Derby DropSchemaNode flaw - SuSE
L0416 Thunderbird crafted HTML memory corruption - SuSE
L0417 ISC BIND inet_network off-by-one error - FC
L0418 Pulseaudio pa_drop_root return value flaw - FC
L0419 ICU Group zero backreference and doInterval errors - FC
L0425 ICU Group zero backreference and doInterval errors - RHE
Sunbelt Network Security Inspector version 220.127.116.11 was released Feb 7, 2008).
Sunbelt Software recommends you download the new SNSI version 18.104.22.168, scan,
and patch your machines today. To get the latest SNSI version, visit:
L0234 CUPS SNMP backend string function flaw - SuSE
L0270 Wireshark multiiple vulnerabilities - RHE
L0396 Xine-lib rmff_dump_cont SDP error - FC
L1638 Xorg-X11 X-Font server and composite vulnerabilities - SuSE
L1639 PHP4 PHP5 Multiple Vulnerabilities - SuSE
L1667 Libexif EXIF image recursion & EXIF tag errors - SuSE
W1982 P2P Software Detected - files
W2618 VideoLAN VLC player multiple vulnerabilities
W1142, W1986, W1999, W2067 Anti-Virus Signatures
W3152 Firefox jar URI, cross-site request forgery vulnerabilities
W3256 Oracle E-Business Suite Vulnerabilities (Jan. 2008)
W2280 Excel 2000 Parameter Vulnerability
W2281 Excel 2002 Parameter Vulnerability
W2203 Outlook Express E-mail Header Vulnerability
H0065 X Font Server Vulnerability - HP-UX 10,11
||WServerNews - Product of the Week
What Makes myPassword(r) Different?
The most powerful password management solution combining myPassword(r) and
rDirectory. It solves two of the most common problems in self-service password
management: Getting users to fill out their Password Reset Profile; Securing
the issuance of new passwords by end users or the help desk.
And, the benefits to you are:
- Reduces helpdesk calls and enhance end-user productivity
- Lose the redundancy and duplication of effort; immediate ROI
- Reduce costs by eliminating the leading source of all help desk calls
- Reduce burnout from highly repetitive, tedious support calls related to
password reset and user authentication.
- Reallocate IT resources to provide better service to users who have complex,