Manage your WServerNews profileWServerNews privacy policy
WServerNews (formerly W2Knews)
Vol. 14, #17 - Apr 13, 2009 - Issue #722
April 14: Support Ends For Slew Of Service Packs

This issue of WServerNews is sponsored by
  1. Editors Corner
    • April 14: Support Ends For Slew Of Service Packs
    • Monster Patch Tuesday Next Week
    • Quotes Of The Week
  2. Webinars and Seminars
    • Why Small Business Should Think Outside The Endpoint Box
  3. Admin Toolbox
    • Admin Tools We Think You Shouldn't Be Without
  4. Tech Briefing
    • Top Free Tools For Windows Server Administration
    • The 10 Worst Microsoft Product Names of All Time
    • Laid-Off Microsoft Employees Profiled
    • Developing A Proof Of Concept Plan For Virtual Desktops
    • Tutorial: Understanding Microsoft Outlook 2007 Data File Usage
  5. Windows Server News
    • Run MS Office Communications Server 2007? VoIP Can Be Hacked!
  6. WServer Third Party News
    • Buy VIPRE Enterprise And Get the SNSI Special in Q2
  7. WServerNews Fave Links
    • This Week's Links We Like. Tips, Hints And Fun Stuff.
  8. WServerNews - Product of the Week
    • Track Users And Administrators On Your Exchange Servers
Track Users and Administrators on your Exchange Servers

ChangeAuditor for Exchange helps tighten enterprise-wide change and control policies by tracking user and administrator activity for user account and delivery restriction changes. With 24x7 real-time alerts, in-depth analysis and reporting capabilities, your Exchange infrastructure is protected from exposure to suspicious behavior or unauthorized access, and is always in compliance with corporate and government standards. ChangeAuditor tracks critical configuration changes to your Exchange environment then translates raw data into meaningful intelligent data to help safeguard security and compliance. Download a free 30-day trial of ChangeAuditor!
http://www.wservernews.com/090413-ChangeAuditor
<

Editors Corner

April 14: Support Ends For Slew Of Service Packs

Next Tuesday, Redmond no longer offer mainstream support for a bunch of Service Packs flavors, WinXP and W2K3 SP1 among them. They said they will continue to provide free security fixes for XP until 2014. Windows XP still accounts for about 63 percent of all Internet-connected computers, according to March 2009 statistics from Hitslink, while Windows Vista makes up about 24 percent. Here are the Hitslink market share numbers.
http://www.wservernews.com/090413-Market-Share

Support for WinXP Service Pack 2 is until July 13, 2010. Existing XP users are encouraged to upgrade to the latest Service Pack 3. More about this at the "Windows Service Pack Road Map" at Microsoft:
http://www.wservernews.com/090413-Road-Map

Following is (I think) a complete list of products and versions where the support will end on April 14, 2009, but I will add the link to Microsoft's official page at the end of the list, as it has hundreds more SKU's there:
  • Windows XP Professional x64 Edition Service Pack 0
  • Windows Server 2003 R2 Service Pack 0
  • Windows Server 2003 Service Pack 1
  • Windows Server 2003 R2 Datacenter Edition (32-Bit x86) Service Pack 0
  • Windows Server 2003 R2 Datacenter x64 Edition Service Pack 0
  • Windows Server 2003 R2 Enterprise Edition (32-Bit x86) Service Pack 0
  • Windows Server 2003 R2 Enterprise x64 Edition Service Pack 0
  • Windows Server 2003 R2 Standard Edition (32-bit x86) Service Pack 0
  • Windows Server 2003 R2 Standard x64 Edition Service Pack 0
  • Windows Server 2003, Datacenter Edition (32-bit x86) Service Pack 1
  • Windows Server 2003, Datacenter Edition for Itanium-Based Systems SP 1
  • Windows Server 2003, Datacenter x64 Edition Service Pack 0
  • Windows Server 2003, Enterprise Edition (32-bit x86) Service Pack 1
  • Windows Server 2003, Enterprise Edition for Itanium-based Systems SP 1
  • Windows Server 2003, Enterprise x64 Edition Service Pack 0
  • Windows Server 2003, Standard Edition (32-bit x86) Service Pack 1
  • Windows Server 2003, Standard x64 Edition Service Pack 0
  • Windows Server 2003, Web Edition Service Pack 1
  • System Center Essentials 2007 Service Pack 0
Here is the full list:
http://www.wservernews.com/090413-Lifecycle

However, just this week some news came up via a leaked HP memo that Microsoft might give XP a reprieve until April 2010. Here is the scoop in ComputerWorld:
http://www.wservernews.com/090413-Windows7-Upgrades


Monster Patch Tuesday Next Week

Redmond announced they will issue eight security updates on Tuesday, the most since October 2008, to patch problems in Windows, Internet Explorer, DirectX, Excel, Word and the company's security code. Five of the eight updates will be labeled "critical," Microsoft's highest ranking in its four-level threat system, while two will be pegged "important," the next rating down, and one marked "moderate." Here is the advance notification, better get ready testing:
http://www.wservernews.com/090413-Security-Bulletin


Quotes Of The Week

"The Constitution only gives people the right to pursue happiness. You have to catch it yourself." -- Benjamin Franklin

"Whatever is begun in anger ends in shame." -- Benjamin Franklin

Warm regards, and thank you for being a WServerNews subscriber. No trees were killed in the sending of this message, but a large number of electrons were terribly inconvenienced. Please tell your friends about us. They can subscribe here:
http://www.wservernews.com/090413-Subscribe

Hope you enjoy this issue of WServerNews! Warm regards, Stu Sjouwerman  |   Email me: [email protected]

Automated Uninstall of Symantec AV

No more 2-day SEP V11 Migration Classes! Sunbelt built VIPRE Enterprise; a completely new technology combining corporate antivirus plus an enterprise antispyware solution for total endpoint security designed by admins for admins. And that means EASY DEPLOYMENT. Save your IT budget and don't renew products from Symantec, McAfee and Trend Micro, Learn how VIPRE Enterprise takes much less resources than the competition! It's clearly time to ditch expensive, bloated, old-style AV products. Get your 30-day eval here:
http://www.wservernews.com/090413-VIPRE-Enterprise
<

Webinars and Seminars

Why Small Business Should Think Outside The Endpoint Box

Sunbelt Software Announces Live Webinar With Aberdeen Group: Why Small Businesses Should Think Outside the Box When Choosing Endpoint Security Solutions.

Sunbelt host a complimentary webinar in conjunction with The Aberdeen Group on Thursday, April 16th at 2 p.m. EDT entitled, "Why Small Businesses Should Think Outside the Box When Choosing Endpoint Security Solutions."

Featuring industry analyst Derek Brink, vice president and research fellow for IT Security at Aberdeen, and Alex Eckelberry, CEO of Sunbelt Software, this webinar will present fact-based research that underscores the idea that "bigger isn't necessarily better" for small enterprises when it comes to selecting an antivirus vendor to protect an organization's network.

An in-depth overview of research findings from Aberdeen's recent "Sector Insight" study will be discussed, including the selection criteria for endpoint security solutions that are valued most highly by small enterprises.

The selection and deployment of the right solution from a credible vendor is a key factor in whether a company's efforts are successful in protecting their IT infrastructure from new threats and vulnerabilities. For small enterprises, this means giving deliberate consideration to selecting the best endpoint security solution for their current problems, rather than unnecessarily taking on the complexities, higher costs, or negative performance impact from "traditional" antivirus vendors.

Brink and Eckelberry will explain why Sunbelt Software was cited by Aberdeen as an excellent example of a focused endpoint security solution vendor that offers big benefits to organizations seeking to prioritize endpoint security while optimizing limited resources. Additionally, a case-in-point customer example from HCSB, a Texas-based state banking association, will highlight how management and performance inefficiencies were eliminated by switching from a bloated endpoint security solution to Sunbelt's antivirus solution, VIPRE Enterprise. To attend this webinar, register at:
http://www.wservernews.com/090413-Endpoint-Security


Admin Toolbox

Admin Tools We Think You Shouldn't Be Without

Advanced IP Scanner is a free network tool that allows you to IP scan hundreds of computers in a network, superfast. Has a few really useful features. More:
http://www.wservernews.com/090413-Advanced-IP-Scanner

Win an all expense paid trip to Microsoft Tech-Ed 2009. Download any ScriptLogic product for a chance to win!
http://www.wservernews.com/090413-Tech-Ed

Simplify your life with mPowerTools - 100+ Reports - Tackle AD chores in bulk A Search & Replace Tool - you'll never script again & no 3rd party databases!
http://www.wservernews.com/090413-mPowerTools

Automatically fix links when you move or rename files! Patented technology lets you perform data migrations without broken links:
http://www.wservernews.com/090413-LinkFixerPlus


Tech Briefing

Top Free Tools For Windows Server Administration

The only thing better than a cool Windows administration tool is a free Windows administration tool. This article features a list of experts' favorite open source tools and freeware utilities for Windows server and network administration. Check out these top free tools and find out what they can do for you today.
http://www.wservernews.com/090413-Free-Tools


The 10 Worst Microsoft Product Names of All Time

Harry Mccracken at NetworkWorld wrote: If Microsoft had invented the iPod, it would have been called the Microsoft I-pod Pro 2005 Human Ear Professional Edition. The cult-hit video that makes that assertion may have been a joke, but it rings true. And when word emerged that the video was a self-parody produced within Microsoft, the point was even clearer: The world's largest software developer just isn't very good at naming stuff. There are some real doozies here: Read full story:
http://www.wservernews.com/090413-Product-Names


Laid-Off Microsoft Employees Profiled

The New York Times recently ran an article about the realities of being let go from Microsoft, a technology company not historically known for letting go of its own talent. In the past, those who left did so on their own or cashed out and retired comfortably. No more:
http://www.wservernews.com/090413-Employees-Profiled


Developing A Proof Of Concept Plan For Virtual Desktops

When designing your virtual desktop environment, proof of concept confirms that moving away from old methods for desktop deployment will save your company time and energy. Identifying your business's ultimate objective is the first -- and most critical -- aspect of a proof of concept (PoC) plan. Without fully understanding and clarifying your goals, tests will lack direction and lead to inconclusive results. Get expert advice and learn key considerations for planning and designing your virtual desktop environment in this tip. (Registration Required)
http://www.wservernews.com/090413-Proof-of-Concept


Tutorial: Understanding Microsoft Outlook 2007 Data File Usage

Microsoft Outlook 2007 stores various data files in several locations. Getting a handle on different data file uses and where they are stored in Microsoft Windows XP and Windows Vista can be difficult. This expert tutorial explains how to access your Windows profile and how to use data files to customize Outlook 2007. Plus get an overview of Outlook's Roaming and Local folders and which data files are stored in them and learn how profile redirection works in Vista.
http://www.wservernews.com/090413-Outlook2007


Windows Server News

Run MS Office Communications Server 2007? VoIP Can Be Hacked!

UCSniff 2.1 has been released, with several new features and enhancements: It's freeware that snoops on VOIP, and recent features and enhancements are:
  • Eavesdropping on Microsoft OCS IM conversations
  • Support for Avaya SIP eavesdropping (handles SIP re-invites properly)
  • Re-write of SIP code for enhanced logging and memory efficiency
  • Enhanced ARP spoofing with unicast arp requests and way, way more.
UCSniff was created as a Proof of Concept demonstration tool and a method of creating awareness around VoIP/UC threats. It can be used by VoIP/UC Administrators to test their own VoIP Infrastructure in a pilot before vulnerabilities are rolled into production. It can also be used by security professionals as a method of convincing IT decision makers that security best practices should be applied to VoIP/UC in the same way that they are applied to other TCP/IP based, client-server applications. Download it here:
http://www.wservernews.com/090413-UCSNIFF


WServer Third Party News

Buy VIPRE Enterprise And Get the SNSI Special in Q2

SNSI uses the latest Mitre Common Vulnerabilities and Exposures (CVE) list of computer incidents. It also contains the latest SANS/FBI top 20 vulnerability list. SNSI also uses the latest CERT, CIAC Microsoft and FedCIRC (Department of Homeland Security) advisories:
New Checks
L2242 IMP Turba2 Horde and Webmail validation errors - SuSE
L2243 Horde framework/Text_Filter & /Image.php errors - SuSE
L2244 Moodle XSS and other sensitive data disclosure errors - SuSE 
L2230 cURL arbitrary redirect location values flaw - SuSE
L2231 Libmikmod XM file load & channel count errors - SuSE
L2232 Apache httpd mod_proxy module errors - SuSE
L2233 OptiPNG BMP reader & GIFReadNextExtension errors - SuSE
L2234 PSI Jabber SOCKS5 option negative value flaw - SuSE
L2235 Java-1.6.0-sun multiple security vulnerabilities - SuSE
L2236 Gtk2 untrusted relative search path vulnerability - SuSE
L2237 Vim multiple security vulnerabilities - SuSE
L2238 Apache httpd mod_proxy module errors - SuSE
L2239 Opera JPEG plugins and other security flaws - SuSE 
L2240 Multipath-tools world-writable permission flaw - SuSE
L2241 LCMS ReadSetOfCurves & memory leak flaws - SuSE
L2245 GhostScript Icclib ICC profile validation errors - SuSE
L2246 D-Bus1 default "all calls" permission policy flaw - SuSE
L2247 ConsoleKit default "all calls" permission policy flaw - SuSE
L2248 PackageKit default "all calls" permission policy flaw - SuSE
L2249 PolicyKit default "all calls" permission policy flaw - SuSE 
L2250 BlueZ default "all calls" permission policy flaw - SuSE
L2251 Dbus-1-glib default "all calls" permission policy flaw - SuSE
L2252 Dbus-1-mono default "all calls" permission policy flaw - SuSE
L2253 Dbus-1-python default "all calls" permission policy flaw - SuSE
L2254 Dbus-1-qt3 default "all calls" permission policy flaw - SuSE
L2255 WMPomme & Gpomme default "all calls" permission policy flaw - SuSE
L2256 Hal default "all calls" permission policy flaw - SuSE
L2257 Powersave default "all calls" permission policy flaw - SuSE
M78 Mozilla SeaMonkey XSL Vulnerability - Mac OS X 
M140 Mozilla Firefox XSL and XUL Vulnerabilities - Mac OS X
N118 Session Initiation Protocol Vulnerability - IOS
N119 Secure Copy Vulnerability - IOS
N120 Mobile IP and IPv6 Vulnerabilities - IOS
N121 WebVPN and SSLVPN Vulnerabilities - IOS
S376 Java JRE 1.4 and 1.3.1 latest not installed - Solaris
S441 Java JRE 5 (1.5) latest not installed - Solaris
W2559 Firefox XSL^ XUL Vulnerabilities
W2874 Wireshark PCN dissector vulnerability
W2991 Java Runtime Environment 1.4 latest not installed - W2K/XP/W2K3
W2992 Java Runtime Environment 1.5 latest not installed - W2K/XP/W2K3/Vista
W3048 SeaMonkey XSLT Vulnerability  

Updated Checks W1142 Anti-virus Signature Outdated - McAfee W1986 Anti-virus Signature Outdated - Symantec W1999 Anti-virus Signature Outdated - Trend Micro W2067 Anti-virus Signature Outdated - F-Secure W2070 Anti-virus Signature Outdated - CA eTrust H106 SAM NFS Access Control Vulnerability - HP-UX 11 H122 Veritas 4.X/5.X Vulnerabilities - HP-UX 11 M76 ClamXav / ClamAV signatures not the latest - Mac OS X M80 Virex signature file out of date - Mac OS X S33 ClamAV signatures not updated - Solaris S167 Kerberos pam_krb5 Vulnerability - Solaris 8-10 S247 Kernel patches affect SMS and nanosleep functionality - Solaris 9-10 W2012 Anti-virus signature outdated - Avast! 4 W2013 Anti-virus signature outdated - AVG 8 - W2K/XP/W2K3
Sunbelt is running a special in Q2. Buy VIPRE Enterprise and a super special deal on SNSI. Ask your Reseller or Rep about this offer.

Sunbelt Network Security Inspector version 2.0.2670.0 Definition Set 171 was released April 3, 2009. Sunbelt Software recommends you download the new SNSI Vulnerability Update Definitions 171, scan, and patch your machines today. To get the latest SNSI version, visit:
http://www.wservernews.com/090413-SNSI


WServerNews Fave Links

This Week's Links We Like. Tips, Hints And Fun Stuff.



WServerNews - Product of the Week

Track Users And Administrators On Your Exchange Servers

ChangeAuditor for Exchange helps tighten enterprise-wide change and control policies by tracking user and administrator activity for user account and delivery restriction changes. With 24x7 real-time alerts, in-depth analysis and reporting capabilities, your Exchange infrastructure is protected from exposure to suspicious behavior or unauthorized access, and is always in compliance with corporate and government standards. ChangeAuditor tracks critical configuration changes to your Exchange environment then translates raw data into meaningful intelligent data to help safeguard security and compliance. Download a free 30-day trial of ChangeAuditor!
http://www.wservernews.com/090413--ChangeAuditor