MY PROFILE | PRIVACY 
Vol. 14, #32 - Aug 3, 2009 - Issue #737
SMS Exploit Revealed At Black Hat

This issue of WServerNews is sponsored by
  1. Editors Corner
    • SMS Exploit Revealed At Black Hat
    • Mark Minasi: "Win7 Is Essentially Vista V1.3"
    • Quote Of The Week
  2. Admin Toolbox
    • Admin Tools We Think You Shouldn't Be Without:
  3. Webinars
    • Ninja Email Security Product Demonstration - August 4
    • VIPRE Enterprise Product Demonstration - August 11
    • Sunbelt Exchange Archiver Product Demonstration - August 18
    • Kiss Your Antivirus Bloatware Goodbye: A Look at VIPRE Enterprise
  4. Tech Briefing
    • Intel Will Deploy Win7 On Employee Workstations
    • Unusual Out-of-band Patches
    • Small Companies Ditch In-House IT For Cloud
    • Volume Deals, Keeping Hyper-V At Bay Key To VMware's Prospects
    • Document Version Control Goes Deeper In SharePoint 2007
  5. Windows Server News
    • What's New In Hyper-V R2?
    • W2K8 R2's Remote Desktop Services Top New Features
    • How To Create A Mobile Hyper-V Cluster In Five Steps
  6. Third Party News
    • Sunbelt Announces New Malware Analysis CWSandbox V3.0 at Black Hat
    • SNSI Checks For Recent Out-of-band Vulnerabilities
  7. WServerNews Fave Links
    • This Week's Links We Like. Tips, Hints And Fun Stuff.
  8. WServerNews - Product of the Week
    • Centrally Rollout New Software, Upgrades & Ensure App Usability
Centrally Rollout New Software, Upgrades & Ensure Application Usability

Desktop Authority allows you to automate the software deployment process. Desktops will automatically install applications or upgrades from the closest deployment server.
  • Deploy MSI packages in minutes not hours
  • Target only users who need the application or patch
  • Update registry and permission settings to ensure updates are usable
  • Ensure roaming users automatically have the applications they need to be productive
ScriptLogic's Desktop Authority simplifies the deployment process and increases the ability for IT to selectively deploy applications.
http://www.wservernews.com/090803-Desktop-Authority


Editors Corner

SMS Exploit Revealed At Black Hat

All the noise is about the iPhone, but the same vulnerability exists on Windows Mobile and Palm Pre. It allows a PC to take over the device and use it for instance as a spambot. Not pretty. Some of the upset is with Apple not committing to get it fixed quickly, or staying mum about the whole thing. What is more interesting is the white paper on the SMS hole that the researchers released at Black Hat and the technical background. Here you go!
http://www.wservernews.com/090803-PDF

Also we announced a new version of our CWSandbox and a new Threat Track datafeed at Black Hat. If you are a Security Researcher and need to know what kind of (perhaps targeted) malware is trying to penetrate your organization, you need these tools. See the announcement in the third party section, as our sandbox is a powerful automated malware analysis tool. Check here:
http://www.wservernews.com/090803-Sunbelt-CWSandbox


Mark Minasi: "Win7 Is Essentially Vista V1.3"

I'm claiming Win7 is Vista SP2 (or SP3 if you will) and Mark thinks it's Vista V1.3. Who's right? Here's his perspective: "The good news is that Windows 7 does indeed seem to be a good OS that is an excellent candidate for an XP upgrade. (And understand that when I call it an "XP upgrade," I don't mean that literally, as Windows 7's Setup routine will not, believe it or not, let you do an in-place upgrade from XP to Windows 7.) The bad news is that Windows 7 is ... um ... essentially ... uh ... Windows Vista version 1.3. Let me expand on those points a bit and then explain some of why an OS that I've claimed to be essentially nothing more than Vista 1.3 might still be a good move or even a very good move for many.

"Microsoft built Windows 7 with non-Vista-buyers in mind. Their original plan back in 2007 was to release Vista as part of "Windows 6," (the collective term for Vista and Server 2008 - "Windows 5" was Windows 2000, XP and Server 2003). They then figured that they'd make big money from Vista, as it would temporarily sate the hunger of the throngs of Windows users starving for a new operating system after over five years' lack of anything new on the desktop operating front. That would let Microsoft spend the next four or five years developing something known in 2007 only as "Windows 7," yet another new-and-improved Windows to be released in 2011 or 2012. Instead, they seem to have completed something at least called Windows 7 much earlier, like May of 2009, when Windows 7 RC appeared. So what happened, how'd they get Windows 7 out so quickly?

"Well, if you ever find yourself at a Microsoft presentation about Windows 7, try to "listen between the lines," and you'll probably hear the same message between those lines, over and over. That message runs something like that "hey, we didn't really mean it, no, Vista was just a wee bit of a goof, we've fired everyone who even looked at Vista, we heard your feedback and so we've got this new Windows 7, why heck, the point of Windows 7 is to rinse the awful taste of Vista out of our customer's mouths."

"Windows 7, it seems, is to be perceived as a completely new operating system, "Windows done right" in response to customer feedback. Or, as one highly-placed Microsoft employee said recently, "we're throwing Vista under the bus." (He said it jokingly. Kind of.) Again, that should be all good insofar as Vista haters are concerned.

You should also understand, however, that to build Windows 7, Microsoft didn't throw away Vista and start afresh; instead, they just kept working on Vista, improving it in large and small ways. As far as I can see, not one major Windows component that first appeared in Vista was removed in the process of creating Windows 7, hence my characterization of it as Vista version 1.3." More at Mark's Blog, the section "Windows 7: To Adopt or Not To Adopt? (Part One)" here:
http://www.wservernews.com/090803-Windows-7

You can discuss this topic here at the WSN blog:
http://www.wservernews.com/090803-Discussion


Quote Of The Week

"If you make customers unhappy in the physical world, they might each tell 6 friends. If you make customers unhappy on the Internet, they can each tell 6000 friends." -- Jeff Bezos




Warm regards, and thank you for being a WServerNews subscriber. No trees were killed in the sending of this message, but a large number of electrons were terribly inconvenienced. Please tell your friends about us. They can subscribe here:
http://www.wservernews.com/090803-Subscribe

PS: Did you know this newsletter has a sister publication for XP users called WXPnews? You can subscribe here, and tell your friends:
http://www.wservernews.com/090803-WXPNews

PPS: And of course we also have our weekly VistaNews. You can subscribe here, and tell your friends too:
http://www.wservernews.com/090803-VistaNews

Hope you enjoy this issue of WServerNews! Warm regards, Stu Sjouwerman  |   Email me: [email protected]

Join The 1,000 Sites A Month That Switch To VIPRE Enterprise

No more 2-day SEP V11 Migration Classes! Sunbelt built VIPRE Enterprise; a completely new technology combining corporate antivirus plus an enterprise antispyware solution for total endpoint security designed by admins for admins. And that means EASY DEPLOYMENT. Save your IT budget and don't renew products from Symantec, McAfee and Trend Micro, Learn how VIPRE Enterprise takes much less resources than the competition! It's clearly time to kiss your antivirus bloatware goodbye! Competitive Upgrade price: $10/seat:
http://www.wservernews.com/090803-VIPRE-Enterprise


Admin Toolbox

Admin Tools We Think You Shouldn't Be Without:

Make it easy to track user access to your Windows file servers! ScriptLogic's File System Auditor: Free Trial!
http://www.wservernews.com/090803-File-System-Auditor

Simplify your life with mPowerTools - 100+ Reports - Tackle AD chores in bulk A Search & Replace Tool - you'll never script again & no 3rd party databases!
http://www.wservernews.com/090803-mPowerTools

Automatically fix links when you move or rename files! Patented technology lets you perform data migrations without broken links:
http://www.wservernews.com/090803-LinkFixerPlus

Tired of Doin Time? Free yourself, your time, your money and your staff today! Free download makes it possible with rDirectory Community Edition Today!
http://www.wservernews.com/090803-rDirectory



Webinars

Ninja Email Security Product Demonstration - August 4

Fight spam, viruses, trojans, phishing and other email security threats with Ninja Email Security for Exchange. Join us for a look at this 'all-in-one' integrated and policy-based email security solution and learn how Sunbelt Software can help protect your enterprise environment and cut your Exchange admin time in half. Tuesday, August 4, 2009, 2:00pm - 2:30pm EDT Can't make the live event? Register anyway to get the recorded version
http://www.wservernews.com/090803-Ninja-Demo


VIPRE Enterprise Product Demonstration - August 11

Want total malware protection without the bloat? Join us for a look at VIPRE Enterprise and learn how Sunbelt started with a blank slate to design a new, next-generation antivirus and antispyware technology to deal with today's complex malware in the most comprehensive, highly efficient manner. Tuesday, August 11, 2009, 2:00pm - 2:30pm EDT Can't make the live event? Register anyway to get the recorded version
http://www.wservernews.com/090803-VIPRE-Demo


Sunbelt Exchange Archiver Product Demonstration - August 18

Exchange performance is suffering. Your users complain about email storage and don't want any quotas. Your CEO requires legal compliance. Want a high-end, feature-rich, admin-friendly product that solves all these issues at a very affordable price? Then don't miss this Sunbelt Exchange Archiver demonstration. Tuesday, August 18, 2009, 2:00pm - 2:30pm EDT Can't make the live event? Register anyway to get the recorded version
http://www.wservernews.com/090803-SEA-Demo


Kiss Your Antivirus Bloatware Goodbye: A Look at VIPRE Enterprise

Want total malware protection without the bloat? Join us for a look at VIPRE Enterprise and learn how Sunbelt started with a blank slate to design a new, next-generation antivirus and antispyware technology to deal with today's complex malware in the most comprehensive, highly efficient manner. Can't make the live event? Register anyway to get the recorded version Tuesday, August 25, 2009, 2:00pm - 3:00pm EDT
http://www.wservernews.com/090803-Goodbye-Bloatware

<

Tech Briefing

Intel Will Deploy Win7 On Employee Workstations

According to The Register, Intel plans to deploy Win7 on its employee's machines. At a Technology Summit in San Francisco, when asked if Intel would wait until SP1 to deploy Win7, Intel's EVP and chief sales and marketing officer Sean Maloney said, "This time I think we'll go faster."

Good news for Redmond since Intel and many other companies skipped Vista. Intel's top salesman also sympathized with those who passed on Vista. "There was an excuse not to deploy Vista, because - rightly or wrongly - people said 'wait for service pack X' or 'we don't like the compatibility issues." And since Win7 really is Vista V1.3, they should feel pretty comfy now. More at the Register:
http://www.wservernews.com/090803-Win7-Finds-Home


Unusual Out-of-band Patches

Randy Smith commented: "In an unusual step Microsoft released 2 Out-of-Band patches to address additional Active Template Library vulnerabilities. Active Template Library is a coding tool frequently used by web developers to build COM based controls that run in Internet Explorer. For defense-in-depth layers at both the developer and end-user levels, Microsoft released patches for both Visual Studio (MS09-035) and Internet Explorer (MS09-034). While the vulnerabilities are not currently public or being exploited to our knowledge, I recommend accelerated deployment since Microsoft released them out-of-band."

Small Companies Ditch In-House IT For Cloud

Maturing hosted services and pay-as-you-go pricing are proving to be a strong draw for small and midsized businesses. They are cherry picking from a growing selection of cheap, instant-on services to replace in-house IT that either became too costly or didn't come up to par. Learn more of the perks of moving to the cloud in this news feature:
http://www.wservernews.com/090803-Cloud-Services


Volume Deals, Keeping Hyper-V At Bay Key To VMware's Prospects

Judging by the questions posed to VMware executives on the company's second-quarter earnings call last week, investors are asking the same thing as IT managers: With the release of vSphere 4, has VMware put enough distance between it and Microsoft's increasingly competitive Hyper-V to keep IT departments coming back for more? Check out this expert article to find out:
http://www.wservernews.com/090803-Hyper-V-vs-VMware


Document Version Control Goes Deeper In SharePoint 2007

One of the nice things about SharePoint document libraries is that they allow you to retain multiple versions of documents so that you can go back and review how a document has been modified over time. Although SharePoint Portal Server 2003 supported versioning, Microsoft Office SharePoint Server (MOSS) 2007 goes a step further- offering the ability to differentiate between major and minor versions of a document. This new feature can make tracking down changes in earlier versions of a document a lot easier, but it does bring new complexities to the table. Get an overview of MOSS key features in this expert tip:
http://www.wservernews.com/090803-Document-Control


Windows Server News

What's New In Hyper-V R2?

Last week MS announced the update and release of both Windows Server 2008 R2 and Microsoft Hyper-V Server 2008 R2 to manufacturing. The R2 update contains major functionality improvements to both products.

According to Crissy House, a product manager for Microsoft's Windows Server marketing group, OEMs will start to receive Windows Server 2008 R2 RTM on July 29. So, what's new in Hyper-V R2?
  1. Live Migration - This was what everyone wanted. One of the major differences between VMware's ESX Server and Hyper-V was VMware's vMotion capability. The old Hyper-V Quick Migration wasn't good enough. Live Migration is now added, and it's free. Along with Live Migration, you also get Processor Compatibility Mode, which lets you move a VM up and down multiple processor generations from the same vendor, giving you more flexibility in migrations.

  2. Networking - Hyper-V R2 adds support for both Jumbo Frame and TCP/IP Offload Engine (TOE) for 1Gb networks. And if you have a fast 10Gb network, Redmond included Chimney and Virtual Machine Queue (VMQ) support. This is cool as that allows Hyper-V to take advantage of network offloading technologies to free up CPU usage and speed up performance.

  3. More Multi Processor Support - Hyper-V R2 now scales up to run on systems with 64 logical processors. More over it can use the latest CPU enhancements such as AMD's Rapid Virtualization Indexing (RVI) and Intel's Extended Page Tables (EPT). Being able to use these, when they are present, gives Hyper-V R2 a performance boost. It now supports a whopping 384 1-way virtual machines. Another nice feature is called Core Parking. This helps with power consumption, as Core Parking allows Hyper-V to put a host's CPU to sleep if it isn't being used.

  4. Hot Swap Virtual Storage - Redmond added extra storage flexibility with hot swap virtual storage -- now you can add or remove storage while the VM is running without downtime, w00t! They also improved performance of storage, in some cases a 15x improvement, and reached about 87% of native throughput which is impressive if you look at the architecture overhead. Fixed or pre-allocated disks have even been improved to be on par with native disk performance. All in all, lots of very nice goodies!


W2K8 R2's Remote Desktop Services Top New Features

In terms of features and functionality, Windows Server 2008 raised the bar for Terminal Services. However, while the updated Terminal Services boosted RemoteApps, Web Access and Internet-grade security through TS Gateway, many considered it a diamond in the rough: The capabilities were available, but they contained individual quirks. In Windows Server 2008 R2, many of these idiosyncrasies are resolved, and the latest release also introduces an array of new features. This article highlights the most compelling developments in R2's Remote Desktop Services.
http://www.wservernews.com/090803-Remote-Desktop-Services


How To Create A Mobile Hyper-V Cluster In Five Steps

Presenters on the road can now run demonstrations of Microsoft's Hyper-V R2 virtualization platform alongside System Center Virtual Machine Manager (SCVMM). All you need are two laptops and these five steps:
http://www.wservernews.com/090803-Mobile-Hyper-V


Third Party News

Sunbelt Announces New Malware Analysis CWSandbox V3.0 at Black Hat

At Black Hat, Sunbelt released CWSandbox Version 3.0 and new Threat Track data feed. The CWSandbox enhancements allow security providers to automate bulk malware analysis; Exploit Feed adds to Threat Track portfolio

The new component to the Threat Track? data service provides customers with the industry's most accurate and up-to-date feeds, identifying and propagating to researchers the latest malicious URLs and malware. Both offerings rely on the world-class research efforts of SunbeltLabs?, the malware research and analysis division of Sunbelt Software.

CWSandbox is an automated behavior analysis tool that leverages unique technology for the automatic detection of malware. The forthcoming release of CWSandbox v3.0 will give researchers the ability to compare multiple analyses for differences and similarities, and allow them to send malware samples to multiple sandbox configurations and centrally manage the process.

Unlike other malware analysis tools on the market today, CWSandbox provides true automation and gives those on the front lines of cyber-defense the ability to analyze in bulk and save crucial time.

Security researchers will have the ability to compare simultaneously how malware operates in a variety of environments. By leveraging this sophisticated analysis, enterprises can put security best practices in place to account for how malware behaves differently on varied desktop configurations within their networks and proactively protect against targeted threats.

"Sunbelt has a long history of marrying its endpoint anti-malware tools with state-of-the-art threat research," said Chad Loeven, VP, business development for Sunbelt Software. "Cooperation and sharing of such research in the security community is essential for the timely protection of businesses, federal agencies and consumers against the rising tide of malware attacks. SunbeltLabs is continually improving its world-class research methods in order to lead the effort to keep the bad guys out."

To that end, Sunbelt introduces a new Exploit Feed, which is one of the vital data streams maintained by SunbeltLabs, and is now part of the Threat Track service. The Exploit Feed tracks URLs deemed to be malicious based on a set of behavior and code traits, and is updated continuously, identifying links to exploits before users can become infected. The URLs are passed through an array of "honeyclients" configured to detect any malicious activity.

Data captured by the Exploit Feed include files dropped by the URL, other URLs involved in the exploit process, code containing the actual exploit, and an XML behavior analysis report of the browser and all related malware processes. The Exploit Feed, in conjunction with the other feed components of Threat Track, is heterogeneous in nature and can be incorporated into cloud, gateway and desktop Web security solutions.

For more information on CWSandbox or Threat Track, please visit
http://www.wservernews.com/090803-CWSandbox
.

SNSI Checks For Recent Out-of-band Vulnerabilities

SNSI uses the latest Mitre Common Vulnerabilities and Exposures (CVE) list of computer incidents. It also contains the latest SANS/FBI top 20 vulnerability list. SNSI also uses the latest CERT, CIAC Microsoft and FedCIRC (Department of Homeland Security) advisories.

Note: This update does not introduce new vulnerability checks. Revisions have been applied to some of the Microsoft Out-of-Band vulnerability checks, as noted below.

Updated Checks
W3655	Visual Studio 2005 SP1 Active Template flaws - W2K/W2K3/W2K8/Vista/XP
W3657	Visual Studio 2008 Active Template flaws - W2K/W2K3/W2K8/Vista/XP	
W3658	Visual Studio 2008 SP1 Active Template flaws - W2K/W2K3/W2K8/Vista/XP
W3659	Visual C++ 2005 Active Template flaws - W2K/W2K3/W2K8/Vista/XP	
W3652	Internet Explorer Active Template flaws - W2K/W2K3/XP	
W3653	Internet Explorer Active Template flaws - W2K8/Vista	
Sunbelt Network Security Inspector version 2.0.2670.0 Definition Set 189 was released July 30, 2009. Sunbelt Software recommends you download the new SNSI Vulnerability Update Definitions 189, scan, and patch your machines today. To get the latest SNSI version, visit:
http://www.wservernews.com/090803-SNSI


WServerNews Fave Links

This Week's Links We Like. Tips, Hints And Fun Stuff.



WServerNews - Product of the Week

Centrally Rollout New Software, Upgrades & Ensure App Usability

Desktop Authority allows you to automate the software deployment process. Desktops will automatically install applications or upgrades from the closest deployment server.
  • Deploy MSI packages in minutes not hours
  • Target only users who need the application or patch
  • Update registry and permission settings to ensure updates are usable
  • Ensure roaming users automatically have the applications they need to be productive
ScriptLogic's Desktop Authority simplifies the deployment process and increases the ability for IT to selectively deploy applications.
http://www.wservernews.com/090803-DesktopAuthority