MY PROFILE | PRIVACY 
Vol. 15, #15 - Apr 2, 2010 - Issue #773
Why You Want This Out-of-Band Emergency IE Patch

This issue of WServerNews is sponsored by
  1. Editor's Corner
    • Why You Want This Out-of-Band Emergency IE Patch
    • Quotes Of The Week
  2. Admin Toolbox
    • Admin Tools We Think You Shouldn't Be Without
  3. Webinars & Seminars
    • Introducing VIPRE Enterprise Premium, Version 4.0 - 4/6
    • Affordable, Enterprise Email Archiving - 4/13
    • VIPRE Enterprise Premium Product Demonstration - 4/20
    • VIPRE Email Security for Exchange Product Demonstration - 4/27
  4. Tech Briefing
    • Support A Lot Of Road Warriors?
    • Microsoft Research TechFest 2010: NUI And The Cloud Dominate
    • Do You Know Your Tech Acronyms?
    • Apple Delivers 92 Fixes In Record Security Update
    • Got A Power Smart Meter? They Can Be Hacked
    • InfoWorld Review: Intel Xeon Nehalem-EX Lives Large
    • Microsoft Runs Fuzzing Botnet, Finds 1,800 Office Bugs
  5. Windows Server News
    • Can Windows Server 2008 R2 Save You Money?
    • New MS Exchange Server Migration Tool For Google Apps Cloud Hosting
    • 7 Performance Tips For Faster SQL Server Queries
    • Assessing Your IT Infrastructure For Desktop Virtualization
  6. Third Party News
    • VIPRE For Exchange Version 3.1 Released - What's New?
  7. WServerNews Fave Links
    • This Week's Links We Like. Tips, Hints And Fun Stuff.
  8. WServerNews - Product of the Week
    • Namescape's web-based, self-service password reset solution
Namescape's web-based, self-service password reset solution

myPassword is a simple yet powerful, self-service password reset solution that enables users to reset forgotten passwords and unlock their accounts. Namescape has just released version 2.5.3 which supports password history on self-service password resets. Administrators continue to set the number of passwords that must be retained before one can be re-used, but are no longer required to manually enforce password history. Users can securely reset their own passwords after answering custom, predefined questions and myPassword automatically enforces password history.
http://www.wservernews.com/100405-myPassword

Editor's Corner

Why You Want This Out-of-Band Emergency IE Patch

Let's talk about patching for a moment. You need to do it obviously, and always TEST, TEST, TEST to see if patches do not break existing apps. But patching all by itself isn't going to do the trick. You also need to have a few other things in place, beginning with configuration management and moving to end point security that encompasses both and IDS and HIPS, and throw some white listing in there if you can. These together could be considered best practice as per SANS.

So, Redmond released an emergency out-of-band patch, MS10-018, to address vulnerabilities in IE 6 and 7. The hole does not impact IE8, but there is a gotcha you may not be aware of. To start with, if you are running anything other than IE8, speed up your testing and patching schedule, and do it as soon as you can. And here is a small gotcha, you should apply this update even if you do not run IE. Why? Windows and other 3rd party apps may use some parts of IE, for instance to display web pages. Outlook does that if configured that way.

MS took the unusual step of releasing the emergency bulletin in response to a hole in the iepeers.dll library and decided that "an out-of-band release was needed to protect customers". The bulletin also contain fixes for nine other vulnerabilities which Microsoft had originally planned to release 13 April. Another direction to go might be Chrome. It was the last man standing in the recent hacking contest, and they are finally adding Flash (warts and all) to Chrome, so that it will run those zillions of Flash sites out there. Here is the MS bulletin:
http://www.wservernews.com/100405-Security-Bulletin


Quotes Of The Week

"There is only one boss. The customer. And he can fire everybody in the company from the chairman on down, simply by spending his money somewhere else." -- Sam Walton




Warm regards, and thank you for being a WServerNews subscriber. No trees were killed in the sending of this message, but a large number of electrons were terribly inconvenienced. Please tell your friends about us. They can subscribe here:
http://www.wservernews.com/100405-Subscribe

PS: Did you know this newsletter has a sister publication for XP users called WXPnews? You can subscribe here, and tell your friends:
http://www.wservernews.com/100405-WXPNews

PPS: And now we have our new Win7News! You can subscribe here, and tell your friends:
http://www.wservernews.com/100405-Win7News

Hope you enjoy this issue of WServerNews! Warm regards, Stu Sjouwerman  |   Email me: [email protected]

Why Choose On-Box Email Security For Exchange?

Tight integration with Exchange has some major benefits. Here is just one example: How are you going to filter and alert on inappropriate email from one internal user to another? How are you going to allow/block attachments internally? VIPRE for Exchange was just VBSpam Certified in its first Virus Bulletin Test, and helps you fighting spam, viruses and bad attachments. Very low cost per user, save 50% budget. Runs in thousands of production sites world-wide. Multiple engines for antispam and antivirus. Flexible policy-based SMART attachment filtering. Test it free for 30 days:
http://www.wservernews.com/100405-VIPRE-Email-Security


Admin Toolbox

Admin Tools We Think You Shouldn't Be Without

Ensure 24/7 service with joBot, AD Robot. Automated email alerts mean you spend less time tracking AD objects and more time on critical IT tasks:
http://www.wservernews.com/100405-joBot

Extend Active Directory to your UNIX, Linux, Mac, web and database platforms. Free authentication guide:
http://www.wservernews.com/100405-Centrify

Download an exclusive free eBook, Essentials of Effective File Security by Greg Shields, and a free 30-day trial of Security Explorer from ScriptLogic:
http://www.wservernews.com/100405-Security-Explorer

Exchange 2010 Large Mailbox Vision Whitepaper discusses how Exchange 2010 enables you to give users large mailboxes without breaking your budget:
http://www.wservernews.com/100405-Large-Mailbox


Webinars & Seminars

Introducing VIPRE Enterprise Premium, Version 4.0 - 4/6

Be among the first to see Sunbelt's new VIPRE Enterprise Premium Version 4.0 - powerful, high-performance endpoint malware protection. The new premium version combines antivirus, antispyware, and now client firewall and malicious website filtering technologies, into a single agent to protect against the ever-changing wave of malware in the most comprehensive, highly efficient manner. Join us to hear how our approach to malware protection is different.

We translated our years of experience in detecting and remediating sophisticated malware into the next-generation endpoint protection technology, VIPRE - without building on older generation AV engines or other sourced technology components. VIPRE is fast, efficient technology in a single, powerful threat engine with low impact on system resources. Tuesday, April 6, 2010, 2:00pm - 3:00pm EDT
http://www.wservernews.com/100405-VIPRE-Premium


Affordable, Enterprise Email Archiving - 4/13

Exchange performance is suffering. Your users complain about email storage and don't want any quotas. Your CEO requires legal compliance. Want a high-end, feature-rich, admin-friendly product that solves all these issues at a very affordable price? Then don't miss this Sunbelt Exchange Archiver webinar. Tuesday, April 13, 2010, 2:00pm -3:00pm EDT
http://www.wservernews.com/100405-Email-Archiving


VIPRE Enterprise Premium Product Demonstration - 4/20

Join us for a look at Sunbelt's new VIPRE Enterprise Premium Version 4.0, powerful, high-performance endpoint malware protection. Be among the first to see the new version, which combines antivirus, antispyware and now firewall into a single agent. Plus take a deep dive into other new features including scalable multi-site tiering and role-based access control. Tuesday, April 20, 2010, 11:00am - 11:30am EDT
http://www.wservernews.com/100405-VIPRE-Demo


VIPRE Email Security for Exchange Product Demonstration - 4/27

Securing your Exchange Server is key to protecting your enterprise environment from spam, viruses, phishing, and other messaging threats. In this product demonstration, learn how the new version of VIPRE Email Security for Exchange (formerly Ninja Email Security) can help protect your network and cut your Exchange admin time in half with this powerful, policy-based email security product. Tuesday, April 27, 2010, 2:00pm - 2:30pm EDT
http://www.wservernews.com/100405-VIPREEmailSecurity


Tech Briefing

Support A Lot Of Road Warriors?

InfoWorld has a great article titled "Doubleplus ungood! Big Brother's designs on mobile" that summarizes the current state of the mobile market, and dissects all the hype and promises into a good, clear and concise article that will help you dispel the 4G myths and carrier hype out there. I have liked InfoWorld since 1981 when I started reading it in tabloid format. (Yes, I have been in IT for 30 years). Recommended:
http://www.wservernews.com/100405-Doubleplus


Microsoft Research TechFest 2010: NUI And The Cloud Dominate

Microsoft Research's TechFest is essentially a glimpse into a Microsoft future. It's an annual showcase of the various technologies that the company's researchers have been working on. The 2010 event that took place earlier this month featured a few prototypes that we've already seen before, but there were also many that have only just started to emerge out of Microsoft's research labs around the world, including labs in China, India, the UK, and the US: Interesting page at arstechnica:
http://www.wservernews.com/100405-TechFest-2010


Do You Know Your Tech Acronyms?

Reading IT writing can be like staring at a bowl of alphabet soup: letters thrown together in all sorts of seemingly nonsensical combinations. IT's love of acronyms and abbreviations is the biggest contributor to the alphabet soup model.

And sometimes we get so familiar with acronyms that we forget what they actually stand for. You may keep up with programming languages or networking protocols both old and new, but how well do you keep up with the jargon? Let InfoWorld put you to the test. I tried and got 7 out of 10:
http://www.wservernews.com/100405-IQ-Test


Apple Delivers 92 Fixes In Record Security Update

Apple this week patched 92 vulnerabilities, a third of them critical, in a record update to its Leopard and Snow Leopard operating systems:
http://www.wservernews.com/100405-Monster-Security-Update


Got A Power Smart Meter? They Can Be Hacked

The SANS NewsBites Security Bulletin of 26th March 2010 reported that a security researcher, Joshua Wright of InGuardians, has identified a number of security vulnerabilities with the smart meters a number of US utilities are rolling out to their customers. The vulnerabilities, which could be exploited remotely via wireless technology or by physically tampering with the meter, include the ability to ramp up peoples' bills and to shut off their power. The research, which was commissioned by a three power utility companies, discovered vulnerabilities in all five of the makers of meters submitted for testing. So far eight million smart power meters have been installed within the United States with that number reaching 60 million by 2020.
http://www.wservernews.com/100405-Smart-Meters


InfoWorld Review: Intel Xeon Nehalem-EX Lives Large

Intel's new Nehalem-EX CPU for SMP servers brings eight cores, massive memory support, mainframe-like RAS features, and huge performance gains to large-scale workloads. In a range of tests, the new quad-core Xeon processor shows huuuuge performance gains and simply sizzles. Read More:
http://www.wservernews.com/100405-Nehalem-EX


Microsoft Runs Fuzzing Botnet, Finds 1,800 Office Bugs

Microsoft uncovered more than 1,800 bugs in Office 2010 by tapping into the unused computing horsepower of idling PCs, a company security engineer said:
http://www.wservernews.com/100405-Office-Bugs


Windows Server News

Can Windows Server 2008 R2 Save You Money?

IT professionals today must constantly look for ways to save money. This article examines how Windows Server 2008 R2 can enable your organization to realize significant cost savings through server consolidation, improved power consumption and reduced WAN bandwidth use: (Registration Required)
http://www.wservernews.com/100405-Server-2008-R2


New MS Exchange Server Migration Tool For Google Apps Cloud Hosting

Remember the time that Redmond was going aggressively after all Lotus Domino sites? Google is doing the same thing to MS now. What goes around comes around. Google announced a new migration tool for switching Exchange Server users to its Google Apps email/calendar cloud hosting service. It's in addition to the existing Outlook sync and Lotus Notes/Domino migration tools. In IT Blogwatch, bloggers exchange Exchange:
http://www.wservernews.com/100405-Migration-Tool


7 Performance Tips For Faster SQL Server Queries

It's easy to create database code that slows down query results or ties up the database unnecessarily -- unless you follow these tips. SQL developers on every platform are struggling, seemingly stuck in a DO WHILE loop that makes them repeat the same mistakes again and again. That's because the database field is still relatively immature. Sure, vendors are making some strides, but they continue to grapple with the bigger issues. Concurrency, resource management, space management, and speed still plague SQL developers whether they're coding on SQL Server, Oracle, DB2, Sybase, MySQL, or any other relational platform. Here is the story:
http://www.wservernews.com/100405-Performance-Tips


Assessing Your IT Infrastructure For Desktop Virtualization

If your IT infrastructure is not suited for desktop virtualization, performance and stability issues can be profound -- and potentially disastrous. Read this expert tip to learn how to assess if your infrastructure is compatible with the VDI model: (Registration Required)
http://www.wservernews.com/100405-IT-Infrastructure


Third Party News

VIPRE For Exchange Version 3.1 Released - What's New?

Lots and lots of improvements in this version. Here are some highlights from the long list:

For Exchange 2003:
  • Replaced Mail-Filters' Star engine with their newer SpamCure engine.
  • Upgraded to the latest Cloudmark Cartridge 3050.2
  • Improved performance of all regular expression and wildcard rules.
  • Changed how the Administrators group and NETWORK SERVICE account permissions are set to support non-English installations.
  • Changed Cloudmark setting to default to use more memory for better filtering. Users upgrading will not have their settings changed.
  • Added a header for redirected spam messages showing who the intended recipients were.
  • Added a setting for whether to treat a mismatched envelope sender and From header as spoofed.
  • If a users has a contact for himself (the same email address[es] as those assigned to his mailbox), those addresses are no longer treated as allowed.
  • Added a per-rule setting for Attachment Filtering that determines whether or not an allowed archive will be unpacked and the rules run against the contents.
Additional For Exchange 2007/2010:
  • Added support for Exchange 2010.
  • Added support for Edge Transport role.
  • Fixed a problem where messages spoofed as being from and to the same recipient could trigger the Antispam auto-allow function and add themselves to their personal allowed senders list.
  • Fixed a problem where Antispam regular expression rules would not match rules against the message body.
You can get the latest version here:
http://www.wservernews.com/100405-Email-Security


WServerNews Fave Links

This Week's Links We Like. Tips, Hints And Fun Stuff.



WServerNews - Product of the Week

Namescape's web-based, self-service password reset solution

myPassword is a simple yet powerful, self-service password reset solution that enables users to reset forgotten passwords and unlock their accounts. Namescape has just released version 2.5.3 which supports password history on self-service password resets. Administrators continue to set the number of passwords that must be retained before one can be re-used, but are no longer required to manually enforce password history. Users can securely reset their own passwords after answering custom, predefined questions and myPassword automatically enforces password history.
http://www.wservernews.com/100405-POTW-myPassword