MY PROFILE | PRIVACY 
Vol. 15, #20 - May 10, 2010 - Issue #778
Security Firm Reveals Microsoft's 'silent' Patches

This issue of WServerNews is sponsored by
  1. Editor's Corner
    • Security Firm Reveals Microsoft's 'silent' Patches
    • Apple Consumer & Enterprise Survey (Yes, Apple !)
    • Quotes of the Week
  2. Admin Toolbox
    • Admin Tools We Think You Shouldn't Be Without
  3. Webinars & Seminars
    • Securing your Exchange Server with VIPRE Email Security - 5/11
    • Sunbelt Exchange Archiver Product Demonstration - 5/18
    • VIPRE Enterprise Premium Product Demonstration - 5/25
    • Quarterly Briefing Turn the Tables on the Bad Guys: Malware Unmasked.
  4. Tech Briefing
    • Redmond Goes Small For Next Week's Patch Tuesday
    • Just So You Know: WinXP SP 2 Support Expires 7/13/2010
    • Wi-Fi Key-Cracking Kits Sold In China Mean Free Internet
    • Understanding Security In The Cloud
  5. Windows Server News
    • SharePoint 2010 Is Polished, Refined, And Feature-Rich
    • Server Virtualization Security Best Practices Guide
    • Key Considerations For Hyper-V Virtual Machine Deployments
  6. Third Party News
    • Archiving For Exchange 2010
  7. WServerNews Fave Links
    • This Week's Links We Like. Tips, Hints And Fun Stuff.
  8. WServerNews - Product of the Week
    • Free Tool Suite From ScriptLogic - Integrated Network Tools Save You Time
Free Tool Suite From ScriptLogic - Integrated Network Tools Save You Time

Do you have a dozen network tools that only do one thing? The sl360 Tool Suite eliminates hassle by integrating more than a dozen different network tools like TFTP, Syslog Server and Ping. With an integrated dashboard, favorite tools and an encrypted credential store, you can switch from tool to tool during troubleshooting with minimal effort. Download this FREE product now.
http://www.wservernews.com/100510-sl360


Editor's Corner

Security Firm Reveals Microsoft's 'silent' Patches

Computerworld reported something interesting this week. Microsoft silently patched three vulnerabilities last month, two of them affecting enterprise mission-critical Exchange servers, without calling out the bugs in the accompanying advisories. Say Wha?

Two of the three unannounced vulnerabilities, and the most serious of the trio, were packaged with MS10-024, an update to Exchange and Windows SMTP Service that Microsoft issued April 13 and tagged as "important," its second-highest threat ranking. According to Ivan Arce, the chief technology officer of Core Security Technologies, Microsoft patched the bugs, but failed to disclose that it had done so.

"They're more important than the [two vulnerabilities] that Microsoft did disclose," said Arce. "That means [system] administrators may end up making the wrong decisions about applying the update. They need that information to assess the risk." Heck yes! This is a bit disconcerting, and I had not heard that this is going on. I'll keep my eyes peeled. More at:
http://www.wservernews.com/100510-Silent-Patches


Apple Consumer & Enterprise Survey (Yes, Apple !)

I just bought an iPad, and now read by Amazon Kindle books on this new device. WOW, what a difference. So here is a quick survey where you can win an iPad too:

Do you use Apple products as a consumer, as a professional at your workplace or for both personal and business? We want your opinion. Once again, Sunbelt Software and ITIC are partnering on a new Apple Consumer and Enterprise survey. The survey consists of multiple choice and one essay questions. It should only take you about five minutes to complete. All responses are kept confidential.

In honor of Apple's newest product, just for this survey we're giving away one (1) 16GB iPad to the survey respondent who gives us the most thoughtful and insightful essay comment. So spend five minutes and tell us what you think about Apple consumer and enterprise devices. Remember to leave both your Email address and your comments in order to be eligible to win any of the prizes, so we can contact you if you're a winner. We'll publish the Executive Summary and survey highlights in this newsletter within the next few weeks. Thanks so much in advance for your participation! Here's the link:
http://www.wservernews.com/100510-Survey
.


Quotes of the Week

"Nobody's a natural. You work hard to get good and then work to get better. It's hard to stay on top." -- Paul Coffey.

"Results! I have gotten a lot of results. I know several thousand things that won't work." -- Thomas Edison




Warm regards, and thank you for being a WServerNews subscriber. No trees were killed in the sending of this message, but a large number of electrons were terribly inconvenienced. Please tell your friends about us. They can subscribe here:
http://www.wservernews.com/100510-Subscribe

PS: Did you know this newsletter has a sister publication for XP users called WXPnews? You can subscribe here, and tell your friends:
http://www.wservernews.com/100510-WXPNews

PPS: And now we have our new Win7News! You can subscribe here, and tell your friends:
http://www.wservernews.com/100510-Win7News

Hope you enjoy this issue of WServerNews! Warm regards, Stu Sjouwerman  |   Email me: [email protected]

Don't Get Caught with Your Compliance Down

Know that feeling when you realize you forgot to do something really important? That's how you'll feel when your company is involved in legal proceedings, and you overlook something during the e-discovery. The consequences could be devastating. Judges are not amused with lost or destroyed evidence, and your organization could be fined millions of dollars. Worse, you could lose a court case that could otherwise be won. Avoid such a scenario with SEA. Sunbelt Exchange Archiver is affordable archiving for SME's. Ask for your quote here:
http://www.wservernews.com/100510-Sunbelt-Exchange-Archiver


Admin Toolbox

Admin Tools We Think You Shouldn't Be Without

Download a Free eBook on the Essentials of Planning and Managing your Network & get a Free 21-day trial of Perspective Network Management from ScriptLogic:
http://www.wservernews.com/100510-Perspective

Ensure 24/7 service with joBot, AD Robot. Automated email alerts mean you spend less time tracking AD objects and more time on critical IT tasks:
http://www.wservernews.com/100510-joBot


Webinars & Seminars

Securing your Exchange Server with VIPRE Email Security - 5/11

Tuesday, May 11, 2010, 2:00pm -3:00pm EDT

Securing your Exchange Server is key to protecting your enterprise environment from spam, viruses, phishing, and other messaging threats. In this webinar, learn how the new version of VIPRE Email Security for Exchange (formerly Ninja Email Security) can help protect your network and cut your Exchange admin time in half with this powerful, policy-based email security product.
http://www.wservernews.com/100510-VIPRE-Email-Security


Sunbelt Exchange Archiver Product Demonstration - 5/18

Tuesday, May 18, 2010, 2:00pm - 2:30pm EDT

Exchange performance is suffering. Your users complain about email storage and don't want any quotas. Your CEO requires legal compliance. Want a high-end, feature-rich, admin-friendly product that solves all these issues at a very affordable price? Then don't miss this Sunbelt Exchange Archiver demonstration.
http://www.wservernews.com/100510-Exchange-Archiver-Demo


VIPRE Enterprise Premium Product Demonstration - 5/25

Tuesday, May 25, 2010, 11:00am - 11:30am EDT

Join us for a look at Sunbelt's new VIPRE Enterprise Premium Version 4.0, powerful, high-performance endpoint malware protection. Be among the first to see the new version, which combines antivirus, antispyware and now firewall into a single agent. Plus take a deep dive into other new features including scalable multi-site tiering and role-based access control.
http://www.wservernews.com/100510-VIPRE-Enterprise-Premium


Quarterly Briefing Turn the Tables on the Bad Guys: Malware Unmasked.

Thursday, May 27, 2010, 2:00 PM - 3:00 PM EDT

The cyber threat landscape is constantly changing, and even with the most sophisticated security you're never completely protected from attacks. As part of our mission to 'keep the bad guys out', SunbeltLabs presents in this webinar how we use our own sandbox technology to keep a step ahead.

Sunbelt Software's Lead Security Analyst, Brian Jack and Malware Response Manager, Dodi Glenn will discuss the current threat landscape and dig deeper into some of the most dangerous and complicated threats out there. During this briefing we will focus on two different types of threats: malicious PDFs and rogue antivirus applications. Learn how to gain an edge when protecting your enterprise.

Whether you are dealing with spear phishing or mass attacks, join us to see how to deploy the right tools and learn how to quickly analyze and unmask malware. New threats require new technologies and techniques to protect yourself and your organization. Sign up now and turn the tables on the bad guys:

Reserve your Webinar seat now at:
http://www.wservernews.com/100510-Malware-Unmasked


Tech Briefing

Redmond Goes Small For Next Week's Patch Tuesday

They said they would patch two critical vulnerabilities with two updates to Windows and Office next week. It's the "off" month this time, it looks like they have developed a habit of alternating large- and small-sized updates. In April, the company issued 11 security updates that fixed a total of 25 flaws. This May, it's a lot less.
http://www.wservernews.com/100510-Security-Bulletin


Just So You Know: WinXP SP 2 Support Expires 7/13/2010

July 13, 2010 WinXP SP2 support will be retired. After this date, non Premier Support customers will not be able to receive any support from Redmond. They will no longer develop or distribute Hot Fix updates, or security updates. Microsoft may also refuse to support other apps that run within XP SP2 if the issue is related to the OS. Microsoft will also no longer develop drivers for the OS and it will be the responsibility of the hardware manufacturer to develop and distribute device drivers for WinXP SP2 OS. Customers running XP SP 2 after the 7/13/10 date who need further support will need to contact a Microsoft Certified Partner for paid support, or will need to use self-support options like the ones on this website:
http://www.wservernews.com/100510-Retired-Product-Support

To get complete details on Microsoft Product Lifecycle please visit
http://www.wservernews.com/100510-MS-Support

So, what to do? Well, install SP3 to start with. Otherwise, if that is not possible for some reason, look into skipping Vista and migrate to Win7 right away.

Wi-Fi Key-Cracking Kits Sold In China Mean Free Internet

IDG News reported that dodgy salesmen in China are making money from long-known weaknesses in a Wi-Fi encryption standard, by selling network key-cracking kits for the average user. Wi-Fi USB adapters bundled with a Linux OS, key-breaking software and a detailed instruction book are being sold online and at China's bustling electronics bazaars. The kits, pitched as a way for users to surf the Web for free, have drawn enough buyers and attention that one Chinese auction site had to ban their sale last year. With one of the "network-scrounging cards", a user with little technical knowledge can easily steal passwords to get online via Wi-Fi networks owned by other people. The kits are also cheap. A merchant in a Beijing bazaar sold one for US$24, a price that included setup help:
http://www.wservernews.com/100510-Wi-Fi-Key-Cracking


Understanding Security In The Cloud

A major concern for most enterprises considering cloud computing services is security in the cloud. Ensure a fully protected cloud computing environment by reading this exclusive article: (Registration Required)
http://www.wservernews.com/100510-Security-in-the-Cloud


Windows Server News

SharePoint 2010 Is Polished, Refined, And Feature-Rich

Peter Bruzzese at InfoWorld came up with a really good summary of the new SP2010. I thought you'd be interested.

"As I mentioned last week, I've been invited to spend a few days visiting various teams within Microsoft. One of the first teams I had the pleasure to meet with was the SharePoint Team. Well, I didn't get to meet the entire team (its members are no doubt quite busy), but Richard Riley, the group product manager, demonstrated various features that illustrated the business value of SharePoint 2010 quite well.

With SharePoint 2010, Microsoft steps further into the Internet space for collaboration. With previous versions, the enterprise was the focus. However, with SharePoint 2010 the goal has clearly broadened to encompass the Internet (or extranet) needs of a business. Microsoft has broken down the capability areas of SharePoint into six points: More:
http://www.wservernews.com/100510-SharePoint-2010


Server Virtualization Security Best Practices Guide

Server virtualization security should be a top priority for organizations maintaining a virtual environment. This expert article details best practices and the pros and cons of virtual environment protection:(Registration Required)
http://www.wservernews.com/100510-Virtualization-Security


Key Considerations For Hyper-V Virtual Machine Deployments

Microsoft Hyper-V holds the promise of consolidation and better utilization, but how do you know if certain servers belong on a Hyper-V host? Check out this article for key tips regarding Hyper-V virtual machine deployments: (Registration Required)
http://www.wservernews.com/100510-Hyper-V-Deployments


Third Party News

Archiving For Exchange 2010

Microsoft Corp. has taken steps with Exchange 2010 to make it less expensive to store Exchange data emails, even in high availability (HA) configurations. But experts say the cost really depends on what type of hardware setup you require for your email archives. One quote from this article:

"Another option is to use a third-party email archiving tool. These apps were initially designed to free up space on production servers and speed up backup times, but Ferris said they are substantially cheaper than using Exchange 2010's archiving with SAN storage. Another reason organizations might be hesitant to use Exchange's 2010 archiving feature is that it's not designed with e-discovery or compliance in mind. "If you are talking about real legal archiving, in the sense of being in harmony with regulations, this is not the ultimate solution," Bruzzese said. "This is an archive feature for mailboxes, it's not the best e-discovery feature. If you have a big-time legal requirement, then yeah, third-party."
http://www.wservernews.com/100510-Exchange2010-Archiving

Sunbelt Exchange Archiver is an excellent example that will get your organization fully legally compliant with email archiving
http://www.wservernews.com/100510-SunbeltExchangeArchiver


WServerNews Fave Links

This Week's Links We Like. Tips, Hints And Fun Stuff.



WServerNews - Product of the Week

Free Tool Suite From ScriptLogic - Integrated Network Tools Save You Time

Do you have a dozen network tools that only do one thing? The sl360 Tool Suite eliminates hassle by integrating more than a dozen different network tools like TFTP, Syslog Server and Ping. With an integrated dashboard, favorite tools and an encrypted credential store, you can switch from tool to tool during troubleshooting with minimal effort. Download this FREE product now.
http://www.wservernews.com/100510-POTW-sl360