leedesmond’s blog

Affected by MS12-039 (Important) as described in “Vulnerabilities in Lync Could Allow Remote Code Execution (KB2707956)” are the following software:

• Microsoft Lync 2010 (download 32-bit , 64-bit); KB2693282
  [version  4.0.7577.4098]
• Microsoft Lync 2010 Attendee (download); KB2696031
  (admin level install)
  [version 4.0.7577.4098]
• Microsoft Lync 2010 Attendee (download); KB2693283
  (user level install)
  [version 4.0.7577.4098]
• Microsoft Lync 2010 Attendant (download 32-bit, 64-bit); KB2702444
  [version 4.0.7577.4098]

The security patch can be applied via Windows/Microsoft Update except for Microsoft Lync 2010 Attendee (user level install) which is available only from the Microsoft Download Center.

More Info

This security update resolves a total of 4 vulnerabilities in Microsoft Lync (one publicly disclosed and three privately reported). The most severe vulnerabilities could allow remote code execution if a user views shared content that contains specially crafted TrueType fonts.

The security update addresses the vulnerabilities by correcting how specially crafted True Type Font files are handled, correcting the manner in which Microsoft Lync loads external libraries, and modifying the way that SafeHTML function sanitizes HTML content.

Keywords: security, vulnerability, hole, remote code execution, patch, hotfix, update, rollup package, lync cumulative update, lync server, lync latest current version

Technorati tags: Microsoft Lync Server/Client /Lync Phone Edition / Lync Mobile, Microsoft Office 365 (Lync Online/Exchange Online)

No Comments »

Background:
Migration to Active Directory Certificate Services based on Windows Server 2008 R2 from Windows Server 2008 RTM or Windows Server 2003 SP2.

Problem statement:
Not able to install Certification Authority Web Enrollment role services in Active Directory Certificate Services, AD CS.

[Window Title]
Add Role Services

[Main Instruction]
Cannot install Certification Authority Web Enrollment.

[Content]
Active Directory Certificate Services setup failed with the following error:  The parameter is incorrect. 0×80070057 (WIN32: 87)

[OK]

Resolution:
Modify SetupStatus at HKLM\System\CurrentControlSet\Services\CertSvc\Configuration to 0×6001.

Thanks Rob for helping to sort this out!

Technorati tags: Security, Windows Server 2008 R2

No Comments »

- Microsoft Forefront Protection 2010 for Exchange Server Documentation (updated release from November 2009)

- Microsoft Forefront Server Security Management Console Documentation (RTM version)

- Update Rollup 3 for Exchange Server 2007 Service Pack 2 (KB979784 v8.2.247.2)

Technorati tags: Exchange, Forefront, Security

No Comments »

Users with supported versions of Internet Explorer on Windows 2000/2003/2008/R2*, Windows XP, Windows Vista and Windows 7 should check out the very important information described in the Security Bulletin MS10-002 (some had it name MS01-002).

Details and download of this cumulative security update is documented in KB978207. Alternatively, run a manual check, download and install the patch via Windows Update from Control Panel. As always, plan, test, (backup before) deployment of any security fixes on critical infrastructure should not be overlooked for any sizable deployments.

This out-of-band security update is rated critical**, supersedes MS09-072 and affects Internet Explorer version 5.01 through IE 8. Severe vulnerabilities in the browser could allow remote code execution if a user views a specially crafted Web page.

Some recommended best practices:

• activate host-based firewall
• running, up-to-date anti-malware / spyware / anti-virus application
• use an account that does not have local administrative rights for day-to-day tasks (browsing, email, etc.)
• refrain from visiting, opening or clicking links from suspicious sources
• enable Automatic Windows Update (see KB294871)
• scan and clean your machine to identify and remove malicious software
• subscribe and keep up to date with security bulletins

* Server Core editions not affected
** rated moderate for IE 6 on supported editions of Windows Server 2003 as of this writing

References:
- Microsoft Security Response Center blog
- TechNet: Security Bulletin Search
- Vulnerability in Internet Explorer could allow remote code execution (KB979352)
- Security update for Internet Explorer, January 2010
- Microsoft Security Bulletin Summary for January 2010

Technorati tags: Security

No Comments »

On many Microsoft download sites, it it likely that you have to use the Microsoft File Transfer Manager in order to transfer large files, typically over 2GB in size, with Internet Explorer. First time users will see the gold information bar prompting:

This website wants to install the following add-on: ‘Microsoft File Transfer Manager (Build 5.0.0.32)’ from ‘Microsoft Corporation’. If you trust the website and the add-on and want to install it, click here…

Clicking on the gold bar and selecting “Install This Add-on for All Users on This Computer…” will cause the User Account Control (UAC) security prompt to appear. Once you acknowledge it, you may encounter the error message:

—————————
VBScript: Microsoft File Transfer Manager
—————————
There was an error launching File Transfer Manager.

If you are running Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1, this installation may have been blocked.  If the gold IE Information Bar is present above, please click the bar and select the option to ‘Install ActiveX’.

For additional assistance, please visit the web site https://transfers.ds.microsoft.com, or contact your help provider.
—————————
OK
—————————

To resolve this, make sure that you are running the 32-bit version of Internet Explorer 8 and not the 64-bit Edition that is separately available as part of the Windows Seven or Windows Server 2008 R2 x64 operating system.

Technorati tags: Windows 7, Windows Server 2008 R2

No Comments »

Windows Server 2008 R2 has a revamped Windows Server Backup Feature that improves on the version delivered in RTM. In particular, it is now possible to run customized backup targeting volumes, files or folders. The Backup Once / “Custom” backup configuration enables backup in the following categories:

- Bare metal recovery
- System state
- individual files or folders on local drives

Unlike the good old NT Backup application, no network drives (UNC or networked mapped ones) is available for backup using the Custom option via the Wizard. You can define backup exclusions as well as VSS Settings - Volume Shadow Copy Service (VSS) full Backup or VSS copy Backup where the latter is the default.

As a backup destination, you have a choice of “Local drives” or “Remote shared folder”. Local drives include direct attached storage (DAS), externally attached disk, iSCSI Targets or optical media. You must explicitly exclude any of these volumes if they are selected as the backup destination; else:

—————————
Windows Server Backup
—————————
The selected volume is also included in the list of items to back up.

Do you want to exclude this volume from the backup items?
—————————
OK   Cancel
—————————

Only full volume recovery is supported if the backup destination is stored on a DVD i.e. restoration of individual files, folders or application data is not possible with Windows Server Backup.

On the other hand, if the destination type is “Remote shared folder”, you have to specify a UNC path pointing to an existing NT share, else:

—————————
Windows Server Backup
—————————
Windows Server Backup is unable to access the remote shared folder.
The backup destination specified by the remote shared folder does not exist.
—————————
OK
—————————

A new folder “WindowsImageBackup” will be automatically created on the remote shared folder to save the backup data. You can control access to the backup by choosing “Do not inherit” instead of the pre-selected “Inherit” access control option. The former will mark the backup with the credentials you need to specify when prompted by the Wizard.

If you start off with the “Full server (recommended)” backup option instead, your experience will be almost the same. The exception is that you are not asked to pick any files or folders as source for backup with the advanced option already set to VSS Copy Backup (not configurable in the GUI). The backup items automatically selected include bare metal recovery, system state and all local disk drives.

See also:
Windows Server Backup Overview (R2)
New Backup Features in Windows Server 2008 R2 (TechNet Edge)
Backup and Recovery

Technorati tags: Windows Server 2008 R2, Security

No Comments »

With seats filling up fast and barely one month left to register, do not miss out on the all new line up of speakers and in-depth content of the Cybercrime Security Forum 09.

This two day event from 8 to 9 Oct 2009 (Thu to Fri) is scheduled to take place at the Teknologisk Institut, Gregersensvej, 2630 Taastrup in Copenhagen, Denmark. Together with my good friend and colleague Andy Malone (Scotland), I shall be delivering a number of deep dive sessions with a series of live demonstrations.

Secure your booking by checking out the agenda and registration here or here today.

Cybercrime - Know your enemy
Hackers utilize a variety of resources in order to launch a cyber attack. In this discussion we will take a look at methodology used by these attackers. This session will demonstrate many of the free tools and resources that hackers utilize to find holes in your network.

You will walk out of this session able to use penetra­tion testing techniques used by the profes­sionals. By understanding these techniques this will help both administrators and IT professionals to secure their networks.

The session will feature the following topics and tools:
* Reconnaissance
* Scanning
* Gaining Access
* Maintaining Access
* Covering Tracks

Penetrating the Network
This session investigates how do hackers get their information. What are the techniques used. Which tools do I need? In this session we will discuss the following topics:
* Footprinting
* Port Scanning
* Enumeration
* System Hacking
* Keyloggers
* Trojan Horses
* ARP Spoofing
* DNS Spoofing
* Launching Exploits

The Invisible Network
Do you know that almost 80% of all wireless networks are secured with WEP encryption? In this deep dive session we take a look at the problems associated and more importantly how to overcome them.
* Bluetooth
* What are wireless LANs
* Wireless LAN threads
* Wardriving
* Wireless Tools
* Breaking Wireless Security

In this session we will demonstrate the fol­lowing tools and techniques as they apply to wireless networks:
* Sniffing for Bluetooth devices
* Net Stumbler
* Wireshark
* BackTrack
* Cain and Abel
* Breaking WEP
* Breaking WPA-PSK

Technorati tags: Security, Community/User Group, Events

No Comments »

If you are involved one way or another in the design, planning and deployment of Office Communications Server 2007 R2 / RTM, the topic on digital certificate may just be one of the most challenging aspects on top of your list.

Hot from the press, the white paper entitled “Deploying Certificates in Office Communications Server 2007 and Office Communications Server 2007 R2″ has just been released. You will find important background information, practical insights and operational guidelines for the various server roles (including IIS). This comprehensive document walks you through common scenarios to configure certificate properties and attributes correctly, troubleshooting tips, links to useful resources and a section on FAQ.

I am very excited to be one of the many contributing technical reviewers for this article as part of the MVP community. Go grab your copy today directly from this link here (or from the OCS 2007 R2 Documentation link here).

Technorati tags: LCS/OCS, OCS 2007 R2

No Comments »

You will find a number of welcome security enhancements in Windows 7 RC1. For the very first user account created during setup, it is automatically made a member of the built-in Administrators security group. This account will likely remain the primary account used daily by the majority of users. Normally, a standard user account belongs only to the Users group and this is the recommended account type to create and use on a regular basis.

By default, the User Account Control (UAC) settings is set to “Notify me only when programs try to make changes to my computer” for administrative accounts (”Always notify” for others). Together with other improvements in this space, it is no longer as intrusive or disruptive compared to its predecessors, notably Vista. The changes should make Windows 7 - an already attractive platform before its official release - your future choice for work or play.

Some security highlights using an administrative account* in Windows 7 RC1 include:

- default check against “Allow all users to install updates on this computer” under Windows Update enables exactly what it describes; you can now specify how Automatic Updates will behave (in standalone, non Active Directory Group Policy environment)

- run ipconfig /release, ipconfig /renew but not ipconfig /registerdns (these apply to a standard user as well); modifying network adapter settings such as TCP/IP properties via the GUI is no longer UAC blocked

- drag and drop to command-prompt is now possible again e.g. from Windows Explorer (valid for standard users too)

- view and modify date, time, time zone and Internet time synchronization** (”You do not have the proper privilege level to change the System Time” in XP)

- Event Viewer / Windows Logs / Security log is now accessible without UAC or access denied error

- Computer Management / Storage / Disk Management works without errors like “You do not have access rights to Logical Disk Manager on machine_name” in XP

- Device Manager / Update driver software is now possible without first elevating to an administrative account

- you can install an ActiveX control for all users of the machine in Internet Explorer 8 (IE8) shipped with Windows 7 RC1

* certain operations may also apply to the built-in Administrator account
** standard user can change time zone only

../more

See also:
Windows 7 Security Enhancements

Test system: Dell Latitude D600, Intel Pentium M 1.40GHz, 512MB RAM, Broadcom 570x Gigabit Integrated Controller, ATI Mobility Radeon 9000 AGP Mobile (32MB), Windows 7 Ultimate RC1 (x86, v6.1 build 7100)

Technorati tags: Windows 7 Client, Beta , Security

No Comments »

Today Wed 11 Mar 2009 has been coined the Swiss Security Day for the 4th year in the running. Take this opportunity to learn online 5 simple steps you can take - secure, protect, monitor, defense, (be) alert - to surf safely on the vast virtual landscape that goes by the name of World Wide Web (WWW).

Review common sense knowledge (that may not be so common to many) and must-have security applications/tools you can deploy to better protect your privacy, data and fend off malicious attacks that attempt to sneak in through the UTP or WiFi media.

More information here (German only). You can also opt to sign up for free security classroom training in the coming weeks in various cities around the country.

Technorati tags: Security, Community/User Group, Events

No Comments »