jump to navigation

Microsoft Critical Product Vulnerability Alert July 30, 2009

Posted by Jim Locke in Alerts.
Tags: ,
1 comment so far

Glenn Osako, Microsoft’s Partner Territory Manager for the Western Region, has asked me to bring this Critical Vulnerability Alert to the attention of our members. Microsoft recommends that customers prepare their systems and networks to apply this security bulletin immediately to help ensure their computers are protected. Additionally, they recommend that partners patch their own systems and then reach out to their customers to ensure that their systems are secure.  Attached are details of the security advisory & guidance.

This alert is to provide you with an overview of the Microsoft Security Advisory 973882, released on Tuesday, July 28, 2009. This security advisory provides information about our ongoing investigation into vulnerabilities in the public and private versions of Microsoft’s Active Template Library (ATL). In the advisory, we provide information about what Microsoft is doing in its ongoing investigation into the issue described, and we also offer guidance to both developers and IT professionals.

  •  Guidance for Developers (bulletin MS09-035): The Microsoft ATL is used by software developers to create controls or components for the Windows platform. Microsoft strongly recommends that developers who have built controls or components with ATL take immediate action to evaluate their controls for exposure to a vulnerable condition and follow the guidance provided to create controls and components that are not vulnerable. For more information on the vulnerabilities and guidance to address issues in ATL, see MS09-035, “Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution.”
  • Guidance for IT Professionals (bulletin MS09-034): To help better protect customers while developers update their components and controls, Microsoft has developed a new defense-in-depth technology. This new defense-in-depth technology built into Internet Explorer helps to protect customers from future attacks using the Microsoft Active Template Library vulnerabilities described in this Advisory and Microsoft Security Bulletin MS09-035. IT professionals should first assess and prepare their own systems, then help their customers deploy the Internet Explorer Security Update offered in Microsoft Security Bulletin MS09-034, “Cumulative Security Update for Internet Explorer.”

Please see below for important resources and a bulletin summary.

 Key Resources

Full text of Security Advisory 973882 http://www.microsoft.com/technet/security/advisory/973882.mspx

 New Bulletin Summary

Bulletin ID  Maximum Severity Rating  Vulnerability Impact  Restart Requirement Affected Software
Visual Studio(MS09-035) Moderate Remote Code Execution Requires restart Microsoft Visual Studio .NET 2003,Microsoft Visual Studio 2005,

Microsoft Visual Studio 2008,

Microsoft Visual C++ 2005, and

Microsoft Visual C++ 2008

Internet Explorer(MS09-034) Critical Remote Code Execution Requires restart Internet Explorer on Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008

 

Regarding Information Consistency

We recommend that Microsoft partners use the Microsoft TechNet Security TechCenter as a key source of security information: http://technet.microsoft.com/security, and that you sign up for comprehensive alerts at http://www.microsoft.com/technet/security/bulletin/notify.mspx.  We strive to provide you with accurate information in static (this mail) and dynamic (Web-based) content. Microsoft’s security content posted to the Web is occasionally updated to reflect late-breaking information. If this results in an inconsistency between the information here and the information in Microsoft’s Web-based security content, the information in Microsoft’s Web-based security content is authoritative.

SMBTN/Microsoft SBS 2008 Build Day in Irvine, CA June 11, 2009

Posted by Jim Locke in Alerts, Events, SBS2008.
Tags: , ,
add a comment

Don’t miss the SMBTN/Microsoft SBS 2008 Build Day.  It’s in Irvine this Saturday, June 13th at the Quickstart facility. If you have not registered for this event but want to attend, you may signup here.

Here’s some further details.  Please read them all.

  1. Registration is at 8:30am ($25 cash onsite)
    1. We have 90 folks registered so please come early
    2. Muffins / Juice / etc will be provided for breakfast
    3. Presentation starts at 9:00am.
    4. No laptop/PC is required of you to bring
      1. The speakers/presentations will be using a central high-powered PC connected to 4 projectors across 2 rooms so everyone can view, learn and ask questions.
      2. You are welcome to bring a laptop loaded with VM if you desire (but not needed).  You can pre-download a trial of SBS 2008 or bring your Action Pack version in to follow along.  However we will be unable to troubleshoot your laptop unique problems.
        1. You though are welcome/encouraged to ask any questions.
        2. Lunch will be provided
        3. If you are sight-challenged, sit in the front of the room to better view the projector wall or you may watch within the room via LiveMeeting on your laptop.
        4. The day is schedule to end around 4:30pm.

 Here is the planned agenda:

Start

End

Topics

8:00 AM

  Doors open

8:30 AM

9:00 AM

Registration / Breakfast

9:00 AM

9:10 AM

Introductions

9:10 AM

9:20 AM

What is Small Business Server 2008?

9:20 AM

9:35 AM

Answering the Answer File

9:35 AM

9:50 AM

Hardware Requirements & Recommendations

9:50 AM

10:00 AM

Network Requirements & Changes from SBS 2003

10:00 AM

10:15 AM

Break

10:15 AM

10:45 AM

Edge Security for SBS 2008 – Amy Babinchak

10:45 AM

11:05 AM

Post Install Tasks & Wizards

11:05 AM

11:35 AM

Management Console

11:35 AM

11:45 AM

Creating Users

11:45 AM

12:00 PM

Computer Connect

12:00 PM

12:15 PM

Heroware

12:15 PM

1:15 PM

Lunch

1:15 PM

1:45 PM

Securing SBS/EBS Networks & Best IT Practices – Dana Epp – MVP

1:45 PM

2:00 PM

Backup – Is the built in tool enough?

2:00 PM

2:20 PM

Migration – What are my options?

2:20 PM

2:35 PM

Break

2:35 PM

3:05 PM

SBS 2008 Q&A – Susan Bradley – MVP

3:05 PM

3:35 PM

Virtualizing SBS

3:35 PM

3:40 PM

Netgear

3:40 PM

3:45 PM

Glen Osako (Microsoft)

3:45 PM

4:00 PM

Survey, Giveaways & Closing

 Location:         QuickStart Training Facility

                        16815 Von Karman Avenue, Suite 100

                        Irvine, CA 92606

                        (1/4 mile south of Tustin District – old Helicopter base)

                        NOTE: The building sets back about 200 ft from the road

Follow

Get every new post delivered to your Inbox.