Let the Panic begin?! (or maybe not…) [MS08-067]

Yesterday, Microsoft has released an out of band patch (in other words, not through
the standard cycle of releases,which means it’s really important and there is no time
to wait for the next cycle) for all Windows version. Such a release, obviously causes
concerns (as does everything that is not routine).

The patch is intended for all Windows versions, and it is supposed to plug a hole in
the Server service (specifically RPC) that might allow an attacker to run arbitrary code
under the system account (it also seems that the vulnerability is wormable).
Enter PANIC!!! (or maybe not)

First reason to lower the panic levels is that when stating that an attacker can do something we have to ask ourselves
whether the attacker is an anonymous attacker or an authenticated one (he difference
is obvious and major). In this case, older Windows version (2000, XP, 2003) are
vulnerable to an anonymous attack (thus the patch is critical).
Windows 2008 and Vista are only affected if the attacker is authenticated.

Second, security is a layered art. The vulnerability can only affect systems that do not
have firewalls that protect them. This statement sounds like a double edged sword:
on one hand you will obviously not have a firewall block the ports on a system that is
acting as a server(simply sharing a folder/printer),on the other hand how many personal computers that do not have
some type of firewall protection do you think are on the Internet today (a lot, but a lot
less since the days of Blaster).

Third reason to lower the panic levels is the fact that you are reading this. If your level
of awareness is high enough to pursue information on the subject it means that you
are security conscious and that you are protecting your computers and will apply
the patch. Security conscience has significantly grown which means that systems may
be hit, yet the damage (effect) will be significantly lower.


If you managed to bear with me, it’s time to go and patch:


Hyper-V experiences: Physical to Virtual

Hyper-V is cool. It’s simple to install and manage yet it has quite a few interesting quirks
that need to be worked out, an example of such a quirk is installing it on HP servers that
have teaming enabled:


An additional interesting point that is worth mentioning is that if you would like to manage
a Hyper-V server, and access the consoles of the guest operating systems, you should
do so by installing RSAT on your desktop or by working at the console of the Hyper-V
server itself. If you try connecting by using RDP, you will not be able to use your mouse
inside the guest OS.

A few weeks ago, I completed the migration of an old physical server to a virtual environment
(Hyper-V based on Windows 2008). The following is a distilled version of my experiences:

Before starting, I decided to test the process. I made the mistake of not using the exact same
hardware that the original system was built upon. Basically I installed Windows 2003, installed
a few applications, mapped a drive and shut down the test system. I took an image of the
test system, built a virtual machine and applied the image to it.

I took a snapshot after applying the image (if something goes wrong) and started the test
virtual machine. The system started without any major issues:

  1. The system had to be re-activated.
  2. Missing drivers.
  3. And (obviously), integration services had to be installed to enable access to the network.

Happy with the results, I was ready to proceed with the live system. I went through the same
process, yet when I started the virtual machine a blue screen welcomed me and the system
simply looped(restart,bluescreen a.k.a. happy happy joy joy).

At this stage, I started kicking myself for not using the exact same hardware for the test but
it was too late. Luckily I requested a large enough change window so having the production
system wasn’t a problem(yet).

There is a very useful post (actually step-by-step) for doing such a migration and avoiding
the blue screen but in my case it simply didn’t help…

After several unsuccessful attempts to manually fix the issue, I decided to reinstall the OS
over the current installation. I used a pre-SP2 CD to install the OS (later on this turned out
to be a mistake). The installation took quite some time yet when it was finished I was able to
boot into the guest OS with several problems:

  1. Activation-Since I had no networking I ended up calling the activation hotline (loved
    the voice activated system).
  2. Installing integration services- since I used a pre-SP OS to reinstall, Hyper-V would
    not install the integration services. I downloaded SP2, added it to a mounted
    hard drive and installed it…once done the integration services were installed.
    [Take a look at a similar yet different post on this issue.]

In summary, the process was relatively simple yet you have to know what to expect. I haven’t
tried it, yet I am sure that with Windows 2008 and Vista the process is simpler since they are
hardware independent yet my advice to you(specifically if you are looking at production systems):
test before you proceed!

Unboxing the Arc

I saw quite a few unboxings on the web,some where serious, while others
appealed to humor but there was always one common thing: I wanted to do one!!

Microsoft has released a new cool looking mouse which they simply call the Arc. The
mouse is intended for mobile users thus it is relatively small, allowing it to be portable, yet
due to it’s “cool” factor the small size is achieved by folding it, so in reality it is actually
a full sized mouse that is very comfortable for a portable mouse.

Enough babble,lets get to the unboxing:


IMG_0683 IMG_0688

The mouse comes in a relatively clean package that emphasize the name and the structure of the
mouse (note the “reflection” of the mouse beneath the real one).


IMG_0685 IMG_0686


When examining the side of the box you are provided with a photograph of the mouse when it’s folded
which gives you a general idea of it’s size. The back of the box is somewhat disappointing
(personally), the marketing-babble on the back(in several languages) clashes with the fact that this
mouse oozes of style. In my opinion this mouse’s selling point shouldn’t be it’s technical abilities but
it’s looks…so going on about how “cool” it is simply hurts it’s cool factor…

In contrast to the plastic boxes I am used to, this one opens relatively simply (I have no cuts on my hands),
and you remain with a piece of cardboard. Inside that cardboard you will find several booklets,a carrying
case(has a magnetic seal), a couple of batteries and the mouse (that is lodged into it by a piece of plastic-the
easy removal surprised me yet again).

IMG_0691 IMG_0692


The mouse itself feels very sleek, comfortable and sturdy for a small mouse. It has three buttons (two on
top and one near the right thumb) and a scrolling wheel. It uses wireless technology to connect to your system,
which means that you have to attach a dongle. The dongle isn’t the smallest I have encountered yet it is small
enough not to be obtrusive:

IMG_0698 IMG_0700

The dongle itself can be found on the underside of the mouse. It isn’t lodged into the mouse but it is drawn to it
by a small magnet that holds it in place (I guess violently shaking the mouse will release the dongle,but then again
a very cool feature):

IMG_0694 IMG_0695

And now to the moment we have been all waiting for, lets fold it:

IMG_0696 IMG_0697

IMG_0704 IMG_0703

An additional interesting thing I noticed about folding it is that once folded the mouse is turned off to conserve
battery power (something I usually forget to do…).

Arc and friends:

IMG_0706 IMG_0710


In summary, the mouse is very stylish and portable. It comes in black and red (I am waiting for the red one!)
and it provides the basic needs of a user on the move. For additional details, visit the official website.

Process Monitor 2 – Released!

If you ever had to troubleshoot a problematic system you have surely used
Process Monitor from Sysinternals (now Microsoft). If not,shame on you!

Process Monitor is basically Task Manager on steroids and so much more. A new
version of this tool has just been released,and according to the Sysinternals
blog it sports the following features:

“This major update to Process Monitor adds real-time TCP and UDP monitoring to its existing process, thread, DLL, file system and registry monitoring. You can now see the TCP and UDP activity processes performed, including the operation (e.g. connect, send, receive), local and remote IP addresses and DNS names, and operation transfer lengths. On Windows Vista, Process Monitor also collects thread stacks for network operations.”

Download it here.