Update via MS Anti-Spyware.
MSAS >Help >About Microsoft Wondows AntiSpyware > click Diagnostic button.
Definitions Increment Version: 142/142
Definitions ThreatAuditThreatData: 1345263
Definitions ThreatAuditScanData: 2963894
Definitions DeterminationData: 745158
El grupo de producto de Exchange en su blog han sacado un articulo interesenta como mas informacion y especificaciones del porque la proxima version estarÃ¡ disponible solo en 64.
Esta noticia fue dada en el IT Forum de Barcelona.
Charly Dinapoli | MCSE 2003 Messaging | Microsoft Exchange MVP
SpyBot Definition File Update 30.12.05
Details of the added/improved protection:
+ Connect MFC Application ++ I-Dialer
+ HotsearchBar(2) + CoolWWWSearch.SearchAssistant(7) ++ KeywordHijacker + ShopAtHome + MaxSearch + CoolWWWSearch.Feat2Installer(5) + CoolWWWSearch.Service(5) + CoolWWWSearch.Feat2DLL(5) + CoolWWWSearch.Homesearch
+ SpyTrooper + SpyAxe ++ SpyGuard + Smitfraud-C. + DyFuCA.InternetOptimizer + ConsumerAlertSystem + ABetterInternet + WinFixer2005 + Adware.Webext + Pacimedia + Hyperlinker + SurfSideKick + AproposMedia + Command Service + Virtual Bouncer + BookedSpace ++ URL_Spy + E2Give + MediaMotor + Deskwizz
+ Targetsaver + PurityScan
++ EasyTool.ADTrojan ++ Poebot.FakeWindowsLogon ++ Formulario2006 ++ ChameleonSearch + Delfin Project
Total: 295828 fingerprints in 34384 rules for 1788 products.
NOTE: Choose the download mirror site closest to you!
If you receive error messages such as “bad checksum” it is due to heavy server traffic.
Wait until later or tomorrow to avoid disappointment.
Don’t forget to re-immunize SpyBot once the new definitions are applied!
Installation of the IE-Spyad list may disable some protections in SpyBot
S&D and SpywareBlaster.
Please check them and re-enable protections!
Microsoft has released a new webcast for E-mail Security in their web site.
This monthâ€™s live Security360 Webcast takes place Tuesday, Dec. 20. More details can be found at http://www.microsoft.com/events/series/mikenash.mspx.
Recently I installed Exchange 2003 SP2 on an SBS server that did NOT have SBS SP1 on it. After installing the Exchange service pack, remote users could not logon just using their username. They had to include the domain name as well — format: domainusername. I tried running the KB 832539 fix that came out after SBS SP1, but it would not run, saying it could not find Exchange 2003 SP1.
If you have a similar situation, here is the workaround that will allow a user to login to OWA by just using their username:
1. Start up IIS
2. Under the Default Web Site locate the Exchange virtual directory (the one labeled Exchange, not the ExchWeb one)
3. Right click on the Exchange virtual directory and click on Properties
4. Go to the Directory Security tab
5. Click EDIT in the Authentication and Access Control section
6. The default domain name field will currently contain a single slash:
7. Replace the single with the Netbios Domain name* of your SBS server and OK the changes
8. Then stop and restart the Default Web site
* If you are not sure of the Netbios domain name of your server, go to AD Users & Computers, then right click on your server name, and click Properties. Your Netbios domain name is listed in the Pre-Windows 2000 domain name field.
Microsoft Security Advisory (912840)
Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution.
Microsoft has released an updated security bulletin, MS06-001, for this. You can download the x64 version at: http://www.microsoft.com/downloads/details.aspx?familyid=3A1166E6-5E9E-4E73-BCD4-28ECA6ECE877&displaylang=en
Blog updated to reflect the released patch.
Updated: December 27, 2005
The Threats and Countermeasures guide provides you with a reference to all security settings that provide countermeasures for specific threats against current versions of the MicrosoftÂ® WindowsÂ® operating systems.
This guide is a companion to two other Microsoft publications: The Windows Server 2003 Security Guide, and the Windows XP Security Guide.
This is the last reading list of the year and probably the last post, so I would like to wish to all of my readers, a happy new year of 2k6.
- For Microsoft, Improvement is in the Exchange
- Dealing with Databases
- Exchange 12 Server roles
- Understanding Mailbox Enabled and Mail Enabled Recipients in Exchange 2003
- Introducing the Microsoft Exchange Server Profile Analyzer
- Large Security Tokens and Kernel Memory Exhaustion
- Exchange 12 and 64-bit
- Exchange Server 5.5 Rides into the Sunset (Exchange 2000 Server, Saddle Up!)
Got a Slashdot link today to a Builder article by Steve Turvey comparing databases for small companies. By the time I got to the paragraph that said: “SQL Server Express is one of two free databases we tested and is actually Microsoft’s replacement for its earlier free offering the Microsoft Desktop Engine (MSDE) which was based on the old Access technology. “, I was groaning. The MSDE is very close to Express, is a version of SQL Server 2000 and a long way from Access. That’s just nonsense.
It then goes on to mix up concepts of numbers of connected users vs numbers of users of a web site, etc. etc., totally ignoring concepts like connection pooling.
He then later draws the conclusion that “There is no denying that SQL Server Express is the weakest of the databases in this group” (without justifying why) and then goes on to talk about it being expensive to upgrade to standard edition (completely ignoring workgroup edition which is targeted at enterprises like the target of the article and ignoring Small Business Server premium edition which also would target this area). He also never even justifies this “expensive” claim, even though he then goes on to compare it with software that costs $39,000 odd. SQL Server Standard Edition sure doesn’t cost anything like that and Workgroup Edition owns the low-end (but not free) territory now.
The most common use of SQL Express is an embedded database with an application. Unlike MySQL which is endlessly described as free but isn’t really, Express really is free. MySQL is only free for companies pulling it down themselves for their own use. If it’s shipped with an app, the person writing the app is meant to license it. That isn’t free.
In the summary pane, Express is described using words like “limited” or “very limited” or “good features set” whereas MySQL is described with words like “brilliant” and as having a “very strong feature set”. I’d love to see the basis on which the feature set of Express could ever be described as “good” with MySQL described as much stronger. Not on the planet I live on. The feature set in Express is “stunning” compared to MySQL, on any rational assessment.
I love the comments like “While version 4.x of MySQL did not trap data input errors, for example alpha characters in a date field, and only issued “warnings”, version 5 now has a strict mode that rolls back the transaction if a violation is encountered.”. What a novel idea! I suppose we can ignore all the other nonsense like accepting the 31st February as a valid date, etc. I’m told that’s not a bug because they’ve documented how it works. And endless other examples at:
I’m also struggling with both of them being described as having a “very good user interface”. Sorry, but there’s no comparison whatsoever between the tools that come with MySQL and the cut-down version of SQL Server Management Studio for Express.
Steve then proceeds to compare Express to Oracle 10g, which costs over $19,000 AUD. Guess what? The Oracle version is superior. What a surprise. Why wasn’t this compared to a relevant SQL Server edition instead? My step-daughter’s Hyundai Getz isn’t much of a comparison to my neighbour’s latest BMW either but she’s never felt the need to compare them. And wasn’t the article meant to be comparing performance on 2 processor boxes? Doesn’t the Oracle license cost jump up to much higher figures (like over $30,000) because of the way they count “processors”?
In the DB2 section, he offers golden nuggets like “While DB2’s 512GB per table may appear a little small when compared with MySQL’s 64TB for example…” Again, on what planet is that an issue? The target comparison was for “a relatively small e-commerce company with less than 200 employees. The company sells DVDs and books over the Internet and will initially have around 1000 customers and an online inventory of 50,000 items.” Hard to imagine them blowing out a 512GB table here, well not in the near future at least…
And again in the DB2 section, poor old Express (free) is being compared to a database server that’s $8106 AUD per processor.
On the specifications page, there are just endless errors. Simple example: MySQL is listed as having FULLTEXT indexes and Express is listed without them. However, full-text indexing is supported on Express and it’s far superior.
Anyway, couldn’t just let this one go through to the keeper without comment.
Yesterday I read Anthony Mann’s book “The Rational Guide to SQL Reporting Services“. I quite enjoyed it. Although it’s brief, I like the short punchy style of this series of books. They just tell you the main things you need to know to get started with a topic and at a pretty low cost. The last Rational Guide I read was Roger Wolter’s Service Broker book, although it had more meat in it.
Anyway, Recommended if you want a short sharp introduction to SQL Reporting Services!
Le billet prÃ©cÃ©dent Ã©tant complÃ¨tement “dÃ©passÃ©”, j’ai prÃ©fÃ©rÃ© en recrÃ©er un nouveau…
La faille WMF/SHIMGVW.DLL fait maintenant l’objet d’un bulletin d’alerte Microsoft.
L’action recommandÃ©e est radicale : dÃ©-enregistrer la DLL coupable du systÃ¨me Ã l’aide de la commande suivante passÃ©e dans DÃ©marrer > ExÃ©cuter :
regsvr32 /u shimgvw.dll
Cette commande va produire des effets secondaires. Les plus notables sont l’arrÃªt du fonctionnement de l’aperÃ§u des images et tÃ©lÃ©copies, la perte de l’affichage des miniatures ainsi que la perte de la fonctionnalitÃ© “pellicule” dans les dossiers d’images.
La commande inverse est :
Evidemment, elle rÃ©active la faille en question et ne sera (peut-Ãªtre) Ã appliquer qu’une fois le patch sorti.
Pour les techniciens, des infos sont disponibles sur le blog de F-Secure.
Residenti US soltanto. La vostra card vi saraâ€™ spedita allâ€™inizio dellâ€™anno prossimo, data di lancio del programma.
Gli abbonati di 12 mesi ad Xbox LiveÂ® sulla Xbox originale o su Xbox 360 (con un abbonamento annuale o da dodici (12) mesi continui pagati) riceveranno una Card Xbox Live Diamond gratuita. La Xbox Live Diamond Card non eâ€™ trasferibile ed eâ€™ intesa per lâ€™utilizzo solo dalla persona identificata sulla card alla quale si eâ€™ originalmente inviata (“il socio”). I soci saranno eleggibili per ricevere offerte promozionali specifiche dei rivenditori partecipanti (“rivenditori di partecipazione”).Veda Xboxlivediamond.com per i rivenditori di partecipazione e le offerte. I soci devono presentare la card al rivenditore di partecipazione prima del check-out con un buono valido che si riferisce all’offerta oppure usare il codice di verifica fornito sul sito Web di Xboxlivediamond.com quando acquista online. Queste offerte sono soggette a cambiamento senza avviso. La Card Xbox Live Diamond sarÃ valida per un anno. I soci possono annullare o ritirarsi dal ricevere email, cliccando sul link nella parte inferiore dellâ€™email ricevuta o aggiornando le loro informazioni su Xbox.com.
US residents only. Your card will be mailed to you when the program launches early next year.
Xbox LiveÂ® 12-month subscribers on the original Xbox or Xbox 360 (either with an annual subscription or twelve (12) continuous months of paid subscription) will receive a free Xbox Live Diamond Card. The Xbox Live Diamond Card is nontransferable and only for use by the person identified on the Card to whom it was originally issued (the “Cardholder”). Cardholders will be eligible to receive specific promotional offers at participating retailers (“Participating Retailers”). See Xboxlivediamond.com for Participating Retailers and offers. Cardholders must present the card to the Participating Retailer prior to check-out along with a valid coupon referencing the offer or use the checkout code provided on the Xboxlivediamond.com website when shopping on-line. These offers are subject to change without notice. The Xbox Live Diamond Card will be valid for one year. Cardholders may cancel or “opt-out” of receiving email messages, by clicking on the unsubscribe link at the bottom of the email received or by updating their account information at Xbox.com.
MSRC posted a security advisory regarding a possible vulnerability affecting the Graphics Rendering Engine in Windows.
Microsoft Security Advisory (912840)
Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution.
Published: December 28, 2005
Microsoft is investigating new public reports of a possible vulnerability in Windows. Microsoft will continue to investigate the public reports to help provide additional guidance for customers.
Microsoft is aware of the public release of detailed exploit code that could allow an attacker to execute arbitrary code in the security context of the logged-on user, when such user is visiting a Web site that contains a specially crafted Windows Metafile (WMF) image. An attacker would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker’s Web site.