Archive for December, 2011

Security vulnerability on Printer environments

Saturday, December 24th, 2011

Could a hacker from half-way around the planet control your printer and give it instructions so frantic that it could eventually catch fire? Or use a hijacked printer as a copy machine for criminals, making it easy to commit identity theft or even take control of entire networks that would otherwise be secure?

It’s not only possible, but likely, say researchers at Columbia University, who claim they’ve discovered a new class of computer security flaws that could impact millions of businesses, consumers, and even government agencies.

Some printer vendors acknowledged that the potential existed for a certain type of unauthorized access on certain printer models.

In the meantime some firmware updates available from some vendors for certain printer models, to close the security leak. But still many printers might be vulnerable against attackers conquer printer firmware and use printers for whatever intrusion or damage during business relevant high availability print job execution.

It is valid to cover print environments into current network designs and placing printers behind firewalls against core business systems.

And disable remote firmware upates for protection.

 

Microsoft Windows win32k.sys Memory Corruption Vulnerability

Friday, December 23rd, 2011

A vulnerability has been discovered in Microsoft Windows, which can be exploited by malicious people to potentially compromise a user’s system. The vulnerability is caused due to an error in win32k.sys and can be exploited to corrupt memory via e.g. a specially crafted web page containing an IFRAME with an overly large "height" attribute viewed using the Apple Safari browser or Internet Explorer.

Successful exploitation may allow execution of arbitrary code with kernel-mode privileges. The vulnerability is confirmed on a fully patched Windows 7 Professional 64-bit. Other versions may also be affected.

Microsoft is currently investigating and perhaps turn back soon with a hotfix or patch.

Stay tuned …

 

How to install TMG 2010 Service Pack on Branch Office Server

Wednesday, December 21st, 2011

When you try to install a service pack for Forefront TMG 2010 on a branch office server, it will fail, because the Firewall service needs to be stopped. When Firewall service has been stopped the connection to headquarter is not longer active. This will cause problems with access to Enterprise Management Server, configuration database and services.

Microsoft published a workaround in a new MSKB article

http://support.microsoft.com/kb/2648207

 

Windows 7 can play audio to only one port at a time

Monday, December 19th, 2011

A limitation of Microsoft Windows 7 is that audio data can only be sent to a single output source. If both the HDMI and Audio Out ports have devices connected to them, then Windows generally defaults to the HDMI port. As a result, sound cannot play through speakers connected to the Audio Out port while a device is also connected to the HDMI port.

Note: make sure your HDMI devices are on before you start your computer.

 

AMD Eyefinity multi-display and Windows 7

Friday, December 16th, 2011

When using AMD Eyefinity technology with multiple displays, and selecting a desktop resolution that exceeds 8k pixels in any dimension, currently there are some issues occuring.

This article published from AMD team explains how to troubleshoot and solve display issues with AMD Eyefinity with Windows 7.

http://support.amd.com/us/kbarticles/Pages/VeryhighresolutionswithAMDEyefinity.aspx

 

Monitoring NetApp SnapManager and SnapDrive with Microsoft SCOM

Thursday, December 8th, 2011

NetApp Reference Architect for Virtualization and Cloud Computing, Santhosh Rao, has published two very interesting articles how to monitor SnapManager and SnapDrive with Microsoft System Center Operation Manager.

You should read this

https://communities.netapp.com/community/netapp-blogs/msenviro/blog/2011/09/13/monitoring-snapmanagers-and-snapdrive-events-in-scom–part-1

https://communities.netapp.com/community/netapp-blogs/msenviro/blog/2011/12/08/monitoring-snapmanagers-and-snapdrive-events-in-scom–part-2

 

Exchange 2010 Hybrid Deployments

Thursday, December 8th, 2011

With Exchange 2010 SP2 you received the new Hybrid Configuration Wizard included as an enhancement of Exchange Management Console (EMC) and with additional cmdlets on Exchange Management Shell (EMS).

The new wizard will guide, verify and configure for you many former manual steps.

Read the articles on TechNet about Hybrid Deployments here

http://technet.microsoft.com/en-us/library/gg577584.aspx

 

What is new in Exchange 2010 Service Pack 2

Monday, December 5th, 2011

… read the article on TechNet here

http://technet.microsoft.com/en-us/library/hh529924.aspx

You will find some very useful features now implemented. Read carefully about Mailbox Replication Service, as it will support you now on your way to Office365 more seamless.

Also the Hybrid Configuration Manager will support you on local and Office365 Exchange Organizations.

For those who hosting Exchange 2010, now additional features available with SP2 which have been missing for long time. Follow the link for the Exchange 2010 SP2 hosting guidance document.

http://www.microsoft.com/download/en/details.aspx?id=28192

 

Exchange 2010 Service Pack 2 available

Monday, December 5th, 2011

You can download it from here

http://www.microsoft.com/download/en/details.aspx?id=28190

Exchange 2010 SP2 is a complete installation software pack, so for new Exchange installations, you can use it to start with from scratch.

Also when you use it for updating your current installations, be aware that you need Schema- and/or Organisaiton Administrator rights, because it contains a Schema update for your Active Directory.

And this Schema update needs to be execute in the domain where the Schema Master Role exist. So run setup /prepareAD not in the domain where you operate your Exchange Servers, it will not work. You need to go to the root domain, if there is the Schema Master or you have to move the Schema Master on to a domain controller in the domain where you operate your Exchange environment.

And remember that you should wait for replication across your AD after you’ve performed the Exchange 2010 SP2 Schema update.

During you’re waiting for replication, you can use the time to install the ‘IIS 6 WMI Compatibility’ feature. It is mandatory for your following Exchange 2010 SP2 installation, because of the new ‘Outlook Mini’ feature, which requires this feature on your CAS server roles.

Schedule

5 minutes for /prepareAD
15 minutes for replication (more if you have higher replication times set on your site links)
5 minutes for feature prerequisits
30 minutes for finishing SP2 setup per system

so you should be through with it within a hour for your first system and schedule 30 minutes for every following systems …

Reboot after SP2 installation should not be necessary.

And think about to disable Anti Virus Scanning on the box you’re going to perform Exchange 2010 SP2 Setup for upgrade.

Read the prerequisits before starting your installation

http://technet.microsoft.com/en-us/library/bb691354.aspx

 

AMD Catalyst Windows 8 Preview Driver Release

Friday, December 2nd, 2011

Follow the link, this article provides information on the AMD/ATI Catalyst Windows 8 Preview Driver.

http://support.amd.com/us/kbarticles/Pages/Windows8PreviewDriver.aspx

Currently there are drivers only for 5xxx and 6xxx series available.