A better, more reliable, work-around for the Microsoft Video Control Vulnerability

For the past few days I've been following the Microsoft Video Control Vulnerability with interest. Basically, it's another vulnerable ActiveX control that needs killbitted. Last night, Microsoft posted a work-around which involves using a Group Policy ADM template (ADM is the template format that was deprecated in Vista and Windows Server 2008). Unfortunately, the template tattoos the registry, which is not really recommended. I contemplated for a while writing a work-around for this issue, but then remembered that I actually did; almost three years ago. The workaround I wrote then, for another ActiveX vulnerability will not tattoo the registry, and … Continue reading A better, more reliable, work-around for the Microsoft Video Control Vulnerability

What I Learned from Attending the Windows Launch Event Today

Today I attended the Microsoft 2008 server wave launch event in Seattle. In the process I learned a number of things: The launch event apparently does not need to coincide with actually launching anything. Server 2008 launched a couple of months ago. Visual Studio 2008 launched in November 2007, and SQL Server 2008, the third part of the tri-fecta that comprised the launch, will not actually launch until the third quarter this year. The primary purpose of launch events is apparently to get free junk, and in some cases, other stuff, from a collection of vendors you have never heard … Continue reading What I Learned from Attending the Windows Launch Event Today

Q&A with Amazon about the Server 2008 Security Resource Kit

Yesterday the editor from the IT section at Amazon.com sent me some questions about the Windows Server 2008 Security Resource Kit. The answers will eventually go on the book detail page. The questions, particularly questions 3 – 6, were interesting and thought-provoking, so I thought I would post them here as well. Question 1:The credentials of the contributors to Windows Server 2008 Security Resource Kit are quite impressive (six of the 12 are Microsoft MVPs, and the others are all either current or former product group employees at Microsoft). How important was it to assemble such a group for this … Continue reading Q&A with Amazon about the Server 2008 Security Resource Kit

Resource Kit Done!

Last Friday the last of the Windows Server 2008 Security Resource Kit finally went to press! This was a project I had not really planned and so, to complete it in time, I brought in an amazing crew of co-authors. Together, we managed to put together 17 chapters on how to manage security in one of the most exciting products this year.  The contributors to the Security Resource Kit are: Jimmy Andersson – Principal Advisor at Q Advice AB and Microsoft Active Directory MVP Susan Bradley – Small Business Server MVP Darren Canavor – Software Architect in the Windows Security group … Continue reading Resource Kit Done!