| |
|

|
|

|
|
User Controls
|
|
New User
|
|
Login
|
|
Edit/View My Profile
|
|

|
|

|
|

|
|
Active Network
|
|
ActiveMac
|
|
ActiveWin
|
|
ActiveXbox
|
|
Careers
|
|
DirectX
|
|
Downloads
|
|
FAQs
|
|
Interviews
|
|
MS Games & Hardware
|
|
Reviews
|
|
Support Center
|
|
TopTechTips
|
|
Windows 2000
|
|
Windows Me
|
|
Windows Server 2003
|
|
Windows Vista
|
|
Windows XP
|
|

|
|

|
|

|
|
News Centers
|
|
Windows/Microsoft
|
|
Apple/Mac
|
|
Xbox/Xbox 360
|
|
News Search
|
|
XML/RSS Newsfeeds
|
|
Pocket PC Site
|
|

|
|

|
|

|
|
FAQ's
|
|
Windows Vista
|
|
Windows 98/98 SE
|
|
Windows 2000
|
|
Windows Me
|
|
Windows Server 2003
|
|
Windows XP
|
|
Windows CE
|
|
Internet Explorer 6
|
|
Internet Explorer 5
|
|
Xbox 360
|
|
Xbox
|
|
DirectX
|
|
DVD's
|
|

|
|

|
|

|
|
Latest Reviews
|
|
Xbox/Games
|
|
Halo 3
|
Call of Juarez
|
|

|
|
Applications
|
|
Adobe Illustrator CS3
|
|

|
|
Hardware
|
|
Athlon 64 X2 6000+
|
|
Acer Ferrari 5000
|
|

|
|

|
|

|
|
Latest Interviews
|
|
Steve Ballmer
|
|
Jim Allchin
|
|

|
|

|
|

|
|
Site News/Info
|
|
About This Site
|
|
Advertise
|
|
Affiliates
|
|
Contact Us
|
|
Default Home Page
|
|
Link To Us
|

|
|
 |
|
|
NEWS HEADLINES FOR: SATURDAY, JULY 05, 2008
|
|
|
|
NEWS HEADLINES FOR: FRIDAY, JULY 04, 2008
|
|
|
|
|
|
 |
 |
|
Time: 02:52 EST/07:52 GMT
| News Source: InfoWorld
| Posted By:
Kenneth van Surksum |
|
Microsoft will release four security patches for its Windows, Exchange, and SQL products next Tuesday, all rated "important."
The Exchange and SQL flaws are "Elevation of Privilege" bugs, meaning that an attacker could theoretically exploit them to get administrative access to a PC. One of the Windows flaws is labeled a "spoofing" bug, meaning that it could help hackers trick the user into doing things like visiting malicious Web sites.
The fourth update fixes a Windows flaw that could allow an attacker to run unauthorized code on a victim's PC, Microsoft said. Normally, this type of flaw is rated "critical" by Microsoft, but in this case the bug was probably given a less-severe rating because it doesn't work without the user first taking some extra actions or adding special software or drivers, said Eric Schultze, chief technology officer at Shavlik Technologies.
|
Comment here! - 0 Comments for this story. |
|
|
|
 |
 |
|
Time: 02:46 EST/07:46 GMT
| News Source: Windows SuperSite
| Posted By:
Kenneth van Surksum |
|
In order to provide customers with improvements in reliability, operation and service quality, Microsoft needs to occasionally update the infrastructure of the Windows Update client itself (this usually occurs about once a year). To help customers prepare, and ensure that they understand what’s happening, we have created several resources to provide information on the updates before they begin in late July. This particular update will not make any changes to the way WU looks of feels, but will improve: - The length of time it takes Windows Update to scan for updates
- The speed in which signature updates will be delivered
Windows Vista customers who select “never check for updates” (and Windows XP customers who select “turn off Automatic Update”) in their WU settings will not receive this WU infrastructure update unless they elect to install it manually by visiting Windows Update.
|
Comment here! - 0 Comments for this story. |
|
|
|
 |
 |
|
Time: 02:36 EST/07:36 GMT
| News Source: Microsoft
| Posted By:
Kenneth van Surksum |
|
The new features focus on configuration change management and enhanced troubleshooting designed to help you identify and resolve ISA Server configuration issues within the ISA Server Management console.
The service pack includes the following new features and feature improvements:
• Configuration Change Tracking—Registers all configuration changes applied to ISA Server to help you assess issues that may occur as a result of these changes.
• Test Button—Tests the consistency of a Web publishing rule between the published server and ISA Server.
• Traffic Simulator—Simulates network traffic in accordance with specified request parameters, such as an internal user and the Web server, providing information about firewall policy rules evaluated for the request.
• Diagnostic Logging Viewer—Now integrated as a tab into the ISA Server Management console, this feature displays detailed events on packet progress and provides information about handling and rule matching.
Improvements for existing features, including:
• Support for integrated NLB mode in all three modes, including unicast, multicast, and multicast with Internet Group Management Protocol (IGMP). Previously, ISA Server integrated NLB-supported unicast mode only.
• Support for use of server certificates containing multiple Subject Alternative Name (SAN) entries. Previously, ISA Server was able to use either only either the subject name (common name) of a server certificate, or the first entry in the SAN list.
• Support for Kerberos Constrained Delegation (KCD) cross-domain authentication. Credentials from users located in a different domain than the ISA Server, but in the same forest, can now be delegated to an internal published Web site by using KCD .
• Support for client certificate authentication in a workgroup deployment. This removes the requirement to map each client certificate to an Active Directory® directory user account when forms-based authentication is used as the primary authentication method and client certificates are used as the secondary method.
For more information about this service pack, see Microsoft Article 943462.
For general information about installing ISA Server updates and hotfixes, see Microsoft Article 885957.
|
Comment here! - 0 Comments for this story. |
|
|
|
 |
 |
|
Time: 02:33 EST/07:33 GMT
| News Source: Ent Mag
| Posted By:
Kenneth van Surksum |
|
According to a report released on Tuesday, more than 40 percent of Internet
surfers don't use browsers with up-to-date security patches -- and Internet
Explorer users are the biggest culprits.
The report, "Understanding
the Web Browser Threat," was conducted by researchers at ETH Zurich,
Google Inc. and IBM Internet Security Services. Its main assertion is that Web
browsers -- such as IE, Firefox and Safari -- are often the weakest link in
the security configuration of a given workstation.
IE took hits throughout the report, which claimed that the gestation time between
Microsoft patch releases is too long compared to similar programs from Apple
and others. In fact, according to the report, IE came in dead last in terms
of security, with only 47.6 percent of its users having the latest security
patches.
|
Comment here! - 8 Comments for this story. |
|
|
|
 |
 |
|
Time: 02:17 EST/07:17 GMT
| News Source: Microsoft
| Posted By:
Kenneth van Surksum |
|
There's no doubt in our minds that writing for TechNet Magazine is the most prestigious—and rewarding—job anyone could have. (Of course, it would be even more rewarding if we actually got paid, but that's another story.) Just how prestigious is this job? Let's put it this way: right now, all over the world, children who are being tucked into bed are looking up at their mothers and saying, "Mommy, when I grow up, I want to write a monthly scripting column for TechNet Magazine."
The average person considers system administration scripting to be extremely useful but probably not very exciting; in fact, he or she likely finds scripting a bit humdrum. And here's the reason: each of these people haven't tried writing boot configuration data scripts in either Windows Vista® or Windows Server® 2008.
Ah, yes, that raised your heart rate a beat or two, didn't it? As most of you reading this probably know, in Windows Vista and Windows Server 2008, the old boot.ini file has been discarded in favor of a new boot configuration data store that provides increased flexibility (and capabilities) when it comes to managing the boot process.
|
Comment here! - 0 Comments for this story. |
|
NEWS HEADLINES FOR: WEDNESDAY, JULY 02, 2008
|
|
|
|
|
|
 |
 |
|
Time: 15:18 EST/20:18 GMT
| News Source: Microsoft
| Posted By:
Kenneth van Surksum |
|
Hi, I'm David Ross, Security Software Engineer on the SWI team. I’m proud to be doing this guest post on the IE blog today to show off some of the collaborative work SWI is doing with the Internet Explorer team.
Today we are releasing some details on a new IE8 feature that makes reflected / “Type-1” Cross-Site Scripting (XSS) vulnerabilities much more difficult to exploit from within Internet Explorer 8. Type-1 XSS flaws represent a growing portion of overall reported vulnerabilities and are increasingly being exploited “for fun and profit.”
The number of reported XSS flaws in popular web sites has skyrocketed recently – MITRE has reported that XSS vulnerabilities are now the most frequently reported class of vulnerability. More recently, sites such as XSSed.com have begun to collect and publish tens of thousands of Type-1 XSS vulnerabilities present in sites across the web.
|
Comment here! - 0 Comments for this story. |
|
|
|
 |
 |
|
Time: 15:18 EST/20:18 GMT
| News Source: Microsoft
| Posted By:
Kenneth van Surksum |
|
Hi! I’m Eric Lawrence, Security Program Manager for Internet Explorer. Last Tuesday, Dean wrote about our principles for delivering a trustworthy browser; today, I’m excited to share with you details on the significant investments we’ve made in Security for Internet Explorer 8. As you might guess from the length of this post, we’ve done a lot of security work for this release. As an end-user, simply upgrade to IE8 to benefit from these security improvements. As a domain administrator, you can use Group Policy and the IEAK to set secure defaults for your network. As web-developer, you can build upon some of these new features to help protect your users and web applications.
As we were planning Internet Explorer 8, our security teams looked closely at the common attacks in the wild and the trends that suggest where attackers will be focusing their attention next. While we were building new Security features, we also worked hard to ensure that powerful new features (like Activities and Web Slices) minimize attack surface and don’t provide attackers with new targets. Out of our planning work, we classified threats into three major categories: Web Application Vulnerabilities, Browser & Add-on Vulnerabilities, and Social Engineering Threats. For each class of threat, we developed a set of layered mitigations to provide defense-in-depth protection against exploits.
|
Comment here! - 0 Comments for this story. |
|