Deep fixes in Microsoft's monthly security bulletin

Microsoft shipped its monthly security updates, and these are not superficial patches, but deep fixes, likely with ramifications for everyone using these products. Anticipate serious perturbations to your systems if you are depending on the behavior of these applications as part of your customer solutions. Microsoft ships patched code it classifies as “Critical” for:

MS06-021 – Cumulative Security Update for Internet Explorer (916281): this is supposed to include patches addressing the ActiveX behaviors in the Eolas suit. This is a good time to abandon ActiveX controls and IE if you are still supporting them.

MS06-022 – Vulnerability in ART Image Rendering Could Allow Remote Code Execution (918439)

MS06-023 – Vulnerability in Microsoft JScript Could Allow Remote Code Execution (917344): JScript? Are they still making that?

MS06-024 – Vulnerability in Windows Media Player Could Allow Remote Code Execution (917734)

MS06-025 – Vulnerability in Routing and Remote Access Could Allow Remote Code Execution (911280)

MS06-026 – Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (918547)

MS06-027 – Vulnerability in Microsoft Word Could Allow Remote Code Execution (917336)

MS06-028 – Vulnerability in Microsoft PowerPoint Could Allow Remote Code Execution (916768)

“Important,” perhaps less critical patches include:

MS06-029 – Vulnerability in Microsoft Exchange Server Running Outlook Web Access Could Allow Script Injection (912442)

MS06-030 – Vulnerability in Server Message Block Could Allow Elevation of Privilege (914389)

MS06-032 – Vulnerability in TCP/IP Could Allow Remote Code Execution (917953)

One “Moderate” patch rounds out the bunch:

MS06-031 – Vulnerability in RPC Mutual Authentication Could Allow Spoofing (917736

In addition, MS06-011 Permissive Windows Services DACLs Could Allow Elevation of Privilege (914798) has been re-released as version 2.0 with new patching information.

It's the 24th week of the year, and Microsoft is up to 31 patches.

UVCIA Panel 21 June: FOSS: Are there options for your business?

I'll be speaking on a panel next week at the Upper Valley Computer Industry Association. The panel is entitled “FOSS: Are there options for your business? How can the use of FOSS software supercharge your enterprise” and will be moderated by Bill McGonigle. Here's the blurb:

“Please join a panel of local Free/Open Source Software (FOSS) experts for a discussion of what's new in the field. Each panelist will briefly describe how he uses FOSS software to supercharge his enterprise. After that, the panel will discuss a series of issues that are frequently asked about Free/Open Source Software, and will help the audience understand these questions:

  • What is Free/Open Source Software?
  • Why would I want to use Free/Open Source Software?
  • How can I improve my profits by using Free/Open Source Software?
  • What's changed in the past few years?

“The panel will then switch to a Q&A session, answering questions and engaging discussion with the audience members.”

The other panelists include:

The meeting will be on Wednesday, June 21, 2006, 7:30am – 10:00am, at The Fireside Inn. Admission costs $45, which includes breakfast. Details at http://www.uvcia.org — hope to see you there!

TechEd Top Ten Hot Buttons

Over at Microsoft Watch from Mary Jo Foley lists The Top Ten TechEd Hot Buttons. “Microsoft's annual gathering for IT pros and developers kicks off on June 11. Here is our list of the most significant of the unveilings and announcements [^] everything from a first test build of the new mobile SQL Server, to a new beta of WinFS — that we're expecting at this week's show.”

Scoble escapes the belly of the beast

Over at Scripting News, Dave Winer confirms Scoble moves. “Chris Pirillo says it's “100 percent true” that Scoble is leaving Microsoft and joining Podtech.” … Dave goes on to say,”I didn't like how Microsoft was changing our relationship, and I told him so, really clearly. You can only be at such a large company for so long before it changes you… A person like Scoble can have enormous influence just by adopting some very simple ideas. It's the ideas that have power. But Microsoft hasn't let the changes waft over them. They still think in old terms. I'm glad to see my old friend didn't go down with the ship.”

Agreed.

New Dabo screencast

Ed Leafe posts: “I've just posted a new screencast. This one is different than the others, in that its intent is not to show you what you can do with Dabo. Instead, it shows a little bit of what goes into Dabo classes, and perhaps might help people get familiar with how our stuff works. For those who are new to Python, too, it may also show some elements of Python with which they may not be familiar. At worst, it's me rambling on for 13 minutes or so. ;-)”

http://leafe.com/screencasts/addproperty.html

“A member of the dabo-users list asked how to force the case of characters in a textbox, and while it was certainly possible by coding, I thought that such things should be built-in to the text controls. The screencast is sort of looking over my shoulder as I add that feature to the Dabo base class textbox.”

XAMPP

I've been involved for a couple of years in developing Linux-Apache-MySQL-PHP/Perl/Python apps for various clients. During most of that time, I've used in-house Linux servers for prototype, development and testing, and Linux servers deployed at the client site or a hosting provider for production work. Recently, I wanted to spin off a second copy of an application on a local Windows laptop to test some radical changes while the rest of the development team continued to work away on the dev server. Ideally, I wanted to install the entire LAMP set on my local workstation without a lot of work, configuration, downloads, HowTos, and so forth. XAMPP offers free, prepackaged installation modules for Linux, Windows, OS X and Solaris, bundled with a dozen handy utilities like PEAR and phpMyAdmin. Installation was a click, click, click, done! process. Reading a few READMEs got a few non-standard settings like enabling InnoDB data storage. Slick!

If you need a quickly set up XAMPP stack, you'll want to check this out.

MonadLUG meeting last night

Tim Lind put on a great presentation of TrixBox 1.0 (the renamed and renumbered successor to Asterisk@Home 2.8) to ten attendees at tonights MonadLUG meeting. Tim brought nearly the entire system from his Computerborough offices: a salvaged PIII-700, a Digium card card with two daughterboards: FXS and FXO, a couple of cordless phones, an IP phone, and his laptop, and showed us the entire setup. Tim uses the machine to take incoming POTS calls and route it through a digital attendant to one of several phones, ring groups or voice mail boxes. Day and nighttime setups have different rules. In addition, he can route to his cell phone, process faxes, send voicemail messages via email, and a mind-boggling combination of the above and more. With graphs. Wow! Very impressive presentation. Asterisk could be a great solution for nearly any size business, and an inexpensive way to bring a PBX to the small business world.

Next month, July 13th Charlie Farinella will show us how he works with the ‘screen‘ command – a utility for supporting multiple remote terminal sessions on a single connection. Sessions started within a screen session can be backgrounded, suspended, and recovered after a disconnection.

On August 10, Mark and Tim from Computerborough will return again and show us around SugarCRM.

Thanks to Tim for a great presentation, Guy for MC’ing the meeting, and Ken for the facilities!

Ow. Too late.

House Rejects Net Neutrality Rules. The US House of Representatives definitively rejected the concept of Net neutrality on Thursday, dealing a bitter blow to Internet companies like Amazon.com, eBay and Google that had engaged in a last-minute lobbying campaign to support it. By a 269-152 vote that fell largely along party lines, the House Republican leadership mustered enough votes to reject a Democrat-backed amendment that would have enshrined stiff Net neutrality regulations into federal law and prevented broadband providers from treating some Internet sites differently from others. [OSNews]

In the /help directory

Doc Searls points to the Google open letter on Net Neutrality. Innovation on the internet by small and medium businesses needs a level playing field, not tilted by Big Media and Bigger Telecom to their business model alone. ISPs should get their fair fee for providing bandwidth, but they need to be neutral players in what we do with our wires. If I want to saturate the wire with an encrypted tunnel on port 12345 from here to my client in Walla Walla, provided I am within my TOS and AUP, providers need to stay out of the way. We need net neutrality to ensure that. Get involved!

Microsoft Genuine Advantage phones home daily.

OSNews posts Microsoft Plans Better Disclosures of Tool. “Microsoft acknowledged Wednesday that it needs to better inform users that its tool for determining whether a computer is running a pirated copy of Windows also quietly checks in daily with the software maker.” Ya think?

The article goes on to quote: “It's kind of a safety switch,” said David Lazar, who directs the Windows Genuine Advantage program.”

Is this Trustworthy Computing?

Powered by WordPress. Designed by Woo Themes

This work by Ted Roche is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 United States.