TechEd Bloggers Identity, Access, and Security

Eight Vulnerabilities in Windows and Office via Security Bulletin

Microsoft Security Response Center — Tue, 09 Mar 2010 22:50:22 GMT

Microsoft Security Response Center writes, "Today we are releasing two Important security bulletins addressing eight vulnerabilities in Windows and Microsoft Office. Both bulletins have an aggregate Exploitability Index rating of “1” so we recommend that customers deploy these updates as soon as possible...A summary of today’s security updates can be found... [here]" more

Tue, 09 Mar 2010 22:50:22 GMT

Windows 7 Does a Good Job Limiting Malware Infection

Kerry Brown — Tue, 09 Mar 2010 19:22:07 GMT

Kerry Brown writes, "...The latest version is extremely hard to remove from XP. If Windows is running it’s near impossible. The malware gets into the system files and doesn’t let other programs run. I have to remove the hard drive and scan it with another computer. Then I re-install the hard drive...Windows 7 with the default security settings did a great job of limiting the infection and making it easy to remove." more

Tue, 09 Mar 2010 19:22:07 GMT

Security Advisory on Vulnerability in VBScript Could Allow Remote Code Execution

Microsoft Security Response Center — Tue, 02 Mar 2010 20:31:32 GMT

Microsoft Security Response Center writes, "...we are not aware of any active attacks at this time and the following operating systems are not affected by this issue: Windows 7, Windows Server 2008 R2, Windows Server 2008, and Windows Vista. Our investigation is ongoing. Users on older versions of Windows should review the Security Advisory for mitigations and workarounds for this issue. Additionally, our Security Research & Defense team provides a detailed analysis of..." more

Tue, 02 Mar 2010 20:31:32 GMT

Clearing up Confusion About Secure Strings

Richard Siddaway — Tue, 23 Feb 2010 23:55:28 GMT

Richard Siddaway writes, "Secure Strings are a way to work with encrypted data – one of the common uses is to protect passwords used in scripts. The way to use them may not be obvious at first sight. I hope to clear some of the confusion...One draw back to secure strings is that we can’t save them in a file. To do that..." more

Tue, 23 Feb 2010 23:55:28 GMT

Malware Blue-Screens When Patched

Alun Jones — Thu, 18 Feb 2010 18:51:11 GMT

Alun Jones writes, "...the message here is that the operating system on a Windows computer belongs to Microsoft, and they document well those places where you are expected to modify it. Step outside those boundaries of safe patching, and you run a good risk that a patch will trigger significant adverse behaviour...If you experience problems as a result of applying a Microsoft security patch, or..." more

Thu, 18 Feb 2010 18:51:11 GMT

Top 25 Most Dangerous Security Programming Errors

Roger Halbheer — Wed, 17 Feb 2010 19:30:56 GMT

Roger Halbheer writes, "...It shows as we often say that the attacks moved up the stack and a lot of challenges are based on improperly written applications. So, if you are organization is developing applications, you should start to implement a process like the Security Development Lifecycle. If you need information about this..." more

Wed, 17 Feb 2010 19:30:56 GMT

Allowing a Service Account to Manage Its Own SPN

Jeff Guillet — Thu, 11 Feb 2010 00:18:21 GMT

Jeff Guillet writes, "...If you don't set the SPN properly, Kerberos Authentication will not work and that stops pass through authentication from working....A simple and easier way to fix this is by using Active Directory Users and Computers to assign the Write Public Information permission to Self on the domain account that SQL is using, as shown..." more

Thu, 11 Feb 2010 00:18:21 GMT

To Patch or Not the TLS Renegotiation Attack

Alun Jones — Wed, 10 Feb 2010 22:20:39 GMT

Alun Jones writes, "...If your servers do not use client auth / mutual auth, you don’t need this patch. Your server simply isn’t going to accept a renegotiation request. If your servers do use client authentication / mutual authentication, you can either apply this patch, or..." more

Wed, 10 Feb 2010 22:20:39 GMT

Security Bulletin Release for February 2010

Microsoft Security Response Center — Tue, 09 Feb 2010 20:34:03 GMT

Microsoft Security Response Center writes, "...today we are releasing 13 bulletins addressing 26 vulnerabilities. 11 bulletins affect Windows and 2 affect older versions of Microsoft Office...Here is the mapping from the bulletin numbers in the ANS to the released bulletin ID’s:..." more

Tue, 09 Feb 2010 20:34:03 GMT

Private Cloud Security is no Security at All

Sam Johnston — Wed, 03 Feb 2010 17:33:26 GMT

Sam Johnston writes, "...don't take it for granted that private cloud offerings are secure, and in the unlikely event that the systems themselves are secure, don't assume you or your provider can run them in a more secure fashion than a "public" cloud provider could. Incidents like this go a long way towards realising one of my predictions for 2010...in that Private clouds will be discredited by year end..." more

Wed, 03 Feb 2010 17:33:26 GMT

Scenarios Using ADFS with Amazon EC2

Steve Riley — Thu, 14 Jan 2010 19:06:29 GMT

Steve Riley writes, "...release of a whitepaper written by David Chappell that explores these federation scenarios in more detail. David begins [with] your Amazon EC2 resources are placed in an Amazon Virtual Private Cloud (VPC) and joined to your own corporate domain; here, there’s no use of ADFS. Then he illustrates the two scenarios...and shows how it would work with both ADFS 1.1 and ADFS 2.0..." more

Thu, 14 Jan 2010 19:06:29 GMT

Apply Security Update if You are Using Windows Embedded CE 6.0

Don Patterson — Wed, 13 Jan 2010 19:59:39 GMT

Don Patterson writes, "...Rereleased this bulletin to add Windows Embedded CE 6.0 to affected software. The new update for Windows Embedded CE 6.0..." more

Wed, 13 Jan 2010 19:59:39 GMT

Windows Security Risk on Embedded OpenType Font Engine

Microsoft Security Response Center — Tue, 12 Jan 2010 21:18:59 GMT

Microsoft Security Response Center writes, "...Critical bulletin affecting all versions of Windows. The bulletin, MS10-001, addresses one vulnerability in the Embedded OpenType Font Engine and is Critical on Windows 2000. For all other versions of Windows...The following risk and impact slide reflects the aggregate severity and exploitability index rating for this bulletin..." more

Tue, 12 Jan 2010 21:18:59 GMT

Fix for OCS 2007, NTLM and Edge Server Login Problems

Aaron Tiensivu — Tue, 12 Jan 2010 06:47:01 GMT

Aaron Tiensivu writes, "...If NTLM is “broken” inside the domain between domain controllers and OCS servers (front End/edge), the Office Communicator client will act as if the user entered an invalid username or password. The error message on the client computer is very misleading and everyone external will not be able to log in...verall, assuming all your software and operating systems on your network work properly with NTLMv2, I recommend..." more

Tue, 12 Jan 2010 06:47:01 GMT

Security Advisory for Adobe Reader and Acrobat - January 7, 2010

Don Patterson — Fri, 08 Jan 2010 00:36:01 GMT

Don Patterson writes, "...Among other issues, this update will resolve a critical vulnerability in Adobe Reader and Acrobat 9.2 and earlier (CVE-2009-4324) on Windows, Macintosh and UNIX. There are reports that this issue is being actively exploited in the wild; the exploit targets" more

Fri, 08 Jan 2010 00:36:01 GMT

Client and Cloud Security whitepaper Download

Georgeo Pulikkathara — Tue, 15 Dec 2009 17:22:49 GMT

Georgeo Pulikkathara writes, "...security guidance from Microsoft Trustworthy Computing on client + Cloud security...talks about client + cloud security in today’s environment,and what you need to consider before taking off for the cloud..." more

Tue, 15 Dec 2009 17:22:49 GMT

ACS Noise Filter: Translating Server Security EventIDs to Windows Server 2008

Marnix Wolf — Mon, 14 Dec 2009 13:26:30 GMT

Marnix Wolf writes, "...what if you are designing an ACS solution for Windows Server 2008 servers? Yes, you can apply the filter as stated in those very same documents. But it won’t work...I ran the same ‘formula’ against the other matching EventIDs and the same number came out! Time for a test. I took a non-matched W2K03 Security EventID..." more

Mon, 14 Dec 2009 13:26:30 GMT

Securing Windows Live When Using ASP.NET MVC

Angus Logan — Wed, 09 Dec 2009 18:05:45 GMT

Angus Logan writes, "I’ve been working with some of our centralized Windows Live security and privacy folks recently. These guys are super skilled...lessons learnt about securing Windows Live when using ASP.NET MVC...." more

Wed, 09 Dec 2009 18:05:45 GMT

4 Microsoft Security Notifications - December 8, 2009

Don Patterson — Tue, 08 Dec 2009 23:27:28 GMT

Don Patterson writes, "...Vulnerability in Internet Explorer Could Allow Remote Code Execution...Credential Relaying Attacks on Integrated Windows Authentication...Extended Protection for Authentication...Security Enhancements for the Indeo Codec..." more

Tue, 08 Dec 2009 23:27:28 GMT

Deep Linking Your Way Out of Home Realm Discovery

Vittorio Bertocci — Fri, 04 Dec 2009 00:51:46 GMT

Vittorio Bertocci writes, "This method is not a solution to home realm discovery, rather it is a “shortcut” that piggybacks on existing home real discovery solutions which must be in place for this to work. Furthermore, this has to be arranged by every partner and relies completely on the fact that the users will access the application through the specially crafter URL as opposed to..." more

Fri, 04 Dec 2009 00:51:46 GMT