Ruud de Jonge

Windows® Embedded OEM Technical Seminar and Workshop on November 5th in Amsterdam

Register free @ : http://www.microsoftembeddedseminars.com/about.aspx?seminarid=183

Location of seminar

Microsoft Office
Evert van Beekstraat 354
1118 CZ Schiphol
Amsterdam.
+31 (0)20 5001500

Agenda

PDC in 2009

“Today Microsoft is pleased to announce that PDC 2009 will take place November 17-20, 2009. Holding a PDC in 2009 will enable us to provide a timely update to the news we shared with the developer community at PDC 2008 and will help better prepare them for future development on the Microsoft platform.”

PDC voor in de lift

Ik loop nu 2 dagen rond in LA en ben bij alle keynotes (tot nu) geweest :-). Wat vertel ik nu mijn schoonmoeder over dit event. Wel .... het is warm (tegen de dertig graden), druk (meer dan 6000 voornamelijk mannen) en interessant. Vooral het laatste is spannend.

Voor mij is de essentie de volgende : met de recente annonceringen is het mogelijk om toepassingen te ontwikkelen die draaien op telefoons, PC's, datacenters binnen een bedrijf en datacenters in een publiek netwerk met 1 set aan tools terwijl je gebruik maakt van dezelfde kennis en ervaring.

Dat klinkt logisch maar is het tot nu toe nog niet. Software ontwikkelaars zijn net loodgieters; elk probleem wordt opgelost met een voor dat probleem specifieke aanpak en gereedschapsbak. En dat is niet logisch. En daar zit de crux; 1 toolset voor al deze platformen en 1 manier van werken. Als je .Net snapt, dan gaat er een wereld voor je open :-).

Ik heb wel eens software ontwikkelaars gepest dat zij moeten worden omgeschoold tot "Lego-klikkers"'. Dat klinkt denigrerend maar is het zeker niet, in tegendeel. Nieuwe kansen door nieuwe technologie en dat noodzaakt tot goed nadenken hoe je een "software-uitdaging" aanpakt. Voor mij is dit interessant EN spannend. Als ik dit iemand in een lift kan uitleggen, is mijn rol als evangelist geslaagd.

We hebben veel te delen op de komende TechEd in Barcelona en de DevDays in Amsterdam ....

More detail about MS08-067, the out-of-band netapi32.dll security update

Today Microsoft released a security update that fixes a remote code execution vulnerability in the Windows Server Service. This is a serious vulnerability and we have seen targeted attacks using this vulnerability to compromise fully-patched Windows XP and Windows Server 2003 computers so we have released the fix "out of band" (not on the regular Patch Tuesday). Due to the serious nature of the vulnerability and the threat landscape requiring an out-of-band release, you probably have questions about your own organization's risk level, what actions you can take to protect yourself, and why newer platforms are at reduced risk. We hope to answer those questions in this blog post.

Which platforms are at higher risk?

An unauthenticated attacker can trigger this vulnerability remotely for code execution on Windows Server 2000, Windows XP and Windows 2003. By default, Windows Vista and Windows Server 2008 require authentication. However, the attacker must be able to reach the RPC interface to exploit the vulnerability. In the default out-of-the-box scenario, the interface is not reachable due to the firewall enabled by default on Windows XP SP2, Windows Vista, and Windows Server 2008. Unfortunately, either one of the following two conditions exposes the RPC endpoint:

1) Firewall is disabled
2) Firewall is enabled but file/printer sharing is also enabled.

When File/Printer Sharing is enabled on Windows Vista and Windows Server 2008, the firewall only expose the RPC interface to the network type shared. For example, if a printer is shared on a network type ‘Private’, the firewall will block incoming RPC connections if the computer switches over to a network type ‘Public’. If you then choose to share the printer on the network type ‘Public’, Vista and Windows Server 2008 will prompt to ask if you really want to enable “File and Printer Sharing” for ALL public networks.

For more information about file/printer sharing, visit the following URLs:

- for Vista http://technet.microsoft.com/en-us/library/bb727037.aspx
- for XP http://www.microsoft.com/windowsxp/using/security/learnmore/sp2firewall.mspx

The following picture illustrates the risk for each platform in more detail.

More about mitigations (DEP, ASLR, /GS)

On Vista and Windows Server 2008, the combination of Address Space Layout Randomization (ASLR, http://blogs.msdn.com/michael_howard/archive/2006/05/26/address-space-layout-randomization-in-windows-vista.aspx) and Data Execution Protection (DEP, http://support.microsoft.com/kb/875352/EN-US/ ) will make the exploitation of this vulnerability more difficult. ASLR will randomize the base address of modules, heaps, stacks, PEB, TEBs, etc. making difficult the return into known locations. Known DEP bypass techniques will not be applicable on these platforms because of the presence of ASLR.

Regarding /GS protection, the stack frame of the function that contained the overflowed buffer was protected with a stack frame boundary cookie. However, due to the nature of this particular vulnerability, the exploit code is able to take advantage of another stack frame that was not meant to be protected by the /GS security cookie. The /GS security cookie is only emitted for functions meeting certain criteria.

UAC mitigates even when the prompting is disabled

As mentioned above, Windows Vista and Windows Server 2008 by default require authentication. But the security callback on the RPC interface has not been changed on the more recent platforms. Instead, the UAC and integrity level hardening work introduced with Vista is forcing the authentication requirement. The anonymous user connects with integrity level "Untrusted" while the named pipe requires at least a "Low" integrity level. Since "Untrusted" is lower than "Low" integrity level, the access check fails. Note that disabling the UAC prompt does not disable the integrity level access check. In other words, regardless of whether the UAC prompt is enabled or disabled, the integrity level check will be performed. The integrity level check will fail on Vista and Windows Server 2008 if the user connects anonymously. See http://msdn.microsoft.com/en-us/library/bb625963.aspx for more information.

There is a non-default scenario where a non-domain-joined Windows Vista and Windows Server 2008 can be exploited anonymously. If the feature “Password Protected Sharing” is disabled, anonymous connections come in at “Medium” integrity level. Because "Medium" integrity level is a higher integrity level than "Low", the integrity level check will succeed. This would allow Windows Vista and Windows Server 2008 to be exploited anonymously. This feature could be disabled through Vista’s Network Sharing Center in the “Sharing and Discovery” section.

Most perimeter firewalls will block exploit attempts from outside your organization

If you are behind a perimeter firewall that filters inbound connections to TCP ports 139 and 445, you will not be reachable from the Internet. This is a common home user scenario. In this scenario, only the machines in your local LAN will have the ability to exploit this vulnerability.

How you can protect yourself

You should apply the security update as soon as you can. This is the best way you can protect yourself. While you are testing the update and preparing your deployment process, you may choose to use one or more of the workarounds listed in the security bulletin. (http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx) We have researched several options that range from turning off the affected component to limiting the exposure to authenticated users.

There is one other workaround option that we didn't include in the bulletin because it is not a supported scenario. The Server service exposes the vulnerable code over an RPC named pipe. The access control list for the named pipe is specified in the netapi32.dll code. It can be changed for any current Windows session. When Windows is rebooted, the ACL will get reset to the default value. However, if you were to change the ACL on every boot after the service is started, the window of attack for anonymous users would be very small. We have developed a simple tool that can remove the ANONYMOUS access control entry is the named pipe's access control list. (Please remember that this is not a supported scenario.) Here's what it looks like when run:

C:\>chacl.exe \\.\pipe\srvsvc
opening up \\.\pipe\srvsvc
Got back 3 ACE entries
Found an entry for ANONYMOUS LOGON. Deleting it...
deleted that ACE

Setting new DACL changes...
Done

C:\>chacl.exe \\.\pipe\browser
opening up \\.\pipe\browser
Got back 3 ACE entries
Found an entry for ANONYMOUS LOGON. Deleting it...
deleted that ACE

Setting new DACL changes...
Done

We have attached the chacl.c source code at the bottom of this blog post.

Greetz

A great deal of investigation in a short amount of time went into this case. We'd like to publicly thank all the engineers who helped provide definitive answers (some requiring hours of debugging) to these hard technical questions.

- Bruce Dang, Fermin J. Serna, Damian Hasse, Andrew Roths and Jonathan Ness from the SVRD team
- Matt Miller and other members from the Microsoft Security Engineering Science Team
- David Kruse, Tassaduq Basu, and Jon Schwartz from the core file system, networking, and kernel teams (respectively)
- Carlos Trueba Salinas from the Windows Sustained Engineering team

Posting is provided "AS IS" with no warranties, and confers no rights.

http://blogs.technet.com/swi/archive/2008/10/23/More-detail-about-MS08-067.aspx

Mail van Steve Ballmer : A Platform for the Next Technology Revolution

During the past decade, a dramatic transformation in the world of information technology has been taking shape. It's a transformation that will change the way we experience the world and share our experiences with others. It's a transformation in which the barriers between technologies will fall away so we can connect to people and information no matter where we are. It's a transformation where new innovations will shorten the path from inspiration to accomplishment.

Many of the components of this transformation are already in place. Some have received a great deal of attention. "Cloud computing" that connects people to vast amounts of storage and computing power in massive datacenters is one example. Social networking sites that have changed the way people connect with family and friends is another.

Other components are so much a part of the inevitable march of progress that we take them for granted as soon as we start to use them: cell phones that double as digital cameras, large flat-screen PC monitors and HD TV screens, and hands-free digital car entertainment and navigation systems, to name just a few.

What's missing is the ability to connect these components in a seamless continuum of information, communication, and computing that isn't bounded by device or location. Today, some things that our intuition says should be simple still remain difficult, if not impossible. Why can't we easily access the documents we create at work on our home PCs? Why isn't all of the information that customers share with us available instantly in a single application? Why can't we create calendars that automatically merge our schedules at work and home?

This week at the Professional Developers Conference (PDC) in Los Angeles, we shared news with software developers about a new set of platform technologies that will help transcend these limits. Because you are a subscriber to Executive Emails from Microsoft, I wanted to share my thoughts about the impact that these technologies will have as developers begin to use them to create a new generation of experiences that extend uninterrupted from the desktop to the mobile phone, media player, car, and beyond-to places where we never thought information and communications would be available to us.

A New Platform for Cloud Computing

At PDC, we announced the availability of an early preview release of a new technology called Windows Azure. Windows Azure will enable developers to build applications that extend from the cloud to the enterprise datacenter and span the PC, the Web, and the mobile phone. For the first time, we shared pre-beta code for Windows 7 and for Windows Server 2008 R2. Windows 7, which is the next version of the Windows desktop operating system, will take advantage of software and hardware advances to help eliminate the boundaries between information, people, and devices.

We also previewed Office Web applications, which are light-weight versions of Word, Excel, PowerPoint, and OneNote that are designed to be accessed through a browser. Office Web applications will be part of the next version of Office and will enable people to view, edit, and share information and collaborate on documents on the desktop, the phone, and in a Web browser in a way that is consistent and familiar.

Windows Azure is part of the Azure Services Platform, a comprehensive set of storage, computing, and networking infrastructure services that reside in Microsoft's network of datacenters. Using the Azure Services Platform, developers will be able to build applications that run in the cloud and extend existing applications to take advantage of cloud-based capabilities. The Azure Services Platform provides the foundation for business and consumer applications that deliver a consistent way for people to store and share information easily and securely in the cloud, and access it on any device from any location.

Windows Azure is not software that companies will run on their own servers. It's something new: a service that runs in Microsoft's growing network of datacenters and provides the platform that helps companies respond to the realities of today's business environment, and tomorrow's. Windows Azure technologies are already finding their way into products such as Windows Server 2008 and System Center Virtual Machine Manager, enabling organizations and Microsoft partners to create their own cloud infrastructure.

Windows Azure will enable organizations to respond to realities such as the need to use the Web to provide customers with comprehensive information and to interact with an audience that has the potential to expand exponentially overnight; to integrate operations with partners-and sometimes even competitors-to meet customer needs; to add new capabilities quickly to respond to new opportunities; and to enable employees to work efficiently and effectively no matter where they are. These realities apply not just to businesses, but to organizations of all kinds: schools, governments, community groups, and more.

Traditional approaches to building technology infrastructure and delivering computing capabilities make it difficult and expensive to adjust to these realities. You need systems with enough capacity to meet the highest possible demand-capacity that includes servers and buildings to house them, the power to run them, and the people to manage them. You have to spread that capacity across locations so there's a backup if one part fails. You have to solve issues like access for different types of users and compliance with tax regulations in all countries where your customers reside.

Designed specifically to meet the global scale that today's organizations require, the Azure Services Platform will provide fundamentally new ways to deploy services and capabilities. It gives businesses the option to take advantage of the capacity available in the cloud as it is needed, reducing the need to make large upfront investments in infrastructure simply to be ready when demand spikes. It will enable developers to create applications that run in the cloud and provide the features, information, and interactivity that employees, partners, and customers expect-no matter how many of them there are, where they are in the world, or what device they have at hand.

Software Plus Services and the Power of Choice

The Azure Services Platform reflects our belief that choice is critical for developers, companies, and consumers. It is also based on our belief that the key to delivering value today and in the future lies in combining the best aspects of software running on PCs, servers, and devices with the best aspects of services running on the Web-an approach we call "software plus services."

Our software plus services approach lets people take full advantage of the incredible power of today's devices. While there are undeniable benefits to being able to tap into the wealth of information and services that can be accessed over the Web through a browser, the interactive experiences that people expect on their PC, mobile phone, and media player depend on sophisticated software running on powerful processors.

The richness of these experiences will only increase as multicore processors expand the computing capabilities of our devices and new programming languages open the door to a new generation of applications that let us use more natural ways to interact with digital technology such as voice, touch, and gestures.

Software plus services also recognizes that for most companies, the ideal way to build IT infrastructure is to find the right balance of applications that are run and managed within the organization and applications that are run and managed in the cloud.

This balance varies by company. A financial services company may choose to maintain customer records within its own datacenter to provide the extra layers of protection that it feels are needed to safeguard the privacy of personal information. It may outsource IT systems that provide basic capabilities such as email.

This balance will change over time within an organization, as well. A company may run its own online transaction system most of the year, but outsource for added capacity to meet extra demand during the holiday season. With software plus services, an organization can move applications back and forth between its own servers and the cloud quickly and smoothly.

Today, companies around the world are implementing Microsoft technologies to take advantage of the best combination of on-premise software and cloud-based services. Using Microsoft Online Services, businesses including Coca-Cola Enterprises, Blockbuster, and Energizer access and manage Microsoft Exchange, SharePoint, Office Communications Server, and Live Meeting over the Web through a single, secure infrastructure. In addition, 1 million people rely on Office Live Workspace for sharing and collaborating with friends, family, and colleagues.

Expanding the Definition of Personal Computing

Ultimately, the reason to create a cloud services platform is to continue to enhance the value that computing delivers, whether it's by improving productivity, making it easier to communicate with colleagues, or simplifying the way we access information and respond to changing business conditions.

In the world of software plus services and cloud computing, this means extending the definition of personal computing beyond the PC to include the Web and an ever-growing array of devices. Our goal is to make the combination of PCs, mobile devices, and the Web something that is significantly than more the sum of its parts.

The starting point is to recognize the unique value of each part. The value of the PC lies in its computing power, its storage capacity, and its ability to help us be more productive and create and consume rich and complex documents and content.

For the Web, it's the ability to bring together people, information, and services so we can connect, communicate, share, and transact with anyone, anywhere, at any time.

With the mobile phone and other devices, it's the ability to take action spontaneously-to make a call, take a picture, or send a text message in the flow of our activities.

Through Live Mesh-a service from Microsoft that we announced earlier this year and about which we shared new information week-we're beginning to bridge the PC, phone, and Web and create this next generation of connected experiences. Built on the Azure Services Platform, Live Mesh enables you to use programs and information stored on your work computer from your home PC, and vice versa. With Live Mesh, you can share folders and ensure that the information is automatically synchronized across your devices.

Live Mesh hints at how our lives will be transformed as the barriers between devices disappear and the option to connect instantly to people, devices, programs, and information becomes a reality.

We're not quite there yet. Today, the Azure Services Platform is available only as a limited technology preview release. But as developers begin to combine the capabilities of this new platform with the amazing ongoing hardware and software innovations that we are seeing from companies across the industry, it will bring us significantly closer to the time when information, communication, and computing flows along with us seamlessly as we move through our day-to-day activities.

You can learn more about these technologies and the progress we are making by visiting the Microsoft Software + Services Web site.

I look forward to sharing more information with you about these new technologies in the near future.

Steve Ballmer

H1 2008 Desktop OS Vendor Report - Vulnerabilities and Days-of-Risk

This report looks at all of the vulnerabilities fixed by Apple, Microsoft, Red Hat and Ubuntu during the first half of 2008. At the vendor level, the report examines all vulnerabilities as well as Days of Risk (DoR) associated with those vulnerabilities. The report further drills down to examine just those issues affecting the commonly installed desktop operating system components.

The key findings for 1H08:

• The four vendors fixed a total 585 vulnerabilities in 1H08. 26.8% affected multiple vendors and of those, only 8 were fixed on the same day – the rest had an average 35 day delay between the first available fix and the last available fix..
• Microsoft had the lowest average Days of Risk for all vulnerabilities fixed at 24.22 days, with the next closest vendor at 72 days.
• For desktop OS vulnerabilities, Windows Vista had the fewest vulnerabilities in 1H08 at 21. The next lowest number was Windows XP SP2 at 26.
• Windows Vista customers experienced full or partial mitigation for 46% of the 26 vulnerabilities affecting Windows XP SP2 in 1H08, but also experienced one additional vulnerability in new code.

In addition to these measurements for the vendors and products, the body of the report also provides weighted analysis which provides a lesser consideration for lower severity issues. Please read the full report for details.

http://blogs.technet.com/security/archive/2008/10/28/download-h1-2008-desktop-vuln-report.aspx

En als teaser :

Microsoft, Yahoo!, Western Union and African Development Bank Announce Coalition to Combat Internet Lottery Scams

New research shows one in 44 internet users have lost money to internet fraud in the past 12 months.

WIESBADEN, Germany — 28 Oct 2008 — Microsoft Corp, Yahoo! Inc, Western Union and the African Development Bank today announced the formation of a coalition to raise global awareness among consumers of the threat posed by lottery hoax e-mails. Through this collaborative effort, the coalition members will educate internet users so they are better able to protect themselves against fraudulent activities online.

Internet lottery scams are a common form of advance fee fraud, a crime in which the victim is deceived into paying money upfront to receive a fictitious gift or cash prize. Law enforcement officials have expressed concern that scammers will step up their activity to take advantage of people concerned with or affected by the global economic downturn.

Speaking at the 6th German Anti Spam Summit, Tim Cranton, associate general counsel for Worldwide Internet Safety Programs at Microsoft, said, “This online threat differs from those that try to exploit software code or attack computers. Lottery scammers prey not on software, but on the hope of their victims — and with scams that can be so creative and plausible, internet users simply don’t know whom they can believe. Microsoft is announcing this coalition with the African Development Bank, Western Union and Yahoo! today with the goal of helping to better ensure end-to-end trust in the internet for everyone.”

“As one of the world’s largest web mail providers, reaching hundreds of millions of internet users, we realize that Yahoo! is in a unique position to help educate consumers about dangerous scams online, and we have a special responsibility to help provide a safe online experience,” said George Hadjigeorgiou, general manager of communication and community products, Yahoo! Europe. “At Yahoo!, we’ve long told our users that if it sounds ‘too good to be true,’ it probably is. But as internet fraudsters continue to get more creative in their approaches, consumers continue to be deceived. This unique initiative is a continuation of our online safety and trust initiatives and is intended to help support our consumer awareness efforts.”

The announcement of the internet lottery scam coalition coincides with the release of independent research commissioned by Microsoft into consumer experiences of lottery scams in Denmark, France, Germany, Italy, the Netherlands, Spain and the UK. Of 4,930 people interviewed, 113 people, or one in 44, said they had lost money to an internet fraudster in the last 12 months, with individual losses ranging from less than 100 euros to more than 7,000 euros.

The research also shows that the following:

· Of internet users surveyed, 27 per cent thought it likely they would become a victim of an internet lottery scam that would cost them money.

· More than half (51 per cent) said that lottery scam e-mails made them more reluctant to buy goods from the internet.

· As a result of internet scams 36 per cent said they were more reluctant to use the internet.

“It’s a common perception that only naive and extremely gullible people fall victim to lottery scams. However, it can happen to anyone, especially those who are experiencing financial pressure,” said Christopher Fischer, senior counsel EMEASA, Western Union Financial Services. “Our goal is to help consumers protect themselves by helping them understand how our service operates and how internet lottery scams work. For example, we advise all consumers never to send money to a stranger using cash-to-cash money transfer services. Evidence shows that consumers themselves are the first, last and best line of defence against fraud. Consumers that are educated, well-informed and sceptical are better able to protect themselves and their hard-earned money.”

Lottery scammers often misappropriate or misrepresent established and credible brands to add authenticity to their hoaxes. The huge volume of e-mails they send coupled with the fact that their use of the internet enables them to transcend national borders makes it hard to understand the true scope and range of their activities.

To address this, victims of lottery scams that involve any of the coalition companies’ brands or services can report their experience to their local police authority. Interpol will communicate with national law enforcement agencies to inform them of the initiative and provide guidance on critical information to collect.

Victims will be invited to send a copy of the police crime report to the relevant coalition company member. Each company can then apply its own in-house investigative expertise in an effort to identify trends and common patterns, such as multiple scams emanating from the same geographic region.

“All four companies share a common interest in addressing cybercrime and online scams,” said William Godbout, chief security officer at African Development Bank. “There has been an exponential increase in the volume of online criminal activity using our trademark. Although there is no financial loss to the bank, these crimes impact our reputation and image. The reputation of African banking, of African development institutions and of the African continent in general are significantly jeopardized by the explosion in cybercrime falsely using African entities. With the assistance of our partners, in conjunction with both international authorities and local African law enforcement organizations, we will prosecute this criminal activity to the greatest extent possible.”

Victims of lottery scams can report cases by sending their police crime reports to the following dedicated and security-enhanced addresses:

· African Development Bank

security@afdb.org or

African Development Bank

Security Unit

BP 323 1002

Tunis Belvedere,

Tunisia

· Microsoft

lotfraud@microsoft.com or

Report Lottery Fraud

Microsoft Corp

One Microsoft Way

Redmond, WA 98052-6399

USA

· Western Union

spoof@westernunion.com

To learn more from Western Union about consumer protection: http://www.westernunion.com

· Yahoo!

http://antispam.yahoo.com/phishingtips

About African Development Bank

The African Development Bank is Africa’s premier development finance institution dedicated to combating poverty and improving the lives of people of the continent and engaged in the task of mobilizing resources for the economic and social development of its Regional Member Countries.

The Bank Group’s primary objective is to promote sustainable growth to reduce poverty by financing projects and programmes in the RMCs through loans, equity investments and technical assistance.

About Western Union

The Western Union Company (NYSE: WU) is a leader in global money transfer services. Together with its affiliates, Orlandi Valuta and Vigo, Western Union provides consumers with fast, reliable and convenient ways to send and receive money around the world, as well as send payments and purchase money orders. It operates through a network of more than 365,000 Agent locations in over 200 countries and territories. Famous for its pioneering telegraph services, the original Western Union dates back to 1851. For more information, visit www.westernunion.com.

About Yahoo!

Yahoo! Inc. is a leading global Internet brand and one of the most trafficked Internet destinations worldwide. Yahoo! is focused on powering its communities of users, advertisers, publishers, and developers by creating indispensable experiences built on trust. Yahoo! Inc. is headquartered in Sunnyvale, California. For more information, visit pressroom.yahoo.com or the company’s blog, Yodel Anecdotal.

About Microsoft

Founded in 1975, Microsoft (Nasdaq “MSFT”) is the worldwide leader in software, services and solutions that help people and businesses realise their full potential.

About Microsoft EMEA (Europe, Middle East and Africa)

Microsoft has operated in EMEA since 1982. In the region Microsoft employs more than 16,000 people in over 64 subsidiaries, delivering products and services in more than 139 countries and territories.

Alert - Critical Product Vulnerability - October 23, 2008 Microsoft Security Bulletin Release (Out of Band)

What is the purpose of this alert?

This alert is to provide you with an overview of the new security bulletin released (out of band) on October 23, 2008. Microsoft has released security bulletin MS08-067, Vulnerability in Server Service Could Allow Remote Code Execution (958644), to address a vulnerability in all currently supported versions of Windows. This security update was released outside of the usual monthly security bulletin release cycle in an effort to protect customers.

Executive Summary

This security update resolves a privately reported vulnerability in the Server service. The vulnerability could allow remote code execution if an affected system received a specially crafted RPC request. On Microsoft Windows 2000, Windows XP, and Windows Server 2003 systems, an attacker could exploit this vulnerability without authentication to run arbitrary code. It is possible that this vulnerability could be used in the crafting of a wormable exploit. Firewall best practices and standard default firewall configurations can help protect network resources from attacks that originate outside the enterprise perimeter. The security update addresses the vulnerability by correcting the way that the Server service handles RPC requests.

Recommendations

Microsoft recommends customers prepare their systems and networks to apply this security bulletin immediately once released to help ensure that their computers are protected from attempted criminal attacks. For more information about security updates, visit http://www.microsoft.com/protect.

New Security Bulletin Technical Details

Identifier

MS08-067

Severity Rating

This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, and rated Important for all supported editions of Windows Vista and Windows Server 2008.

Impact of Vulnerability

Remote Code Execution

Detection

Microsoft Baseline Security Analyzer can detect whether your computer system requires this update.

Affected Software

All currently supported versions of Windows

Restart Requirement

The update requires a restart.

Removal Information

· For Windows 2000, Windows XP, Windows Server 2003: Use Add or Remove Programs tool in Control Panel or the Spuninst.exe utility

· For Windows Vista and Windows Server 2008: WUSA.exe does not support uninstall of updates. To uninstall an update installed by WUSA, click Control Panel, and then click Security. Under Windows Update, click View installed updates and select from the list of updates.

Bulletins Replaced by This Update

MS06-040 is superseded on these operating systems: Windows 2000 SP4, Windows XP SP2, Windows XP X64, Windows Server 2003 SP1, Windows Server 2003 X64, Windows Server 2003 SP1 for Itanium-based Systems.

Full Details:

http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx

Public Bulletin Webcast

Microsoft will host a Webcast to address customer questions on the bulletin:

Title: Information Regarding an Out-of-Band Security Bulletin Release (Level 200)

Date: Thursday, October 23, 2008 1:00 P.M. Pacific Time (U.S. & Canada)

URL: http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?culture=en-US&EventID=1032393978

Regarding Information Consistency

We strive to provide you with accurate information in static (this mail) and dynamic (Web-based) content. Microsoft’s security content posted to the Web is occasionally updated to reflect late-breaking information. If this results in an inconsistency between the information here and the information in Microsoft’s Web-based security content, the information in Microsoft’s Web-based security content is authoritative.

If you have any questions regarding this alert please contact your Technical Account Manager or Application Development Consultant.

Thank you,

Microsoft CSS Security Team

ADVANCE NOTIFICATION - October 23, 2008 (Out-of-Band) MSRC Security Bulletin Release

What is the purpose of this alert?

Microsoft is scheduled to release a security bulletin (out-of-band) to address a vulnerability in all currently supported versions of Windows. The bulletin is scheduled for release at approximately 10 A.M. Pacific Time on Thursday, October 23, 2008.

This security update will be released outside of the usual monthly security bulletin release cycle in an effort to protect customers. Microsoft recommends customers prepare their systems and networks to apply this security bulletin immediately once released to help ensure that their computers are protected from attempted criminal attacks. For more information about security updates, visit http://www.microsoft.com/protect.

The purpose of this notification is to assist customers with resource planning for this security bulletin release. The information offered in this notification is purposely general in nature to provide enough information for customers to plan for deployment without disclosing vulnerability details or other information that could put them at risk.

Anyone believed to have been affected can visit: http://www.microsoft.com/protect/support/default.mspx and should contact the national law enforcement agency in their country.

Microsoft continues to encourage customers to follow the “Protect Your Computer” guidance of enabling a firewall, applying all software updates, and installing anti-virus and anti-spyware software. Additional information can be found at: http://ww.microsoft.com/protect.

New Bulletin Summary

Bulletin Identifier

Windows Bulletin

Maximum Severity Rating

Critical

Impact of Vulnerability

Remote Code Execution

Detection

Microsoft Baseline Security Analyzer can detect whether your computer system requires this update.

Restart Requirement

The update requires a restart.

Affected Software

Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008

The full version of the Microsoft Security Bulletin Advance Notification for this month can be found here: http://www.microsoft.com/technet/security/bulletin/ms08-oct.mspx.

Although we do not anticipate any changes, the information provided in this summary is subject to change until the release. At this time, no additional information on this bulletin such as details regarding severity or details regarding the vulnerability will be made available until the bulletin is published.

Public Bulletin Webcast

Microsoft will host a Webcast to address customer questions on the bulletin:

Title: Information about Microsoft Security Bulletins (Level 200)

Date: Thursday, October 23, 2008 1:00 P.M. Pacific Time (U.S. & Canada)

URL: http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?culture=en-US&EventID=1032393978

Regarding Information Consistency

We strive to provide you with accurate information in static (this mail) and dynamic (Web-based) content. Microsoft’s security content posted to the Web is occasionally updated to reflect late-breaking information. If this results in an inconsistency between the information here and the information in Microsoft’s Web-based security content, the information in Microsoft’s Web-based security content is authoritative.