AWS

Bulletin Severity Rating:Critical - This security update resolves two privately reported vulnerabilities in Microsoft Windows. These vulnerabilities could allow remote code execution if messages received by the Internet Authentication Service server are copied incorrectly into memory when handling PEAP authentication attempts. An attacker who successfully exploited either of these vulnerabilities could take complete control of an affected system. Servers using Internet Authentication Service are only affected when using PEAP with MS-CHAP v2 authentication. View the full article

Bulletin Severity Rating:Important - This security update resolves two privately reported vulnerabilities in Microsoft Windows. The more severe of these vulnerabilities could allow remote code execution if an attacker sent a specially crafted HTTP request to an ADFS-enabled Web server. An attacker would need to be an authenticated user in order to exploit either of these vulnerabilities. View the full article

Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow a denial of service if a remote, authenticated attacker, while communicating through Internet Protocol security (IPsec), sends a specially crafted ISAKMP message to the Local Security Authority Subsystem Service (LSASS) on an affected system. View the full article

I didn't think you could use a photo for a screen saver.

Windows 7 is seeing success in the marketplace which I am very happy about from a security perspective. The Microsoft Security Intelligence Report has shown us again and again that the more up-to-date a PC is, the less likely it is to be infected by malware and other potentially dangerous software. So Windows 7 making strides is helpful to the ecosystem overall from a security standpoint. Success comes at a price though, through greater scrutiny and misinterpretation of some of the technologies. One of those technologies is BitLocker. I've seen numerous claims the past few weeks about weaknesses in BitLocker and even claims of commercial software that "breaks" BitLocker. One claim is from a product that "allows bypassing BitLocker encryption for seized computers." This claim is for a forensics product and has legitimate uses however, to say it "breaks" BitLocker is a bit of a misnomer. The tool "recovers encryption keys for hard drives" which relies on the assumption that a physical image of memory is accessible, which is not the case if you follow BitLocker's best practices guidance. The product, like others used legitimately for data recovery and digital forensics analysis, requires "a physical memory image file of the target computer" to extract the encryption keys for a BitLocker disk. Our discussions of Windows BitLocker have always been to communicate that it is intended to help protect data at rest (e.g. when the machine is powered off). If a forensics analyst or thief/adversary has physical access to a running system, it may be possible to make a copy of the computer's memory contents by using an administrative account on the system, or potentially through hardware-based methods such as direct memory access (DMA). Another report discusses targeted attack vectors where the attacker must gain physical access to the computer, multiple times I might add. This research is similar to other published attacks where the owner leaves a computer unattended in a hotel room and anyone with access to the room could tamper with this computer. This sort of targeted attack poses a relatively low risk to folks who use BitLocker in the real world. Even with BitLocker's multi-authentication configurations, an attacker could spoof the pre-OS collection of the user's PIN, store this PIN for later retrieval, and then reboot into the authentic collection of the user's PIN. The attacker would then be required to gain physical access to the laptop for a second time in order to retrieve the user's PIN and complete the attack scheme. These sorts of targeted threats are not new and are something we've addressed in the past in 2006 we discussed similar attacks, where we've been straightforward with customers and partners that BitLocker does not protect against these unlikely, targeted attacks. Our customers are confronted with a wide spectrum of data security threats that are specific to their environment and we work hard to provide capabilities and information to help the customer achieve the right balance of security, manageability, and ease-of-use for their specific circumstances. BitLocker is an effective solution to help safeguard personal and private data on mobile PCs and provides a number of protection options that meet different end-user needs. Like most full volume encryption products on the market, BitLocker uses a key-in memory when the system is running in order to encrypt/decrypt data on the fly for the drives in use. Also like other encryption products, a determined adversary has significant advantages when they have physical access to a computer. We recognize users want advice with regards to BitLocker and have published best practice guidance in The Data Encryption Toolkit for Mobile PCs. In the toolkit, we discuss the balance of security and usability and detail that the most secure method to use BitLocker in hibernate mode and a TPM+PIN configuration. Using this method, a machine that is powered off or hibernated will protect users from the ability to extract a physical memory image of the computer. Windows 7 BitLocker continues to be a foundational component adding to any defense in depth strategy for securing systems, and specifically laptops. Even with the great enhancements made in Windows 7 such as BitLocker To Go, it still remains that BitLocker alone is not a complete security solution. IT professionals as well as users must be diligent when protecting IT resources and the best protection against these sorts of targeted attacks requires more than just technology: it requires end user education and physical security also play important roles. View the full article

Here's the December 2009 update to "What I Use". Changes include a return to the iPod platform after months of dabbling with Zune HD, my favorite iPhone apps, Office 2010, a broader mix of web browsers, Modern Warfare 2, and some Mac virtualization solutions. View the full article

I've started building out my support page for "Windows 7 Secrets," starting with some errata, additions, and notes to the initial printing of the book. I'll be adding more over time, including some reader-submitted errata and some major content updates. View the full article

In the latest episode of the Windows Weekly podcast, Leo and I discuss Windows Weekly video, the MIA Windows 7 USB/DVD tool, ATT vs. Verizon, web browser usage share, Office 2010 release date, the (fake) Black Screen of Death, and much more... View the full article

Switching to the Mac doesn't mean you have to give up on Windows 7. In fact, over 80 percent of Mac users run Windows too. Here's how to make it happen, either with dual boot or via a virtualization solution. View the full article

It should work. Try starting it from the folder that sfc.exe is in.

Ready for some World War II-era nostalgia? Then check out Call of Duty Classic for the Xbox 360, an Xbox Live Arcade title that brings the original game in the series to the console for the first time. View the full article

As we rush to the cloud computing future, it's important to remember that the computing platforms of today will continue forward. Microsoft's success creating today's platforms should help going forward. View the full article

I appeared on the most recent episode of the This Week in Tech (TWiT) podcast with Leo Laporte, Jerry Pournelle, and Dwight Silverman. Topics include the truth about Windows 7 market share, why B Dalton's was good for literacy, and the fate of Ezekiel the Z80... View the full article

The Xbox 360 product lineup drops down to just two models for this holiday selling season, the low-end Xbox 360 Arcade and the recently price-reduced Xbox 360 Elite, which features a 120 GB hard drive. View the full article

In the latest episode of the Windows Weekly podcast, Leo and I discuss more Office 2010 Public Beta news, Windows Home Server PP3, Google Chrome OS, captioning in digital video, and much more... View the full article

This guide explains the process for upgrading Active Directory domains to Windows Server 2008 and Windows Server 2008 R2, how to upgrade the operating system of domain controllers, and how to add domain controllers that run Windows Server 2008 or Windows Server 2008 R2 to an existing domain. Overview Upgrading your network operating system requires minimal network configuration and typically has a low impact on user operations. The upgrade process is straightforward, efficient, and allows your organization to take advantage of the improved security that is offered by the Windows Server 2008 and Windows Server 2008 R2 operating systems. This guide covers the process for upgrading domains and domain controllers, and how to add new domain controllers to existing Active Directory domains. It includes details about how to run Adprep.exe and resolve known issues and errors if they arise. System Requirements Supported Operating Systems: Windows 2000 Windows Server 2003 Windows Server 2008 Windows Server 2008 R2Microsoft Word or Word Viewer Download Upgrading Active Directory Domains to Windows Server 2008 and Windows Server 2008 R2 AD DS Domains Guide

URL rewrite module provides a rule-based rewriting mechanism for changing requested URL’s before they get processed by web server. The Microsoft URL Rewrite Module 1.1 for IIS 7 provides flexible rules-based rewrite engine that can be used to perform broad spectrum of URL manipulation tasks, including, but not limited to: Enabling user friendly and search engine friendly URL with dynamic web applications Rewriting URL’s based on HTTP headers and server variables Web site content handling Controlling access to web site content based on URL segments or request metadata. The installation package includes several additional components and hotfixes required by URL rewriter. Refer to the KB articles for the hotfixes to get more details. In order to apply the hotfixes correctly without restarting the server, it is recommended that the WAS service is stopped before installing URL Rewrite Module. The following hotfixes will be installed with URL Rewrite Module: Update for IIS 7.0 FastCGI module (KB 954946) Hotfix for IIS 7.0 SetUri function (KB 949172) Hotfix for ASP.NET System.Web.dll (KB 957660) Microsoft Visual C++ 2008 SP1 Redistributable Package Download URL Rewrite Module 1.1 for IIS 7 (x86) Download URL Rewrite Module 1.1 for IIS 7 (x64)

I shutoff the Usenet bot.

Try installing windows 2008 first before Winodws 7.

Netbooks are the fastest-growing segment of the PC industry and extremely popular with consumers. But are they a good investment for businesses too? View the full article

Read this over at InfoPackets a couple days ago. 2012 for Windows 8 release sounds abut right. What's your thoughts on Windows 8 being released in 2012?

A look at the lessons Microsoft learned developing Windows 7 and how it will apply those lessons to Windows 8 and other future products. View the full article

Welcome Chris. We can all excursive the gray matter together.

Welcome Matt and Happy Thanksgiving to you also.

In part 3 of my Office 2010 Beta review, I look at new two ways to get the suite: Office 2010 Starter edition and Click-2-Run... View the full article