Category: Server 8


Critical Windows bug could make worm meat of millions of high-value machines

Filed Under: Cloud Computing, Microsoft, SBS 2008, SBS2011, Security, Security Alerts, Server 2008, Server 8, Vista, Windows, Windows 7, Windows 8 by William — Leave a comment
March 13, 2012

Update your machines now.  If you are running a server with rdp exposed first firewall it off the internet then use another actual secure vpn to get to that server and update.  I would then never allow rdp direct access to the net again.

 

Microsoft has plugged a critical hole in all supported versions of Windows that allows attackers to hit high-value computers with self-replicating attacks that install malicious code with no user interaction required.The vulnerability in the Remote Desktop Protocol is of particular concern to system administrators in government and corporate settings because they often use the feature to remotely trouble-shoot e-mail servers, point-of-sale terminals and other machines when they experience problems. RDP is also the default way to manage Windows machines that connect to Amazons EC2 and other cloud services. That means potentially millions of endpoints are at risk of being hit by a powerful computer worm that spreads exponentially, similarly to the way exploits known as Nimda and Code Red did in 2001.”This type of vulnerability is where no user intervention or user action is required and an attacker can just send some specially crafted packets or requests, and because of which he or she can take complete control of the target machine,” Amol Sarwate, director of Qualys vulnerability research lab, said in an interview. While RPD is not enabled by default, he said the number of machines that have it turned on is a “big concern” because it is so widely used in large organizations and business settings.The bug affects Windows XP and all versions of Windows released since, including the developer preview of Windows 8. It was privately reported by Luigi Auriemma, an Italian security researcher who frequently focuses on vulnerabilities in industrial control systems and SCADA, or supervisory control and data acquisition, systems used to control dams, gasoline refineries, and power plants. Microsoft said theres no indication the vulnerability is being used in the public to attack Windows users at the moment, but the company predicts that could change.”Due to the attractiveness of this vulnerability to attackers, we anticipate that an exploit for code execution will be developed in the next 30 days,” Suha Can and Jonathan Ness, of Microsoft Security Response Center Engineering, wrote in an advisory published Tuesday.

via Critical Windows bug could make worm meat of millions of high-value machines.

Comment

I Had This One Right

Filed Under: Microsoft, Server 8, Windows, Windows 8 by William — Leave a comment
May 23, 2011

I had some folks I know telling me MS wasn’t going to release Win8 in 2012.  Everything I have seen though form public to ms partner materials has strongly hinted at 2012 for the next windows stack..server 8 windows8.  Most likely office 2012 as well.  Right from the MS CEO:

http://www.zdnet.com/blog/microsoft/microsofts-ballmer-says-next-gen-windows-systems-due-in-2012/9515

so what do you do if you are on anything form xp on up?  wait to upgrade until windows 8 comes out…or for my clients wait for me to test the betas and give you an idea of the hardware requirements…which i will do as soon as the partners betas get released.

 

Microsoft’s Ballmer says next-gen Windows systems due in 2012 | ZDNet.

Comment

New ECC Operating System Recommendations

Filed Under: Microsoft, Office, Office 15, Server 2008, Server 8, Windows, Windows 7, Windows 8 by William — Leave a comment
March 18, 2011

As the software landscape changes and so does technology so does my recommendations for clients.  The biggest one right now is do you buy windows 7/server 2008 now or wait?  ECC is saying to wait unless you absolutely MUST upgrade now.  Why?  2012-2013 Windows 8, Server 2012, and Office 2012/2013 are going to be coming out.  I would not buy anything srver 2008 related right now(that includes the latest versions of SBS as they are based on 2008 R2).  We are three years into the primary support cycles of 2k8 vintage product that means you have two years of primary support for most things 2k8 based.  If you are going to go through the expense of a major upgrade then I would wait.  If you only are using 2k8 for simple AD and file resource sharing 2k8 is most likely going to be a great bet if you have to upgrade now.  If you have further questions feel free to use the contact form at eccmd.com/http://www.emmanuelcomputerconsulting.com/contact-us or call me.

 

Comment