Microsoft

Good news: It's progress. I haven't touched IE 6 unless a specific site required it.
Bad news: You can't run it side by side with IE 6.

http://blogs.msdn.com/ie/archive/2006/01/31/520812.aspx

. . . if you're infected with the latest virus/worm going around. It even comes with a neat little web counter when it infects a machine.

If you need a nice free virus scanner to check for it, http://safety.live.com

More information:

http://www.microsoft.com/technet/security/advisory/904420.mspx

http://www.f-secure.com/weblog/archives/archive-012006.html#00000788

Why? You only need licenses per physical CPU. That is a big cost saving.

More info here: http://www.microsoft.com/sql/howtobuy/multicore.mspx

Specifically:

Microsoft has been driving thought leadership in this area by charging the same amount per processor, regardless of how many cores are in the processor. Microsoft was the first database vendor to make this announcement, in October of 2004, and continues to be the only vendor to date that has taken this position. This strategy is based on the belief that multicore processors are a natural extension of Moore's Law (that the number of transistors on a chip doubles about every one to two years), and that the benefits should be passed on directly to customers.

A few months ago I switched jobs, and with that, I had to switch around my MCP association so that I was no longer associated with my previous place of employment. The Microsoft Partner renewal is coming up on 1/31/06. Thankfully, my new place of employment has plenty of points "in the bank" so I do not think we have to worry about getting kicked out, but I'm not positive on that.

Anyway, this all started back on January 6th. My certifications are still not associated with the new company properly. I've had numerous phone calls and e-mails to various organizations within Microsoft, including the MCP help e-mail alias and the regional partner program alias.

I've sent screen shots of the process failing. I've called and talked with people and they have been as confused as I have been as to why I am not able to join.

So far, I have disassociated my MCP ID number from my old Microsoft Passport at my old place of work. For a time, my MCP ID number did not have any mapping to it. The MCP program help desk was able to send me another activation code and allow me to assign my number to my new Passport ID.

It seems like I am at least half way there but it is driving me batty because my certs directly affect what competancy selections we can be included in and my final goal is to get this place to be a Gold Partner. We're almost there. I'm listed as the Primary Technical contact but that certainly isn't helping my cause at all. The Microsoft Partner site is still convinced that my Passport has no certifications, even though I can log onto the MCP site with the same Passport and view all of my test scores and achievements.

The last time something like this happened with a Passport, it was the difference between filling out the form as "AARON TIENSIVU" instead of "Aaron Tiensivu", but all combinations do not work. I still think something like that should be case insensitive anyway.

I don't want to make "bad press" but it is directly affecting my day to day work.

If anyone knows how to get this resolved, please comment here. I have my case number, MCP and Partner ID numbers ready if anyone at Microsoft needs them. My e-mail address is microsoft at tiensivu dot com for all matters about this.

The original case was opened on January 6th. It's the 26th now. The 31st looms near. I'm getting antsy.

This is always handy to have if you are going to a place without a WSUS server and/or low bandwidth.
They might be corner cases of the general trend but it is nice that there is this option available.

http://support.microsoft.com/kb/913086

It is explained (much) better here:

http://blogs.technet.com/msrc/archive/2006/01/11/417283.aspx

If you can grok assembler, you can see the details of the WMF patches, and how close the unofficial and official patches are. The amazing thing to me [at least] is that there was/is an MS staffer commenting and helping people out in that Something Awful thread I posted a few days ago. He (or she?) provided some very cool info on how it all went down.

See the changes to gdi here:

http://blogs.securiteam.com/index.php/archives/184

Also of note: This WMF stuff reminds me A LOT of 'the BBS days' when ANSI.SYS under DOS could remap keys and you could get ANSI bombed with a keystroke that would format your hard drive without any interaction. Use of a function meant for good, for bad purposes.

I forgot how much I loved this small font, especially for command line consoles.

http://www.tobias-jung.de/seekingprofont/

http://www.microsoft.com/technet/security/advisory/912840.mspx

http://www.microsoft.com/technet/security/bulletin/advance.mspx

KB article:
http://support.microsoft.com/kb/912919

Notes from Mike Nash:
http://blogs.technet.com/msrc/archive/2006/01/05/416980.aspx

If you are wondering if you should wait, check out this quote from Mike:
"With the update available today, you certainly have the choice of deploying now or waiting until your normal release process. If it were my decision, I would move up the schedule. That is what we are doing in our IT operation here at Microsoft."

I'm glad they didn't wait until the 10th to release this.
Kudos to them.

Spotted this on BugTrack, I haven't tried it personally but it looks like a well thought out work around that goes beyond just WMF.
This is more for the security related people than end-users. I'm going to try it out on a test box of mine anyway. Gotta love virtual machines.

[snip]

For those interested, Core FORCE its a free endpoint security software
currently in Beta stage. With it users can configure access control
permissions to file system objects independently of the operating
System's ACLs and security policy enforcement mechanisms.

The default security profiles of IE and FireFox included the package
distribution prevented exploitation of the WMF bug through those
vectors. Simply because they denied execution of rundll32.exe from
within IE or Firefox. The same applies to the MSN Messenger profile
submitted to the profiles repository site.

Furthermore you can explicitly configure permissions to deny & log
read/exec access to shimgvw.dll system wide or on per application basis.
This is functionally equivalent to Microsoft's suggested workaround of
unregistering the DLL but the advantage is that it does not matter if
some program registers it back or if somehow a program tries to load and
execute the DLL in anyway.

Core Force is available at http://force.coresecurity.com

As I said, it is still beta make sure you read the software
compatibility and known issues list and the docs.

-ivan

--
---
To strive, to seek, to find, and not to yield.
- Alfred, Lord Tennyson Ulysses,1842

Ivan Arce
CTO
CORE SECURITY TECHNOLOGIES

46 Farnsworth Street
Boston, MA 02210
Ph: 617-399-6980
Fax: 617-399-6987
ivan.arce (at) coresecurity (dot) com [email concealed]
www.coresecurity.com

PGP Fingerprint: C7A8 ED85 8D7B 9ADC 6836 B25D 207B E78E 2AD1 F65A

[/snip]

MS Security blogs are now starting to make notes about this.

http://blogs.technet.com/jesper_johansson/archive/2006/01/02/416762.aspx

His patch for the WMF exploit works very well, and all the information in this thread, is very handy.
You should be able to view it without being registered or logged in.

http://forums.somethingawful.com/showthread.php?s=&threadid=1759903&perpage=40&pagenumber=1

Of particular interest is the Windows Media Player movie of the exploit in action. I am also VERY impressed with how well NOD32 takes care of the problem and how light weight it is. I suspect we have only seen the tip of the iceberg on this one so far. Sources say that the official patch is ready to roll, and that it is in the process of getting localized.

I think MS really should release this as an out-of-band update and not wait until Jan 10th.

It's actually a bit of a mis-design than anything else. It actually dates back to Windows 3.0. In theory, all these new exploits will even run (MAYBE) in Windows 3.0. If not, you could always write one if you really really wanted to.

Anyways, a much more technical write up than what I could do is over at the F-secure blog, which I always watch religiously. They are from Finland, so that helps too. [Despite my last name looking French or Asian, it is actually Finnish]

http://www.f-secure.com/weblog/archives/archive-012006.html#00000761

http://www.hexblog.com/2005/12/wmf_vuln.html

I've seen and heard about too many infections that this can not wait until the January Patch Tuesday.

Happy New Year!

We secretly went to Delaware to surprise a friend getting married that we've known for a long time. They had been convinced no one from Michigan outside of family were coming. They were wrong. On Friday night, Cassandra called Julie to tell her to check to see if her wedding package had arrived since she had been tracking it and UPS said it had been delivered to the doorstep. So, Julie opened the door and 3 people from Michigan were there. She had a look on her face like she had won the lottery.

That alone was worth the trip, and of course Dan's reaction and then rest of the weekend was very fun.