IT

Fixes include:

KB 958659 - When you use telephony mode=4, you can only manually set the URI information in Communicator 2007
KB 957793 - A Communicator 2007 client is unusually slow at startup
KB 956734 - The presence status of Communicator 2007 changes to "Away" for all Terminal Server users when one user locks the desktop on a Windows Server 2008-based computer

Download the update, which brings Communicator to build v2.0.6362.97 (previous release in July brought the build to
v2.0.6362.76 - 21 builds ago - but seems offline now.)

Elan posted about it too.

Buffer underflow in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a Server Message Block (SMB) request that contains a filename with a crafted length, aka "SMB Buffer Underflow Vulnerability."

It is unusual to see the amount of attention given to this update and the speed at which it was released, especially out-of-band.

Thankfully for Server 2008 and Vista, the attacker has to be an authenticated user, but Server 2003 and XP users are not so lucky.

Most firewalls already block RPC traffic from external sources, so that attack vector is somewhat mitigated, but what I am worried about is the possibility of a 0-day worm getting inside an organization and worming around the entire network due to internal/client firewall rules.

It is particularly interesting that they released an update for Windows 7 pre-beta, build 6801, which I believe is going to be the build version given out at the PDC.

If you are running the beta builds of the Forefront Stirling TMG that have the GAPA protection enabled, you are already protected at the firewall level from the exploit due to the updated definitions already released by Microsoft. You can sort of think of it like Snort signatures.

I haven't seen Active-eXploits out in the wild yet, but it is only a matter of time.

You can read the Homeland Security National Vulnerability Database report on it here.

You can read a more in-depth report from the Microsoft Security Vulnerability Research and Defense team on the update here.

Direct download links to the patch, per OS:
Win 2K SP4
Win XP x86 SP2/SP3 / x64 RTM/SP2
Win 2003 x86 SP1/SP2 / x64 RTM/SP2
Win Vista RTM/SP1 x86/x64
Win Server 2008 x86/x64

Other sites with additional information on the exploit:
SecurityFocus
FRSIRT
SecurityTracker
Secunia
XForce (1 of 2)
XForce (2 of 2)

If you care about security, I suggest installing Flash player 10 because of the security enhancements that come along with it.

You can download the final (non-beta!) binary for Adobe Flash 10 here.

Still no 64-bit support. Shameful. I wonder if CNN's site works with Flash 10 yet or not. Last time I checked, last week, it still blocked Adobe Flash 10.

Update: Here is a good idea to do it right now - there won't be a security fix for Adobe 9 until mid-november on a known security exploit. It is already fixed in 10.

Cut-and-paste from the original post:

Jamie walked me through the new Attendant Console in OCS R2.
If you've got a busy receptionist that spends a lot of time taking and routing calls, the Attendant Console was built with that job in mind.

You can view the video here.

It is good to see this as a feature, because the 3com NBX had this in the late 90s and Cisco has had it forever too.

Kicking and screaming (not really), I've been adding Media Center-esque devices to our household over time - mostly from Woot auctions because I don't want to put a lot of money into stuff like this, for now. I can say though, is that I'm very impressed with how the newer firmware on the Hava interfaces with Windows Media Center and how the well the Pinnacle PCTV 800e works, on a Thinkpad T60.

When I'm at home, I "drive it like I stole it" on my Dell 2707WFP monitor, and the ATI X1400 really shouldn't be able to keep up with the amount of HD scaling it has to do, but it does it surprisingly well. I'm curious to see how well it will behave on the newer models like the Thinkpad T500.

Long story short, there is a new cumulative update for Media Center that came out in October 2008:

Fixes an issue in which you cannot seek through recorded TV shows on Windows Media Center systems that have digital cable tuners. Additionally, the recorded TV shows display the incorrect length.

Fixes an issue in which Windows Media Center Extenders cannot reconnect to a host computer after the host computer resumes from the suspend mode or the sleep mode.

Fixes an issue which is introduced by in Microsoft Knowledge Base article 950126. In this issue, a video that is paused may resume if you minimize or maximize the Windows Media Center window or if a screen saver starts.

Implements support for Digital Rights Management (DRM)-free copy for digital cable tuners that have the latest digital cable tuner BIOS versions that support DRM-free copy.

Expands the solution that was introduced in Microsoft Knowledge Base article 950126 to improve the experience of recording analog TV broadcasts to include set-top box scenarios. Previously, some analog TV broadcasts were blocked with the "protected content" message.

Note: This solution does not apply to configurations that use analog TV over digital cable tuners because the BIOS of the digital cable tuners provide content protection.

KB 955519 - you can read about it here and download the binaries here (x86/x64).

This might improve behavior of the Cisco VPN client under Vista/Server 2008. It is too bad they are not providing a 64-bit client for their IPSec VPN.

SYMPTOMS
You use a Windows Vista-based or Windows Server 2008-based computer that is behind a Network Address Translation (NAT) device. When you use this computer to try to communicate with another computer through an Internet Protocol security (IPsec) tunnel-mode connection, the connection fails.

CAUSE
This issue may occur if more than one computer shares the same source port. Windows Vista and Windows Server 2008 do not support tunnel-mode connections when the computer is behind an NAT device. Therefore, a conflict may occur.

RESOLUTION
A hotfix is available to resolve this issue. This hotfix adds the support for IPsec when the computer is behind a NAT device.

You can read more about it here and request the binaries here.

#1. Is the reporting capabilities of archival data better in R2? Right now, people typically buy FaceTime or write their own scripts to query SQL directly.

#2. Are some of the LiveMeeting "Hosted Service Only" features, like easy server-side meeting recording, available in R2?

#3. What is the migration/upgrade strategy, if it exists?

#4. Does Remote Call Control (RCC) still exist? LCS 2005 had more RCC capabilities than OCS 2007.

#5. G.729 codec support?

#6. Live Meeting High Fidelity Presentation (HFP) format 64-bit client codec support?

#7. Support for TAPI-based phone system integration without use of 3rd party add-ons?

#8. Better documentation? There are topics in the OCS 2007 documentation that are glanced over with a single sentence, when they should have a few pages worth of explanation. There are also sections that have a few pages of pictures and words that could be summarized by a single sentence. It goes both ways.

#9. Pick a dial plan/address book normalization scheme with the Exchange group and consolidate efforts? Enterprise voice dial plan format is different than Address Book normalization rules format. The integration pieces between Exchange 2007 and OCS 2007 R1 are not very straightforward to figure out and setup.

#10. Tools to mass modify Enterprise Voice AD attributes and RCC attributes?

#11. Ability to rename/change display of IM/PIC contacts in Office Communicator?

#12. Tools to prepopulate IM lists for new users?

#13. Ethical walls built in, not an API add-on after the fact?

#14. Updates from WSUS (almost there with the latest Category changes) for Office Communicator that offer a brand new .MSI instead of just .MSP (MSI transforms) that apply to the original release? It becomes a packaging/deployment hassle for enterprises.

#15. Full list of registry settings used by Office Communicator? Updated ADM/ADMX to support all the new options that have come out since OCS 2007 R1 RTM?

#16. Working TelephonyMode = 4 (TelephonyModeRccOnly) in Office Communicator? Currently broken in all Office Communicator 2007 R1 versions.

#17. Custom presence status messages without editing the registry/XML files? More than 4 entries available?

Thanks to the watchful eye of Elan - he spotted a press release about OCS 2007 R2.

It sounds pretty cool - just check out the details:

Dial-in audioconferencing - Office Communications Server 2007 R2 enables businesses to eliminate costly audioconferencing services with an on-premise audioconferencing bridge that is managed by IT as part of the overall communications infrastructure.

Desktop sharing - This feature enables users to seamlessly share their desktop, initiate audio communications and collaborate with others outside the organization on PC, Macintosh or Linux platforms through a Web-based interface.

Persistent group chat - This enables geographically dispersed teams to collaborate with each other by participating in topic-based discussions that persist over time. This application provides users with a list of all available chat rooms and topics, periodically archives discussions in an XML file format that meets compliance regulations, provides tools to search the entire history of discussion on a given topic, and offers filters and alerts to notify someone of new posts or topics on a particular topic.

Attendant console and delegation - This allows receptionists, team secretaries and others to manage calls and conferences on behalf of other users, set up workflows to route calls, and manage higher volumes of incoming communications through a software-based interface.

Session Initiation Protocol trunking - This feature enables businesses to reduce costs by setting up a direct VoIP connection between an Internet telephony service provider and Office Communicator 2007 without requiring on-premise gateways.

Response group - A workflow design application manages incoming calls based on user-configured rules (e.g., round-robin, longest idle, simultaneous), providing a simple-to-use basic engine for call treatment, routing and queuing.

Mobility and single-number reach - This extends Microsoft Office Communicator Mobile functionality to Nokia S40, Motorola RAZR, Blackberry and Windows Mobile platforms, allowing users to communicate using presence, IM and voice as an extension of their PBX from a unified client.*

APIs and Visual Studio integration - This improves the efficiency of everyday business processes by enabling businesses to build communications-enabled applications and embed communications into business applications.

Update from more sources: Elan, Matt, NoMorePhones, and No Jitter.

More updates related to the Speech Server aspect of OCS 2007 R2 here.

As mentioned here, they are not trying to come up with a clever name for the version after Vista. Some people are complaining already about naming an OS around a version number but... OS X? Hello? OS 10.

I've also seen complaints that the kernel is reporting 6.1. This is by design, and it is due to the amount of programs that will downright break if a major version number incremented.

I'm glad they are moving away from year based names, too.

This looks to be a great update and improvement to the iCal update from a few months ago (KB 950219)

Even though there are many changes listed, the ones that caught my eye in particular are:

KB 956531 - Outlook 2007 prompts you repeatedly for a password under certain network conditions

KB 956647 - Outlook 2007 does not honor the folder structure that was created in Internet Explorer 7 for the RSS Feeds folder

KB 956532 - When a user accesses their Free/Busy information, the Outlook Web Access service stops on the computer that is running Exchange 2007

KB 955572 - You cannot cache shared mail folders in Outlook 2007

KB 956528 - You cannot suppress the Autodiscover redirect warning in Outlook 2007

This hotfix fixes the following issues that were not previously documented in a Microsoft Knowledge Base article:

Outlook 2007 on a LAN uses NTLM authentication instead of Kerberos authentication for the Autodiscover service and for the Availability service.

You open Outlook 2007 in Cached Exchange Mode. After the initial synchronization is complete and the status bar displays All folders are up to date, the notification area still displays the synchronizing icon.

When you start Outlook 2007, you may receive the following error message: The data file file_name was not closed properly. The file is being checked for problems. Additionally, when the data consistency check occurs, Outlook 2007 responds slower than you expected.
Note: This hotfix greatly reduces the frequency of the consistency checks and the time that is required to perform the checks. (Yay!)

Read more about the update here and request the binaries here. There are many more issues fixed than what I highlighted here.