Nuffnang

Sunday, September 23, 2012

Microsoft Releases Patch for Internet Explorer Exploit



Systems Affected

     * Microsoft Internet Explorer 6
     * Microsoft Internet Explorer 7
     * Microsoft Internet Explorer 8
     * Microsoft Internet Explorer 9


Overview

   Microsoft has released Security Bulletin MS12-063 to address the
   use-after-free vulnerability that has been actively exploited this
   past week.


Description

   Microsoft Internet Explorer versions 6, 7, 8, and 9 are susceptible
   to a use-after-free vulnerability. This vulnerability is being
   actively exploited in the wild. Microsoft has released Security
   Bulletin MS12-063 to patch this vulnerability and four others.

   This vulnerability was previously mentioned in US-CERT Alert
   TA12-262A. Additional information is available in US-CERT
   Vulnerability Note VU#480095.


Impact

   A remote, unauthenticated attacker could execute arbitrary code,
   cause a denial of service, or gain unauthorized access to your
   files or system.


Solution

   US-CERT recommends that Internet Explorer users run Windows Update
   as soon as possible to apply the MS12-063 patch.


References

 * Microsoft Security Bulletin MS12-063
   <http://technet.microsoft.com/en-us/security/Bulletin/MS12-063>

 * US-CERT Alert: Microsoft Security Advisory for Internet Explorer
   Exploit
   <http://www.us-cert.gov/cas/techalerts/TA12-262A.html>

 * Microsoft Windows Update
   <http://go.microsoft.com/fwlink/?LinkID=40747>

 * US-CERT Vulnerability Note VU#480095
   <http://www.kb.cert.org/vuls/id/480095>


* Microsoft Security Advisory (2755801)
  - Title: Update for Vulnerabilities in Adobe Flash Player in
    Internet Explorer 10    
  - http://technet.microsoft.com/security/advisory/2755801
  - Revision Note: V1.0 (September 21, 2012): Advisory published. 

* Microsoft Security Advisory (2757760)
  - Title: Vulnerability in Internet Explorer Could Allow Remote
    Code Execution   
  - http://technet.microsoft.com/security/advisory/2757760
  - Revision Note: V2.0 (September 21, 2012): Advisory updated to
    reflect publication of security bulletin.
 

Posted by at No comments:

Tuesday, September 18, 2012

Microsoft Security Advisory for Internet Explorer Exploit

Systems Affected

* Microsoft Internet Explorer 7

* Microsoft Internet Explorer 8

* Microsoft Internet Explorer 9

Overview

An unpatched use-after-free vulnerability in Microsoft Internet Explorer versions 7, 8, and 9 is being exploited in the wild.

Microsoft has released Security Advisory 2757760 with mitigation techniques.

Description

Microsoft Internet Explorer versions 7, 8, and 9 are susceptible to a use-after-free vulnerability. This vulnerability is being actively exploited in the wild. At this time, there is no patch available for this vulnerability. End-users can mitigate the vulnerability by using Microsoft's Enhanced Mitigation Experience Toolkit.

Additional mitigation advice is available in the MSRC blog post:

"Microsoft Releases Security Advisory 2757760" and US-CERT Vulnerability Note VU#480095.

Impact

A remote, unauthenticated attacker could execute arbitrary code, cause a denial of service, or gain unauthorized access to your files or system.

Solution

US-CERT recommends Internet Explorer users read Microsoft Security Advisory 2757760 and apply mitigation techniques such as using the Microsoft Enhanced Mitigation Experience Toolkit.

References

* Microsoft Security Advisory (2757760)

<http://technet.microsoft.com/en-us/security/advisory/2757760>

* MSRC Blog: Microsoft Releases Security Advisory 2757760

<http://blogs.technet.com/b/msrc/archive/2012/09/17/microsoft-releases-security-advisory-2757760.aspx>

* Download Microsoft EMET 3.0

<http://www.microsoft.com/en-us/download/details.aspx?id=29851>

* US-CERT Vulnerability Note VU#480095

<http://www.kb.cert.org/vuls/id/480095>

Posted by at No comments:

Monday, September 17, 2012

Windows Server 2012 Hyper-V vs VMware 5.0

Windows 2012 Server had been released. Below is the comparison chart between Windows 2012 Server Hyper V with Vsphere 5 Enterprise Plus.

http://blogs.technet.com/cfs-filesystemfile.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-84-12-metablogapi/1351.vm_5F00_07D5C1A8.jpg
Posted by at No comments:

Monday, September 10, 2012

Virtual DC: Different Architecture and Operation


Component

Physical Datacenter

Virtual Datacenter

Data Center

Bound by 1 physical site

DC migration is automated.

Disaster Recovery

Manual.

Actual Live DR rarely done, if ever.

Done by each apps

Automated.

Actual Live DR done frequently.

Provided as service by platform

Network

No DR Test network.

No QoS (no Shares concept)

DR Test Network required.

Built-in QoS.

Back up

Back up LAN + back agent

LAN-free and agent-less for most VM.

Clustering

MSCS

vSphere HA + Symantec AppHA

Firewall

FW not part of Server.

FW scales separately.

Rules based on IP

Rules embedded into VM.

Rules not limited to IP/Hostname.

Engine embedded into hypervisor

DMZ Zone

Physically separate. IP based separation.

IDS/IPS limited in DMZ

Logically separate. Not limited to IP.

IDS/IPS in all zones

Chargeback

Optional

Required

Capacity Management

Simple.

Complex. Tools required.

Asset Management

Complex & Time consuming.

Much simpler

Server life cycle

Manual provisioning & decomm.

Automated provisioning & retiring

Posted by at No comments:
Subscribe to: Posts (Atom)