Internet Threats and Viruses

Microsoft recently released information regarding a potential security threat for users still running Windows XP while browsing the web. The F1 key, a command that opens up the “Help” menu in Internet Explorer, has been associated with potentially opening a security breach to your computer, and should be temporarily avoided until an official update is released by Microsoft. This security breach, which would allow malicious code to infect your computer, is only a threat for users running older operating systems while browsing infected websites. “If a malicious Web site displayed a specially crafted dialog box and a user pressed the F1 key, arbitrary code could be executed in the security context of the currently logged-on user”.

The problem exists in that unsafe websites can have malware hidden in them, waiting to download to your computer. Certain viruses would be given easy access to your computer through a glitch when the user uses the F1 key to open the “Help” menu; essentially giving the malicious code a path to sneak onto your PC. Users running Windows Vista or Windows 7 have nothing to worry about from this threat. For users with Windows XP, be cautious about what sites you browse to while at work. As always, this is one of the best ways to avoid viruses and malware from infecting your computer. In the case of this particular problem, Microsoft claims that avoiding pressing the F1 key while browsing the web will keep users safe. This exploitation can only run with there is both malicious code available and when the user presses the F1 key to open the “Help” menu. Avoid suspicious sites and avoid using the F1 key on your keyboard while browsing the web until Microsoft releases an update.

On a similar note, we have recently seen an increase in infections from the “AntiVirus 2010” virus. This program downloads itself to and infects the user's computer. The virus then pretends to be an anti-virus program and alerts the user that a virus has been found on the computer. The “AntiVirus 2010” program pretends to scan the computer, finds infections that it itself has placed, and then attempts to sell the user a solution to the problem.


AntiVirus 2010 “Anti-virus scanner”

If this virus is encountered, avoid clicking on any of the pop-ups or windows it generates. There are a few known websites that your PC can be re-directed to through a bad link, a pop-up, etc, that will download this virus without you knowing. As an added measure of security, it's possible to add these sites into your Internet browser's list of blocked sites. For Internet Explorer, follow these steps:

Open IE and click on Tools > Internet Options > Security Tab > Restricted Sites (red circle with a line icon) > Sites

This will open a window that allows you to enter in website addresses to block. From the list below, type or copy and paste each web address individually into the bar that says “Add this website to the zone:”, and then click Add. When finished, click Close to close that window, and then OK to close the Internet Options windows. If a bad link tries to redirect your computer to one of the Antivirus 2010 websites that download the virus, the page will be blocked. Again, having real anti-virus software is very important in keeping your computer safe, but avoiding non-work related sites is equally as important.

Sites associated with AntiVirus 2010 to block:

• download-antivirus2010.info


• microsoft-browser-security-center


• mybestantivirus-download.info/en/exe/StageThree.exe


• av2010.net/install.php


• av2010pro.com

Kyocera Multifunction Printer – Scan to Folder Feature

Recently, we migrated a client from Small Business Server 2003 to Small Business Server 2008.  The client has Kyocera KM series multifunction print devices (copy, scan, print, fax).

For some time, they were using an application on the device called KYOcapture.  However, this application was not stable and was difficult to update with new configuration information like a new scan to folder setting or user account.  In contacting their printer vendor, Electro Graphic Products - http://egp-mita.com/, I discovered the ease with which this otherwise complicated scenario could be configured with the SMB protocol to a network file share.

While this was a breeze to setup with SBS 2003, after the migration to SBS 2008, the scan to folder feature stopped working.  The machine would say that error 1102 occurred and that the machine “could not connect”.  After troubleshooting, I called EGP again and discovered that the SMB port from the device to the server changed from 139 (File and Printer Sharing) to port 445. 

All that was needed was to add :445 after the hostname field when setting up the address book entry.

Problem solved.

MSExchangeIS Automatic Start When Migrating from SBS2003 to SBS2008

When migrating from Windows Small Business Server 2003 to Windows Small Business Server 2008 you may find that the Exchange Information Store Service does not start automatically on the destination server after installing Windows SBS 2008. Because SBS 2008 is a global catalog server, when Exchange 2007 installed on a GC, some services like: Microsoft Exchange System Attendant, Microsoft Exchange Information Store may not start automatically, which is normal.

The cause of the issue is that Exchange services depend on following Windows Services:

Event Log
NT LM Security Support Provider
Remote Procedure Call (RPC)
Server
Workstation

When any of these service do not start before Exchange tries to start Exchange services, the Exchange Information Store service cannot be started. You can either change the service dependencies, or you can add BootPause registry key to delay the startup of Exchange Server. Microsoft provides instructions to perform these steps in the following knowledge base article: http://support.microsoft.com/kb/940845/en-us.

Free Virtualization Event: Virtualization Untangled - March 18th, 2010

RoseBud Presents - Virtualization Untangled - Join us for this free event - Earn CPE Credit

March 18th, 2010 11:30-1:00p.m.. Held at the offices of Bennett-Thrasher in Atlanta.

Virtualization is unquestionably one of the hottest trends in information technology today. This is no accident. While a variety of technologies fall under the virtualization umbrella, all of them are changing the IT world in significant ways.

This overview introduces Microsoft’s virtualization technologies, focusing on three areas: hardware virtualization, presentation virtualization, and application virtualization. Since every technology, virtual or otherwise, must be effectively managed, this discussion also looks at Microsoft’s management products for a virtual world. The goal is to make clear what these offerings do, describe a bit about how they do it, and show how they work together.

Free Windows 7 shirt for all who register.

Register here: https://support.rosebudtech.com/events/

Technology Roller Coaster

On day where I’m still recovering from a long day, long night, and an early morning support call with Microsoft – I needed a fun reminder as to how neat this technology can be.

Working with a client this morning, we wanted to test our System Center Virtual Machine Manager installation.

On the technical side of the equation, this environment is a three node Windows 2008 R2 Hyper V failover cluster connected to a backend SAN.  A separate Windows 2008 R2 server is acting as the virtual machine management console.

We took turns, one by one, putting the virtual host machines into Maintenance Mode.  This automatically moves any virtual machines on that particular host another host in the cluster.  This move is “live”, so end users don’t know anything is happening while the move takes place or that the server their using is now running from a different virtual host machine.

While the machine is in maintenance mode, we installed Windows Updates and rebooted.  Once the reboot was complete, we stopped maintenance mode on the virtual host machine.  System Center Virtual Machine Manager then reallocates the virtual machines running on the other virtual hosts back to the reinstated virtual host.

Sometimes technology is just cool.

Establish a VPN connection pre-logon in Vista/Server 2008/Windows 7

1. 
   
2. 
   
3. Press CTRL+ALT+DELETE.
4. Windows displays the logon screen for the user that last logged on. Press ESC or click Switch User to view other logon choices.
5. A blue button appears to the left of the red Shutdown button. Click the blue button. Windows displays a list of system-owned dial-up connections for you to choose, if there is more than one. Otherwise, Windows uses the single system-owned connection.
6. If prompted, type the user name and password for the dial-up connection and click the round blue button to connect.
7. Windows then establishes a connection to the remote network using the provided credentials. It uses these same credentials when logging on to the domain.

Microsoft to Issue Emergency IE Patch Today 1.21.10

Thu, January 21, 2010 — Computerworld — Microsoft will release its emergency patch for Internet Explorer (IE) on Thursday, the company said today as it also admitted that attacks can be hidden inside rigged Office documents.

The Patch Tuesday Survival Guide

"We are planning to release the update as close to 10:00 a.m. PST as possible," Jerry Bryant, a program manager with the IE group, said in an entry on the Microsoft Security Response Center (MSRC) blog.

Yesterday, Microsoft confirmed speculation that it would issue an "out-of-band" update for the IE vulnerability, but postponed specifying a ship date until today.

Microsoft also updated the security advisory it originally published last week when it acknowledged a zero-day IE vulnerability had been used by hackers to break into the corporate networks of Google and other major Western companies. Google has alleged that the attacks were launched by Chinese attackers. Subsequently, security experts have offered evidence that links the attacks to China .

The revised advisory also addressed claims made by researchers that it's possible to exploit the newer IE7 and IE8 browsers, and even circumvent Microsoft's recommended defensive measure, DEP (data execution prevention). However, the advisory waffled on whether DEP bypass was effective, neither confirming or denying the researchers' allegations.

"There is a report of a new Data Execution Prevention (DEP) exploit," Microsoft said in the advisory. "We have analyzed the proof-of-concept exploit code and have found that Windows Vista and later versions of Windows offer more effective protections in blocking the exploit due to Address Space Layout Randomization (ASLR)."

Even a follow-up post by Jonathan Ness, an MSRC engineer, on the company's Security Research & Defense blog declined to spell out whether the DEP bypass attacks were effective. Ness, however, did reiterate Microsoft's point that the only in-the-wild attacks seen thus far have been aimed at IE6.

He also touted the additional security that ASLR and IE's Protected Mode provide, and published a table that spelled out the current attack and threat situation for IE and Windows users.

Microsoft also admitted that the vulnerability could be exploited through malicious Office documents, a vector that had not been disclosed previously. "We are also aware that the vulnerability can be exploited by including an ActiveX control in a Microsoft Access, Word, Excel, or PowerPoint file," said Bryant. "To prevent exploitation, we recommend that customers disable ActiveX Controls in Microsoft Office."

Tomorrow's update for IE will patch all attack avenues, Bryant added, including the Office document vector.

The IE vulnerability has gained considerable attention because it has been connected to the attacks that broke into Google's corporate network. McAfee was the first to reveal that the attacks against Google had been conducted using exploits of the IE vulnerability.

To read the complete article:

http://www.cio.com/article/520729/Microsoft_to_Issue_Emergency_IE_Patch_Thursday?source=rss_news