|
|
DMCUG Blog
|
 |
|
|
|
|
|
Zoek in de Blogs
|
|
|
|
|
|
|
DMCUG Blog Archief
|
|
|
|
|
|
|
|
Nieuws van week 7
|
|
|
Location: Blogs Bob's nieuws |
 |
| Posted by: ScuzzyBob |
16-2-2007 10:56 |
Source: microsoft.com
It is a subject the world keeps talking about, the upcoming Daylight Savings Time changes in some countries.
- Virtual Machine for Microsoft Exchange Calendar Update Tool - http://www.microsoft.com/downloads/details.aspx?FamilyId=03D4251D-370F-486D-BB2F-64FF14C546AD&displaylang=en
Overview
Important
Before you run the Exchange Calendar Update tool, refer to Microsoft Knowledge Base article 930879, "Addressing daylight saving time using the Exchange Calendar Update tool," for complete information about potential effects on your IT environment and user base.
After installing the Windows and Exchange daylight saving time (DST) updates, all old appointments (both recurring and single instance) that occur during the extended DST period will be incorrectly displayed as having moved back one hour. These appointments will need to be updated so that they display correctly in Outlook, Outlook Web Access, and CDO-based applications. The Outlook Time Zone Data Update Tool enables end-users to update their own calendars. (For Outlook 2007 the time zone update feature is built into the application.)
The Exchange Calendar Update Tool enables administrators to avoid the challenges involved with broadly deploying the Outlook tool to all users and ensuring that each user runs the tool correctly.
So the idea with the VHD is to download it once, copy it as many times as you need on your network, and run them concurrently to perform the updates.
- Information on new update for DST coming to DLC & WSUS - http://blogs.technet.com/wsus/archive/2007/02/10/information-on-new-update-for-dst-coming-to-dlc-wsus.aspx
On the blog of the WSUS team there is information about the new update for the DST-changes. KB931836 will replace all previously released time zone updates. This update will be released tot WSUS on Feb. 13th. http://blogs.technet.com/wsus/archive/2007/02/10/information-on-new-update-for-dst-coming-to-dlc-wsus.aspx
- Daylight Saving Time Help and Support Center - http://support.microsoft.com/gp/cp_dst
Source: microsoft.com
Overview
Starting in the spring of 2007, Daylight Saving Time (DST) start and end dates for the United States will transition to comply with the Energy Policy Act of 2005. DST dates in the United States will start three weeks earlier (2:00 A.M. on the second Sunday in March) and will end one week later (2:00 A.M. on the first Sunday in November).
This update includes the changes for the United States DST change for the components affected in Microsoft Exchange. It also includes changes for the time zones in Canada which will make the same change to their DST transition dates from 2007.
IMPORTANT
If you are using Microsoft Exchange Server 2003 Service Pack 1 (SP1) and you install this update, third-party services such as BlackBerry or GoodLink may be affected. Shared mailboxes and Microsoft Entourage delegation scenarios may also be affected.
Click the following article number to view the article in the Microsoft Knowledge Base before you install this update.
912918 Users cannot send e-mail messages from a mobile device or from a shared mailbox in Exchange 2000 Server and in Exchange Server 2003
The third-party products that this page discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, regarding the performance or reliability of these products.
Bron: intelliadmin.com
Microsoft heeft alleen DST-patches beschikbaar voor Windows XP en 2003. De oudere platformen past Microsoft niet meer aan (alleen tegen hoge betaling).
Nu blijkt een 3rd-party, IntelleiAdmin, een tool te hebben voor de platformen die Microsoft niet meer ondersteunt. Er is een tool voor Windows 98 en ME maar belangrijker, men heeft ook een tool dat de benodigde aanpassingen kan maken op Windows NT en 2000.
Informatie:
Bron: microsoft.com
Het blijkt dat op Windows XP en Server 2003 systemen het proces SVCHOST.EXE nogal eens naar 100% processor belasting schiet. Dat wordt veroorzaakt door memory leaks en access violations.
Eerder bracht Microsoft al een speciale hotfix voor dit probleem uit maar ook die blijkt het probleem niet volledig op te lossen. Er is nu een nieuwe hotfix voor het probleem, helaas alleen op speciaal verzoek verkrijgbaar. Overigens blijkt ook dan dat het probleem niet voor de volle 100% opgelost is.
Bron: intelliadmin.com
The IntelliAdmin Profile Generator is a command line program that can be called from your logon script. It creates an Microsoft Exchange® Profile automatically so you never need to walk users through the setup wizard again.
Bron: microsoft.com
Gisteravond zijn de Februari security bulletins verschenen. Totaal 12 bulletins, gelijkmatig verdeeld n.l. 6 Critical en 6 Important.
- MS07-005 - Vulnerability in Step-by-Step Interactive Training Could Allow Remote Code Execution (923723) - http://www.microsoft.com/technet/security/bulletin/ms07-005.mspx
Rating: Important (Install at earliest opportunity)
Impact: Remote Code Execution
Affected software: Interactive Training
- MS07-006 - Vulnerability in Windows Shell Could Allow Elevation of Privilege (928255) - http://www.microsoft.com/technet/security/bulletin/ms07-006.mspx
Rating: Important (Install at earliest opportunity)
Impact: Privilege elevation
Affected software: Windows XP SP2, Windows Server 2003 RTM & SP1
Update replacement: Update replaces prior bulletin
- MS07-007 - Vulnerability in Windows Image Acquisition Service Could Allow Elevation of Privilege (927802) - http://www.microsoft.com/technet/security/bulletin/ms07-007.mspx
Rating: Important (Install at earliest opportunity)
Impact: Privilege elevation
Affected software: Windows XP SP2
- MS07-008 - Vulnerability in HTML Help ActiveX Control Could Allow Remote Code Execution (928843) - http://www.microsoft.com/technet/security/bulletin/ms07-008.mspx
Rating: Critical (Install immediately)
Impact: Remote Code Execution
Affected software: Windows 2000 SP4, Windows XP SP2, Windows Server 2003 RTM & SP1
- MS07-009 - Vulnerability in Microsoft Data Access Components Could Allow Remote Code Execution (927779) - http://www.microsoft.com/technet/security/bulletin/ms07-009.mspx
Rating: Critical (Install immediately)
Impact: Remote Code Execution
Affected software: MDAC 2.5 SP on Windows 2000 SP4, MDAC 2.8 SP1 on Windows XP SP2, MDAC 2.8 on Windows Server 2003 RTM & SP1
- MS07-010 - Vulnerability in Microsoft Malware Protection Engine Could Allow Remote Code Execution (932135) - http://www.microsoft.com/technet/security/bulletin/ms07-010.mspx
Rating: Critical (Install immediately)
Impact: Remote Code Execution
Affected software: Various Microsoft security software such as Defender, ForeFront and Antigen
- MS07-011 - Vulnerability in Microsoft OLE Dialog Could Allow Remote Code Execution (926436) - http://www.microsoft.com/technet/security/bulletin/ms07-011.mspx
Rating: Important (Install at earliest opportunity)
Impact: Remote Code Execution
Affected software: Windows 2000 SP4, Windows XP SP2, Windows Server 2003 RTM & SP1
- MS07-012 - Vulnerability in Microsoft MFC Could Allow Remote Code Execution (924667) - http://www.microsoft.com/technet/security/bulletin/ms07-012.mspx
Rating: Important (Install at earliest opportunity)
Impact: Remote Code Execution
Affected software: Windows 2000 SP4, Windows XP SP2, Windows Server 2003 RTM & SP1, Visual Studio .NET 2002 & SP1 and .NET 2003 & SP1
- MS07-013 - Vulnerability in Microsoft RichEdit Could Allow Remote Code Execution (918118) - http://www.microsoft.com/technet/security/bulletin/ms07-013.mspx
Rating: Important (Install at earliest opportunity)
Impact: Remote Code Execution
Affected software: Windows 2000 SP4, Windows XP SP2, Windows Server 2003 RTM & SP1
- MS07-014 - Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (929434) - http://www.microsoft.com/technet/security/bulletin/ms07-014.mspx
Rating: Critical (Install immediately)
Impact: Remote Code Execution
Affected software: Office 2000 SP3, Office 2003 SP2
- MS07-015 - Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (932554) - http://www.microsoft.com/technet/security/bulletin/ms07-015.mspx
Rating: Critical (Install immediately)
Impact: Remote Code Execution
Affected software: Office 2000 SP3, Office 2003 SP2, Project 2000 SR1, Project 2002
- MS07-016 - Cumulative Security Update for Internet Explorer (928090) - http://www.microsoft.com/technet/security/bulletin/ms07-016.mspx
Rating: Critical (Install immediately)
Impact: Remote Code Execution
Affected software: IE 5.01 on Windows 2000 SP4, IE 6 on Windows 2000 SP4, IE 6 on Windows XP SP2 or Windows Server 2003 RTM & SP1, IE 7
Bron: blogs.technet.com
Het blijkt dat als je hotfix 926666 installeert op je Exchange 2003 server het daarna niet meer lukt om stores te mounten.
Hiervoor heeft Microsoft nu een andere hotfix beschikbaar.
Bron: msexchange.org
Chris Dalby heeft een artikel geschreven waarin wordt uitgelegd hoe je OWA folder en IIS security permissies moet resetten in Exchange 2003.
Source: isc.sans.org
The Internet Storm Center has made their assessment of the february bulletins. They report on both workstations and servers.
| # |
Affected |
Contra Indications |
Known Exploits |
Microsoft rating |
ISC rating(*) |
| clients |
servers |
| MS07-005 |
Remote code execution in Step-by-Step Interactive training, replaces MS05-031 |
Step-by-Step Interactive training
CVE-2006-3448
|
No known problems
KB 923723
|
No known exploits |
Important |
Important |
Less Urgent
|
| MS07-006 |
Privilege elevation in Windows Shell, replaces MS06-045 |
Explorer
CVE-2007-0211 |
No known problems
KB 928255 |
No known exploits
|
Important |
Important |
Less Urgent
|
| MS07-007 |
Privilege elevation in Windows Image Acquisition
|
Image Acquisition
CVE-2007-0210 |
No known problems
KB 927802 |
No known exploits |
Important |
Important |
Less Urgent
|
| MS07-008 |
Remote code execution in HTML help Active-X, replaces MS06-046 |
HTML Help
CVE-2007-0214 |
No known problems
KB 928843 |
Exploit expected to become public soon
|
Critical |
PATCH NOW
|
Important
|
| MS07-009 |
Remote code execution in Microsoft MDAC ActiveX, replaces MS06-014
Workaround through a killbit, if you did not do that already: PATCH NOW
|
MDAC ActiveX
CVE-2006-5559
|
No known problems
KB 927779 |
Public exploits since Oct 24th, 2006 |
Critical |
Critical
|
Important
|
| MS07-010 |
Remote code execution in Microsoft Malware Protection Engine. This will automatically update. |
Microsoft malware protection
CVE-2006-5270 |
No known problems
KB 932135
|
No known exploits |
Critical |
Critical |
Critical
|
| MS07-011 |
Remote code execution in Microsoft OLE dialog |
OLE
CVE-2007-0026
|
No known problems
KB 926436
|
Exploit publicly available
|
Important |
Critical |
Important
|
| MS07-012 |
Remote code execution in Microsoft Foundation Class |
MFC
CVE-2007-0025
|
No known problems
KB 924667
|
No known exploits |
Important |
Critical |
Important
|
| MS07-013 |
Remote code execution in RichEdit, also affects Mac OS X versions of office. |
Office
CVE-2006-1311 |
No known problems
KB 918118
|
No known exploits |
Important |
Critical |
Important
|
| MS07-014 |
Multiple vulnerabilities in word leading to remote code execution, replaces MS06-060 |
Office
CVE-2006-5994
CVE-2006-6456
CVE-2006-6561
CVE-2007-0208
CVE-2007-0209
CVE-2007-0515
|
No known problems
KB 929434
|
Actively used and publicly known exploits since Dec 5th, 2006.
|
Critical |
PATCH NOW
|
Important
|
| MS07-015 |
Multiple vulnerabilities in Office lead to remote code execution, replaces MS06-062 |
Office
CVE-2006-3877
CVE-2007-0671
|
No known problems
KB 932554
|
Actively exploited, exploit known since Feb 2nd, 2007.
|
Critical |
PATCH NOW
|
Important
|
| MS07-016 |
Multiple vulnerabilities in Internet Explorer leading to remote code execution, replaces MS06-072 |
MSIE
CVE-2006-4697
CVE-2007-0219
CVE-2007-0217
|
No known problems
KB 928090
|
Exploits expected to be released soon
|
Critical |
PATCH NOW
|
Important
|
http://blogs.technet.com/upstate-ny-technology/archive/2007/02/14/learn-how-microsoft-s-it-group-is-preparing-for-the-dst-2007-changes.aspx
Microsoft IT, our internal IT Group here at Microsoft, has published a set of documents on how they are preparing for the changes being made to Daylight Savings Time in North America beginning next month
The first is titled *"Microsoft IT Daylight Savings Time Assessment
Checklist"*
<http://download.microsoft.com/download/8/4/a/84a56d19-ead2-42fe-a3e3-6c6a6993dd38/MSIT%20DST%20Assessment%20Checklist.pdf>
and provides a high-level checklist which you can use in your own
assessments of you organization
The next document is titled *"Daylight Saving Time: Microsoft IT
Enterprise Response Plan Preparing for Daylight Saving Time Changes
in 2007"*
<http://download.microsoft.com/download/1/3/1/1311baee-4a62-4426-9271-df5525ecc8f9/MSIT_DST_EnterpriseResponsePlan.pdf>,
and it outline the plans Microsoft IT has in place to mitigate any
issues internally
The third document, titled *"Exchange Time Zone Update Tool:
Guidance from Microsoft IT"*
<http://download.microsoft.com/download/a/6/4/a6430da0-11cd-47fb-aecb-e637906f0fbe/MSIT%20DST%20Exchange%20TZ%20Update%20Tool%20Guidance.pdf>, shares
Microsoft IT's own experiences with using the Exchange Time Zone
Update tool in a pilot implementation.
The last document is titled *"Outlook Time Zone Update Tool:
Guidance from Microsoft IT"*
<http://download.microsoft.com/download/0/b/f/0bf31c52-deb5-45de-9059-eb4d0dfa9ab3/MSIT%20DST%20Outlook%20TZ%20Update%20Package%20Guidance.pdf>.
The purpose of this paper is to share Microsoft IT experiences with
the Outlook Time Zone Update tool. As part of release planning,
Microsoft IT ran a pilot of the Outlook Time Zone Update package on
1,200 mailboxes.
Remember, the main link for all DST information on Microsoft.com is at http://support.microsoft.com/gp/cp_d
<http://support.microsoft.com/gp/cp_dst>
Bron: news24.com
Op deze website staat een aardig verhaaltje over de problematiek van de veranderende zomertijd in o.a. de VS.
Microsoft zelf schat het in als vergelijkbaar met de Y2K-problematiek op een kleinere schaal.
Bron: activewin.com
Op het blog van het Exchange team is de aankondiging te vinden van de Transporter Suite 2007.
Taken from our Resources for Interoperability and Migration from Lotus Domino page:
Microsoft Transporter for Lotus Domino configures Directory synchronization and Free/Busy lookups between Lotus Domino 6 or 7 and Exchange Server 2007 and Windows Server 2003 Active Directory. SMTP is used as the mail routing transport between Lotus Domino 6 or 7 and Exchange Server 2007.
Transporter also migrates users, mail databases and applications from Lotus Domino 5, 6 or 7 to Windows Server 2003 Active Directory, Exchange Server 2007 and Windows SharePoint Services 3.0.
Please read the Release Notes for important information prior to installing Transporter.
Bron: microsoft.com
This article describes the detection and deployment guidance for the security release that is dated February 13, 2007.
Source: msexchangeteam.com
The Microsoft Exchange team have put together a step-by-step guide on their blog of how to use the Exchange Calendar Update Configuration Tool.
Bron: msexchange.org
Neil Hobson heeft een meerdelig artikel geschreven over Message Tracking in Exchange 2007. Deel 1 is nu op het web beschikbaar.
Bron: microsoft.com
These ISO-9660 CD image files contain the security updates for Windows released on Windows Update on February 13th, 2007. These do not contain security updates for other Microsoft products. These CD images are intended for corporate administrators who manage large multinational organizations, who need to download multiple individual language versions of each security update and who do not use an automated solution such as WSUS. Use these images to download multiple updates in all languages at the same time.
Caution: Be sure to check the individual security bulletins at http://www.microsoft.com/technet/security prior to deployment of these updates to ensure that the files have not been updated at a later date.
Bron: activewin.com
Overview
Bron: activewin.com
Overview
Microsoft ActiveSync 4.5 is the latest sync software release for Windows Mobile-powered devices. ActiveSync provides a great synchronization experience with Windows®-powered PCs and Microsoft Outlook right out of the box.
Bron: winbeta.org
Jim McBee writes: "I came across this on Josh Maher's blog. Danilo Bordini of Microsoft Brasil has posted some early plans for Exchange 2007 Service Pack 1. Keep in mind that these are "plans" and may not reflect reality. The availability is "sometime after Longhorn" releases. So, don't hold your breath. Here are some high-points, at least based on what I could read and get translated from Portuguese."
- S/MIME controls for Outlook Web Access
- Personal distribution lists via OWA
- Outlook Web Access monthly calendar view
- Custom fields visible in the OWA address book
- Rules wizard for OWA
- Move-Mailbox cmdlet will import/export from a PST file!
- Bulk mailbox operations (I'm assuming this means creation)
- Public folder management from GUI
- POP3/IMAP4 configuration management from GUI
- IPv6 support
- Support for Longhorn server
- Standby continuous replication (SCR)
- Log shipping on private networks
- Information Rights Management (WRMS integration was pulled from E2K7 right before RTM)
- Improvements in geographic CCR clusters
- Improved VOIP security
When? Think Q4 2007
NB: Bink heeft de informatie van zijn site verwijderd op verzoek van Microsoft.
|
|
| Permalink |
Trackback |
|
|
|
|