OpenOffice.org

May 26, 2004

2 comments  

OpenOffice.org - OpenOffice.org is both an open-source application and project. It is free. The product is a multi-platform office productivity suite compatible with all major file formats.

This is a sweet MS Office replacement (but without an email app or Access app). Tons of customization, can save as a MS Office file (can set to default save)... Free. I'm running it at home and loving it. Take a look.

Exchange 2003 Deployment Tools

0 comments  

Download details: Exchange 2003 Deployment Tools

Exchange 2003: All-In-One Tools Download

May 25, 2004

0 comments  

Download details: Exchange 2003: All-In-One Tools Download: "This package contains all the Exchange tools bundled together in a single download. "

Download details: Microsoft SQL Server Best Practices Analyzer

0 comments  

Download details: Microsoft SQL Server Best Practices Analyzer - Microsoft SQL Server Best Practices Analyzer is a database management tool that lets you verify the implementation of common Best Practices on your servers.

Windows 2000 Default Policy Restore Tool

May 18, 2004

0 comments  

Download details: Windows 2000 Default Policy Restore Tool: "RecreateDefPol.exe is a tool developed for the restoration of the Default Domain and Default Domain Controllers policy files, in case of accidental deletion. This tool is for use exclusively on Windows 2000 Server, Advanced Server, and DataCenter Server. Do not use this tool on Windows Server 2003; use Dcgpofix.exe instead (included in Windows Server 2003)."

Windows 2000 Security Event Descriptions

0 comments  

299475 - Windows 2000 Security Event Descriptions (Part 1 of 2)
301677 - Windows 2000 Security Event Descriptions (Part 2 of 2)

Keyboard Shortcuts with Windows XP

May 15, 2004

0 comments  

Keyboard Shortcuts with Windows XP: "When speed counts, the keyboard is still king. Almost all the actions and commands you can perform with a mouse you can perform faster using combinations of keys on your keyboard. These simple keyboard shortcuts can get you where you want to go faster than several clicks of a mouse. You'll work faster on spreadsheets and similar documents, too, because you won't lose your place switching back and forth between mouse and keys.
Here are some of the most useful keyboard shortcuts:"

xBill for Windows

May 12, 2004

0 comments  

xBill for Windows: "Yet again, the fate of the world rests on your hands! An evil computer hacker, known only by his handle 'Bill', has created the ultimate computer virus. A virus so powerful that it has the power to transmute an ordinary computer into a toaster oven. (oooh!) 'Bill' has cloned himself into a billion-jillion micro-Bills. Their sole purpose is to deliver the nefarious virus, which has been cleverly disguised as a popular operating system.
As System Administrator / Exterminator, your job is to keep Bill from succeeding at his task."

Microsoft Security Bulletins for May

May 11, 2004

0 comments  

Microsoft Security Bulletin MS04-015: Vulnerability in Help and Support Center Could Allow Remote Code Execution (840374) - Important - Remote Code Execution

The only update this month!! Only affects XP and 2003..

TheNetworkAdministrator.com

0 comments  

TheNetworkAdministrator.com - More entertainment for the Network Admin. - Need to have something entertaining on Black Tuesday (Microsoft Security Bulletin release day).

TheOpenCD

May 05, 2004

0 comments  

TheOpenCD: "TheOpenCD is a collection of high quality Free and Open Source Software. The programs run in Windows and cover the most common tasks such as word processing, presentations, e-mail, web browsing, web design, and image manipulation. We include only the highest quality programs, which have been carefully tested for stability and which we consider appropriate for a wide audience."

Microsoft Hardening Systems and Servers: Checklists and Guides

0 comments  

Microsoft Hardening Systems and Servers: Checklists and Guides: "These guides and checklists help you improve the security of your systems whether they are new or already in operation."

Technet

0 comments  

Technet Briefings - link to slides and info from various MS events.. including the Microsoft Security Summit I attended last Friday.

The Sasser Worm

May 03, 2004

0 comments  

Symantec Security Response - W32.Sasser.B.Worm
PSS Security Response Team Alert - New Worm Sasser

The worm exploits the Local Security Authority Subsystem Service (LSASS) vulnerability fixed in Microsoft Security Update MS04-011 (835732) on April 13, 2004. As of right now, there are 2 other variants of this worm.

A friend of mine called me from his job Sunday evening for help clearing it off of most of the computers in his department. It's pretty nasty, seems to totally screw up the LSASS service. (Local Security Authority Subsystem Service provides an interface for managing local security, domain authentication, and Active Directory processes. It handles authentication for the client and for the server.) He had issues opening programs (event viewer, msconfig, etc) because of authentication issues, the computer would reboot, safe mode would have issues, the cpu would max out..

Here are details from Symantec:

1. Attempts to create a mutex called Jobaka3 and exits if the attempt fails. This ensures that no more than one instance of the worm can run on the computer at any time.
2. Copies itself as %Windir%\avserve2.exe.
3. Adds the value: "avserve2.exe"="%Windir%\avserve2.exe" to the registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run so that the worm runs when you start Windows.
4. Uses the AbortSystemShutdown API to hinder attempts to shut down or restart the computer.
5. Starts an FTP server on TCP port 5554. This server is used to spread the worm to other hosts.
6. Attempts to connect to randomly-generated IP addresses on TCP port 445. If a connection is made to a computer, the worm sends shellcode to that computer which may cause it to run a remote shell on TCP port 9996. The worm then uses the shell to cause the computer to connect back to the FTP server on port 5554 and retrieve a copy of the worm. This copy will have a name consisting of 4 or 5 digits followed by _up.exe (eg 74354_up.exe).