Microsoft Security Bulletin MS04-025 - Cumulative Security Update for Internet Explorer (867801) - Critical - Remote Code Execution
July 30, 2004
Download details: SQL Server Health and History Tool (SQLH2): "SQLH2 collects four main types of information:
1. Feature Usage - What services/features are installed, running and level of workload on the service.
2. Configuration Settings - Machine, OS and SQL configuration settings, SQL instance and database metadata.
3. Uptime of the SQL Server service
4. Performance Counters (optional) - Used to determine performance trends"
July 28, 2004
July 26, 2004
System Administrator Appreciation Day: 5th Annual - Friday - July 30th, 2004" - A special day, once a year, to acknowledge the worthiness and appreciation of the person occupying the role, especially as it is often this person who really keeps the wheels of your company turning.
HOOK ME UP. EMAIL ME WITH YOUR PRAISE AND GRATITUDE AND GIFTS!!
July 23, 2004
837932 - Event ID 2108 and Event ID 1084 occur during inbound replication of Active Directory in Windows 2000 Server and in Windows Server 2003
232122 - Performing Offline Defragmentation of the Active Directory Database
253644 - Inbound Replication to Global Catalog Servers Does Not Work Because of a Database Error
321046 - How To Use DNSLint to Troubleshoot Active Directory Replication Issues
JSI Tip 4837. Low disk space on a drive may prevent Active Directory replication?
269417 - Event 1586 Message: The Checkpoint with the PDC Was Unsuccessful
July 21, 2004
TechNet Virtual Lab - Ever wanted to test Microsoft's newest software in a sandbox environment? Wouldn't it be great to be able to test new servers immediately, without formatting hard drives or dedicating one or more computers to the project? Now you can, with the TechNet Virtual Lab.
As part of the TechNet Virtual Lab, you will have full access to Windows Server 2003 through seven modules:
• System Administration Scripting
• Active Directory - New User Interface
• Active Directory - New Functionality
• Group Policy Management Console
• Remote Desktop for Administration and Remote Assistance
• File, Storage, and Print
• IIS 6.0
July 20, 2004
Download details: SBS Customer Presentation: "This is a presentation that covers the following. Introducing Windows SBS 2003, Overview of business benefits and custom designed solutions"
This powerpoint presentation from Microsoft helps consultants sell Small Business Server to thier clients. Very handy.
July 16, 2004
Bart's Preinstalled Environment (BartPE) bootable live windows CD/DVD: "Bart's PE Builder helps you build a 'BartPE' (Bart Preinstalled Environment) bootable Windows CD-Rom or DVD from the original Windows XP or Windows Server 2003 installation/setup CD, very suitable for PC maintenance tasks.
It will give you a complete Win32 environment with network support, a graphical user interface (800x600) and FAT/NTFS/CDFS filesystem support. Very handy for burn-in testing systems with no OS, rescuing files to a network share, virus scan and so on.
This will replace any Dos bootdisk in no time!"
Download details: Microsoft Product Support's Reporting Tools: "The Microsoft Product Support Reporting Tool facilitates the gathering of critical system and logging information used in troubleshooting support issues. The reporting tool DOES NOT make any registry changes or modifications to the operating system. There are 8 specialty versions, one for each of the following support scenario categories: Alliance, Directory Services (not for Windows NT 4.0), Networking, Clustering, SQL, Software Update Services, MDAC and Base/Setup/Storage/Print/Performance."
July 13, 2004
Microsoft Delays By a Year Delivery of Two New Patching Systems: "Microsoft's Windows Update Services (WUS), the product formerly known as Software Update Services (SUS) 2.0, is now due to ship by mid-2005, rather than mid-2004. And the new Microsoft Update (MU) Service, a new patching system designed to provide fixes to not only Windows, but also Office, SQL Server, Exchange Server and other core Microsoft products, also is now due out by mid-2005, a year later than anticipated."
Microsoft Security Bulletin MS04-018: Cumulative Security Update for Outlook Express (823353) - Moderate (Cumulative Update) - Denial of Service
Microsoft Security Bulletin MS04-019: Vulnerability in Utility Manager Could Allow Code Execution (842526) - Important (replaced MS03-025) - Local Elevation of Privilege
Microsoft Security Bulletin MS04-020: Vulnerability in POSIX Could Allow Code Execution (841872) - Important - Local Elevation of Privilege
Microsoft Security Bulletin MS04-021: Security Update for IIS 4.0 (841373) - Important - Remote Code Execution
Microsoft Security Bulletin MS04-022: Vulnerability in Task Scheduler Could Allow Code Execution (841873) - Critical - Remote Code Execution
Microsoft Security Bulletin MS04-023: Vulnerability in HTML Help Could Allow Code Execution (840315) - Critical - Remote Code Execution
Microsoft Security Bulletin MS04-024: Vulnerability in Windows Shell Could Allow Remote Code Execution (839645) - Important - Remote Code Execution
July 10, 2004
839109 - You receive a ".pst is not compatible" error message when you open an Outlook 2003 .pst file: "Start Outlook 2003.
On the File menu, click Data File Management, and then click Add.
Click Outlook 97-2002 Personal Folders File (PST).
Click OK to accept the default name, and then click OK again.
Outlook 2003 now creates a new .pst file that is based on the earlier .pst file and maintains the ANSI formatting for that .pst file.
At the bottom of the navigation pane, click Folder List.
In the navigation pane, you now see the new .pst file.
Drag the information from your existing Outlook 2003 folders to the new .pst file. You may also use the Import and Export Wizard on the File menu to move the information from your existing Outlook 2003 folders to the new .pst file.
In the navigation pane, right-click the new .pst file, and then click Close 'file_name'."
Computing.Net - Outlook 2003->Outlook 2000 Contacts: "I had the problem of importing a .pst file to outlook 2000 that has been exported using outlook 2003. I installed Office Resource Kit . In Resource Kit Programs run 'Custom Maintenance Wizard'. In the next step put the 2003 CD in the drive and specify the location of the files. Following this you can create a new CMW file . Click next till you get the dialogue 'Change Office User Settings'. Click on Microsoft Office Outlook 2003. Click on miscellaneous and then PST settings. Change the preffered PST mode to ' Enforce ANSI PST '.Finally copy the MaintWiz.exe to c:\ and in the command prompt change the drive letter to c:\> .
Run the command
MaintWiz.eze /c 'Documents and Settings\Administrator\My Documents\New Maintenance Data File.CMW ' /qb-"
List of Current Papers and Brief Summaries: "'Learning by Doing' CCNA Textbook Version 1 (Pearson Education Press)" - and other resources.
July 07, 2004
Another Internet Explorer flaw found | CNET News.com: "Microsoft on Friday released a fix that's designed to protect computers from one of three flaws that, together, could be used to digitally slip past a PC's security through the browser. This weekend, however, a security researcher identified another flaw that could serve the same purpose and which isn't fixed by Microsoft's patch.
'They chose to address only one part of the problem,' said Jelmer Kuperus, a computer science student in the Netherlands who posted the code for the work-around. 'They should have seen this one coming.' "
July 06, 2004
JAYBE.org: "Pop Goes the Gmail is a program that sits between the http://gmail.com web server and your email client, converting messages from web format into POP3 format that a program such as Outlook Express or Thunderbird can understand."
July 02, 2004
Download details: Critical Update for Microsoft Data Access Components - Disable ADODB.Stream object from Internet Explorer (KB870669): "Adodb.stream provides a method for reading and writing files on a hard drive. This by-design functionality is sometimes used by web applications. However, when combined with known security vulnerabilities in Microsoft Internet Explorer, it could allow an internet web site to execute script from the Local Machine Zone (LMZ). This occurs because the ADODB.Stream object allows access to the hard drive when hosted within Internet Explorer."
870669 - How to disable the ADODB.Stream object from Internet Explorer
Yahoo! News - U.S. Steers Consumers Away From IE: "The Department of Homeland Security's U.S. Computer Emergency Readiness Team touched off a storm this week when it recommended for security reasons using browsers other than Microsoft Corp.'s Internet Explorer.
The Microsoft browser, the government warned, cannot protect against vulnerabilities in its Internet Information Services (IIS) 5 server programs, which a team of hackers allegedly based in Russia has exploited with a Java script that is appended to Web sites. "
Note: Microsoft has claimed that those folks using XP SP2 are not affected by this issue. I really do recommend installing the service pack, even if it's still in beta. I've been using it both at home and work since it came out, and RC1 before that without any issues. I have noticed no slowdowns, broken apps, etc. It's like if Microsoft did something right!
July 01, 2004
BHODemon 2.0: "Think of BHODemon as a guardian for your Internet browser: it protects you from unknown Browser Helper Objects (BHOs), by letting you enable/disable them individually. BHODemon is free, runs in the 'tray' area, and works on Windows 95 or later operating systems (in other words, Windows 95, Windows 98, Windows 98SE, Windows ME, Windows NT4, Windows 2000, and Windows XP)."
I know this is old news, since this is still being exploited...
eEye Digital Security - Vulnerability Management Solutions: "It has been discovered that an adware purveyor has leveraged two security flaws (one of which was previously undetected, a 'zero day') in Microsoft's Internet Explorer browser to surreptitiously install a toolbar on victims' computers that triggers pop-up ads.
One of the flaws lets an attacker run a program on a victim's machine, while the other enables malicious code to run with privileges higher than normally allowed. When combined, the two issues allow for the creation of a Web site that, when visited by victims can upload and install programs to the victim's computer."