Archive

Archive for April, 2013

Updated Forefront UAG SP3 tracing is now available

April 30th, 2013 No comments

downloadgreenWe have an updated tracing package now available from the Microsoft Download center page for Forefront Unified Access Gateway (UAG) Tracing Symbols.  This new trace package includes formatting for all UAG versions through Service Pack 3 Rollup 1 and includes the SP3 enhanced context tracing to more easily filter trace data per session. 

Forefront UAG tracing can be run on the Forefront UAG server and on client endpoint devices connecting to Forefront UAG resources. You configure trace settings, start tracing, reproduce scenarios that require troubleshooting, stop tracing, and then convert the binary tracing output to text using the provided format files.

This download provides the following:
• A set of .tmf files in a zip file. These .tmf files can be used to convert binary trace files on the Forefront UAG server, and on client endpoint devices.
• A EULA license
• A document with instructions for configuring and running tracing

Note that the zip file provided by this download is cumulative. .tmf files included in the zip file can be used with the RTM version of Forefront UAG, and with subsequent Forefront UAG releases.

Versions of .tmf files provided by this download are as follows:

• UAG RTM (Version 4.0.1101.000)
• UAG Update 1 (Version 4.0.1152.100) KB Article 981323
• UAG Update 2 (Version 4.0.1269.200), KB Article 2288900
• UAG RTM MS10-089 bulletin (Version 4.0.1101.052), KB Article 2433585
• UAG Update 1 MS10-089 bulletin (Version 4.0.1152.150), KB Article 2433584
• UAG Update 2 MS10-089 bulletin (Version 4.0.1269.250), KB Article 2418933
• UAG SP1 (Version 4.0.1752.10000), KB Article 2285712
• UAG SP1 Rollup 1 (Version 4.0.1752.10020), KB Article 2475733
• UAG RTM MS11-079 bulletin (Version 4.0.1101.063), KB Article 2522482
• UAG Update 1 MS11-079 bulletin (Version 4.0.1152.163), KB Article 2522483
• UAG Update 2 MS11-079 bulletin (Version 4.0.1269.284), KB Article 2522484
• UAG SP1 MS11-079 bulletin (Version 4.0.1752.10073), KB Article 2522485
• UAG SP1 Update 1 (Version 4.0.1773.10100), KB Article 2585140
• UAG SP1 MS12-026 (Version 4.0.1753.10076), KB Article 2649261
• UAG SP1 Update 1 MS12-026 (Version 4.0.1773.10190), KB Article 2649262
• UAG SP2 (Version 4.0.2095.10000), KB Article 2710791
• UAG SP3 (Version 4.0.3123.10000), KB Article 2744025
• UAG SP3 Rollup 1  

Thank you,

The Forefront UAG Product Team

Get the latest System Center news on Facebook and Twitter:

clip_image001 clip_image002

System Center All Up: http://blogs.technet.com/b/systemcenter/
System Center – Configuration Manager Support Team blog: http://blogs.technet.com/configurationmgr/
System Center – Data Protection Manager Team blog: http://blogs.technet.com/dpm/
System Center – Orchestrator Support Team blog: http://blogs.technet.com/b/orchestrator/
System Center – Operations Manager Team blog: http://blogs.technet.com/momteam/
System Center – Service Manager Team blog: http://blogs.technet.com/b/servicemanager
System Center – Virtual Machine Manager Team blog: http://blogs.technet.com/scvmm

Windows Intune: http://blogs.technet.com/b/windowsintune/
WSUS Support Team blog: http://blogs.technet.com/sus/
The AD RMS blog: http://blogs.technet.com/b/rmssupp/

App-V Team blog: http://blogs.technet.com/appv/
MED-V Team blog: http://blogs.technet.com/medv/
Server App-V Team blog: http://blogs.technet.com/b/serverappv

The Forefront Endpoint Protection blog : http://blogs.technet.com/b/clientsecurity/
The Forefront Identity Manager blog : http://blogs.msdn.com/b/ms-identity-support/
The Forefront TMG blog: http://blogs.technet.com/b/isablog/
The Forefront UAG blog: http://blogs.technet.com/b/edgeaccessblog/

Updated Forefront UAG SP3 tracing is now available

April 30th, 2013 No comments

downloadgreenWe have an updated tracing package now available from the Microsoft Download center page for Forefront Unified Access Gateway (UAG) Tracing Symbols.  This new trace package includes formatting for all UAG versions through Service Pack 3 Rollup 1 and includes the SP3 enhanced context tracing to more easily filter trace data per session. 

Forefront UAG tracing can be run on the Forefront UAG server and on client endpoint devices connecting to Forefront UAG resources. You configure trace settings, start tracing, reproduce scenarios that require troubleshooting, stop tracing, and then convert the binary tracing output to text using the provided format files.

This download provides the following:
• A set of .tmf files in a zip file. These .tmf files can be used to convert binary trace files on the Forefront UAG server, and on client endpoint devices.
• A EULA license
• A document with instructions for configuring and running tracing

Note that the zip file provided by this download is cumulative. .tmf files included in the zip file can be used with the RTM version of Forefront UAG, and with subsequent Forefront UAG releases.

Versions of .tmf files provided by this download are as follows:

• UAG RTM (Version 4.0.1101.000)
• UAG Update 1 (Version 4.0.1152.100) KB Article 981323
• UAG Update 2 (Version 4.0.1269.200), KB Article 2288900
• UAG RTM MS10-089 bulletin (Version 4.0.1101.052), KB Article 2433585
• UAG Update 1 MS10-089 bulletin (Version 4.0.1152.150), KB Article 2433584
• UAG Update 2 MS10-089 bulletin (Version 4.0.1269.250), KB Article 2418933
• UAG SP1 (Version 4.0.1752.10000), KB Article 2285712
• UAG SP1 Rollup 1 (Version 4.0.1752.10020), KB Article 2475733
• UAG RTM MS11-079 bulletin (Version 4.0.1101.063), KB Article 2522482
• UAG Update 1 MS11-079 bulletin (Version 4.0.1152.163), KB Article 2522483
• UAG Update 2 MS11-079 bulletin (Version 4.0.1269.284), KB Article 2522484
• UAG SP1 MS11-079 bulletin (Version 4.0.1752.10073), KB Article 2522485
• UAG SP1 Update 1 (Version 4.0.1773.10100), KB Article 2585140
• UAG SP1 MS12-026 (Version 4.0.1753.10076), KB Article 2649261
• UAG SP1 Update 1 MS12-026 (Version 4.0.1773.10190), KB Article 2649262
• UAG SP2 (Version 4.0.2095.10000), KB Article 2710791
• UAG SP3 (Version 4.0.3123.10000), KB Article 2744025
• UAG SP3 Rollup 1  

Thank you,

The Forefront UAG Product Team

Get the latest System Center news on Facebook and Twitter:

clip_image001 clip_image002

System Center All Up: http://blogs.technet.com/b/systemcenter/
System Center – Configuration Manager Support Team blog: http://blogs.technet.com/configurationmgr/
System Center – Data Protection Manager Team blog: http://blogs.technet.com/dpm/
System Center – Orchestrator Support Team blog: http://blogs.technet.com/b/orchestrator/
System Center – Operations Manager Team blog: http://blogs.technet.com/momteam/
System Center – Service Manager Team blog: http://blogs.technet.com/b/servicemanager
System Center – Virtual Machine Manager Team blog: http://blogs.technet.com/scvmm

Windows Intune: http://blogs.technet.com/b/windowsintune/
WSUS Support Team blog: http://blogs.technet.com/sus/
The AD RMS blog: http://blogs.technet.com/b/rmssupp/

App-V Team blog: http://blogs.technet.com/appv/
MED-V Team blog: http://blogs.technet.com/medv/
Server App-V Team blog: http://blogs.technet.com/b/serverappv

The Forefront Endpoint Protection blog : http://blogs.technet.com/b/clientsecurity/
The Forefront Identity Manager blog : http://blogs.msdn.com/b/ms-identity-support/
The Forefront TMG blog: http://blogs.technet.com/b/isablog/
The Forefront UAG blog: http://blogs.technet.com/b/edgeaccessblog/

Updated Forefront UAG SP3 tracing is now available

April 30th, 2013 No comments

downloadgreenWe have an updated tracing package now available from the Microsoft Download center page for Forefront Unified Access Gateway (UAG) Tracing Symbols.  This new trace package includes formatting for all UAG versions through Service Pack 3 Rollup 1 and includes the SP3 enhanced context tracing to more easily filter trace data per session. 

Forefront UAG tracing can be run on the Forefront UAG server and on client endpoint devices connecting to Forefront UAG resources. You configure trace settings, start tracing, reproduce scenarios that require troubleshooting, stop tracing, and then convert the binary tracing output to text using the provided format files.

This download provides the following:
• A set of .tmf files in a zip file. These .tmf files can be used to convert binary trace files on the Forefront UAG server, and on client endpoint devices.
• A EULA license
• A document with instructions for configuring and running tracing

Note that the zip file provided by this download is cumulative. .tmf files included in the zip file can be used with the RTM version of Forefront UAG, and with subsequent Forefront UAG releases.

Versions of .tmf files provided by this download are as follows:

• UAG RTM (Version 4.0.1101.000)
• UAG Update 1 (Version 4.0.1152.100) KB Article 981323
• UAG Update 2 (Version 4.0.1269.200), KB Article 2288900
• UAG RTM MS10-089 bulletin (Version 4.0.1101.052), KB Article 2433585
• UAG Update 1 MS10-089 bulletin (Version 4.0.1152.150), KB Article 2433584
• UAG Update 2 MS10-089 bulletin (Version 4.0.1269.250), KB Article 2418933
• UAG SP1 (Version 4.0.1752.10000), KB Article 2285712
• UAG SP1 Rollup 1 (Version 4.0.1752.10020), KB Article 2475733
• UAG RTM MS11-079 bulletin (Version 4.0.1101.063), KB Article 2522482
• UAG Update 1 MS11-079 bulletin (Version 4.0.1152.163), KB Article 2522483
• UAG Update 2 MS11-079 bulletin (Version 4.0.1269.284), KB Article 2522484
• UAG SP1 MS11-079 bulletin (Version 4.0.1752.10073), KB Article 2522485
• UAG SP1 Update 1 (Version 4.0.1773.10100), KB Article 2585140
• UAG SP1 MS12-026 (Version 4.0.1753.10076), KB Article 2649261
• UAG SP1 Update 1 MS12-026 (Version 4.0.1773.10190), KB Article 2649262
• UAG SP2 (Version 4.0.2095.10000), KB Article 2710791
• UAG SP3 (Version 4.0.3123.10000), KB Article 2744025
• UAG SP3 Rollup 1  

Thank you,

The Forefront UAG Product Team

Get the latest System Center news on Facebook and Twitter:

clip_image001 clip_image002

System Center All Up: http://blogs.technet.com/b/systemcenter/
System Center – Configuration Manager Support Team blog: http://blogs.technet.com/configurationmgr/
System Center – Data Protection Manager Team blog: http://blogs.technet.com/dpm/
System Center – Orchestrator Support Team blog: http://blogs.technet.com/b/orchestrator/
System Center – Operations Manager Team blog: http://blogs.technet.com/momteam/
System Center – Service Manager Team blog: http://blogs.technet.com/b/servicemanager
System Center – Virtual Machine Manager Team blog: http://blogs.technet.com/scvmm

Windows Intune: http://blogs.technet.com/b/windowsintune/
WSUS Support Team blog: http://blogs.technet.com/sus/
The AD RMS blog: http://blogs.technet.com/b/rmssupp/

App-V Team blog: http://blogs.technet.com/appv/
MED-V Team blog: http://blogs.technet.com/medv/
Server App-V Team blog: http://blogs.technet.com/b/serverappv

The Forefront Endpoint Protection blog : http://blogs.technet.com/b/clientsecurity/
The Forefront Identity Manager blog : http://blogs.msdn.com/b/ms-identity-support/
The Forefront TMG blog: http://blogs.technet.com/b/isablog/
The Forefront UAG blog: http://blogs.technet.com/b/edgeaccessblog/

Support for Windows XP ends in April 2014

April 30th, 2013 No comments

After April 8, 2014, there will be no new security updates, non-security hotfixes, free or paid assisted support options, or online technical content updates for Windows XP SP3.

Learn about upgrading to Windows 7 or Windows 8.

The Microsoft Support Lifecycle provides consistent, predictable guidelines for product support availability when a product releases and throughout that product’s life.

Windows and Office products receive a minimum of 10 years of support (5 years Mainstream Support and 5 years Extended Support) at the supported service pack level.

Get more information about what end of support means for you

Updated Forefront UAG SP3 tracing is now available

April 30th, 2013 No comments

downloadgreenWe have an updated tracing package now available from the Microsoft Download center page for Forefront Unified Access Gateway (UAG) Tracing Symbols.  This new trace package includes formatting for all UAG versions through Service Pack 3 Rollup 1 and includes the SP3 enhanced context tracing to more easily filter trace data per session. 

Forefront UAG tracing can be run on the Forefront UAG server and on client endpoint devices connecting to Forefront UAG resources. You configure trace settings, start tracing, reproduce scenarios that require troubleshooting, stop tracing, and then convert the binary tracing output to text using the provided format files.

This download provides the following:
• A set of .tmf files in a zip file. These .tmf files can be used to convert binary trace files on the Forefront UAG server, and on client endpoint devices.
• A EULA license
• A document with instructions for configuring and running tracing

Note that the zip file provided by this download is cumulative. .tmf files included in the zip file can be used with the RTM version of Forefront UAG, and with subsequent Forefront UAG releases.

Versions of .tmf files provided by this download are as follows:

• UAG RTM (Version 4.0.1101.000)
• UAG Update 1 (Version 4.0.1152.100) KB Article 981323
• UAG Update 2 (Version 4.0.1269.200), KB Article 2288900
• UAG RTM MS10-089 bulletin (Version 4.0.1101.052), KB Article 2433585
• UAG Update 1 MS10-089 bulletin (Version 4.0.1152.150), KB Article 2433584
• UAG Update 2 MS10-089 bulletin (Version 4.0.1269.250), KB Article 2418933
• UAG SP1 (Version 4.0.1752.10000), KB Article 2285712
• UAG SP1 Rollup 1 (Version 4.0.1752.10020), KB Article 2475733
• UAG RTM MS11-079 bulletin (Version 4.0.1101.063), KB Article 2522482
• UAG Update 1 MS11-079 bulletin (Version 4.0.1152.163), KB Article 2522483
• UAG Update 2 MS11-079 bulletin (Version 4.0.1269.284), KB Article 2522484
• UAG SP1 MS11-079 bulletin (Version 4.0.1752.10073), KB Article 2522485
• UAG SP1 Update 1 (Version 4.0.1773.10100), KB Article 2585140
• UAG SP1 MS12-026 (Version 4.0.1753.10076), KB Article 2649261
• UAG SP1 Update 1 MS12-026 (Version 4.0.1773.10190), KB Article 2649262
• UAG SP2 (Version 4.0.2095.10000), KB Article 2710791
• UAG SP3 (Version 4.0.3123.10000), KB Article 2744025
• UAG SP3 Rollup 1  

Thank you,

The Forefront UAG Product Team

Get the latest System Center news on Facebook and Twitter:

clip_image001 clip_image002

System Center All Up: http://blogs.technet.com/b/systemcenter/
System Center – Configuration Manager Support Team blog: http://blogs.technet.com/configurationmgr/
System Center – Data Protection Manager Team blog: http://blogs.technet.com/dpm/
System Center – Orchestrator Support Team blog: http://blogs.technet.com/b/orchestrator/
System Center – Operations Manager Team blog: http://blogs.technet.com/momteam/
System Center – Service Manager Team blog: http://blogs.technet.com/b/servicemanager
System Center – Virtual Machine Manager Team blog: http://blogs.technet.com/scvmm

Windows Intune: http://blogs.technet.com/b/windowsintune/
WSUS Support Team blog: http://blogs.technet.com/sus/
The AD RMS blog: http://blogs.technet.com/b/rmssupp/

App-V Team blog: http://blogs.technet.com/appv/
MED-V Team blog: http://blogs.technet.com/medv/
Server App-V Team blog: http://blogs.technet.com/b/serverappv

The Forefront Endpoint Protection blog : http://blogs.technet.com/b/clientsecurity/
The Forefront Identity Manager blog : http://blogs.msdn.com/b/ms-identity-support/
The Forefront TMG blog: http://blogs.technet.com/b/isablog/
The Forefront UAG blog: http://blogs.technet.com/b/edgeaccessblog/

The rise in the exploitation of old PDF vulnerabilities

April 29th, 2013 No comments

Exploitation of software vulnerabilities continues to be a  common way to infect computers with malware. Leveraging exploits allows malware authors to infect, disrupt, or take control of a computer without the user’s consent and typically without their knowledge. Exploits target vulnerabilities in operating systems, web browsers, applications, or software components that are installed on the computer. For details on exploit trends and insights on security vulnerabilities please refer to the latest edition of the Microsoft Security Intelligence Report.

Figure 1 below shows the prevalence of exploits targetting document readers and editors detected by Microsoft antimalware products each quarter from 3Q11 to 4Q12, by number of unique computers affected.

Figure 1: Document readers and editors exploit prevalence detected by Microsoft antimalware products

It was interesting to see that exploits that target vulnerabilities in document readers and editors rose sharply in 4Q12. This was primarily due to increased exploitation of vulnerabilities in Adobe Reader and Adobe Acrobat software, as shown in Figure 2.

Figure 2: Computers affected with exploits for document readers and editors

Win32/Pdfjsc was the significant contributor to the rise in 4Q12. It is a family of specially crafted PDF files that exploit Adobe Acrobat and Adobe Reader vulnerabilities. These files contain a JavaScript that executes when the file is opened. The embedded JavaScript may contain malicious instructions, such as commands to download and install other malware. Files detected as Win32/Pdfjsc may arrive in the system when a user visits a compromised or malicious webpage, or opens a malicious PDF email attachment.

The following are some of the vulnerabilities whose exploits are detected as Win32/Pdfjsc:

Out of all the vulnerabilities covered by this family, the most detections in 4Q12 were for exploits against the vulnerability discussed in CVE-2010-0188. This was primarily because exploits for CVE-2010-0188 are used by a number of exploit kits, including Blacole.

These are the top variants reported within the Win32/Pdfjsc family for 4Q12. They all detect PDF files that contain malicious JavaScript exploting the vulnerability discussed in CVE-2010-0188:

The exploits commonly use any of these file names:

  • pdf_new[1].pdf
  • auhtjseubpazbo5[1].pdf
  • avjudtcobzimxnj2[1].pdf
  • pricelist[1].pdf
  • couple_saying_lucky[1].pdf
  • 5661f[1].pdf 7927
  • 9fbe0[1].pdf 7065
  • pdf_old[1].pdf

The file names change very often so please exercise caution with email and attachments received from unknown sources, or received unexpectedly from known sources. Use extreme caution when accepting file transfers from known or unknown sources.

CVE-2010-0188 was fixed by Adobe in a security update released on February 16, 2010 (Adobe Security Bulletin APSB10-07). The following versions are vulnerable:

  • Adobe Reader 9.3 and earlier versions for Windows, Macintosh, and UNIX
  • Adobe Acrobat 9.3 and earlier versions for Windows and Macintosh

This vulnerability is still being exploited widely even though a fix has been available for over 2 years. It is important to install updates for all the software that is installed in your computer. These are usually available from vendor websites. Instructions on how to download the latest versions of some common software is available from this article:

Here are some URL patterns for websites that serve these exploits:

  • /Url/deemed_registers.php?mlnzk=0709023634&gkytzxb=47&isb=030a37380a0a0a33360b&fvl=02000200020002
  • /nine/convince_measuring.php?cjrucx=1h:1k:1o:1m:1l&bumxdow=w&xuufri=1g:1h:2v:1i:32:2v:1o:1f:1k:30&qqlhkw=1f:1d:1f:1d:1f:1d:1f
  • /links/dollar-knowledge-editors.php?cdkt=0536340702&ywem=4b&pcjrou=3507083705040b050835&mafard=02000200020002
  • /fine/genuine_purposes.php?qlxf=2v:1i:1g:1l:1j&vpnkgwp=38&ssall=33:1f:31:32:1g:1n:1m:1g:1f:1g:1p:1p:2v:1l:1h:1n:31:2v:1m:31:2v:1g:1p:1p:32:1l:31:1i:
  • /flags/lady_fill.php?ypgu=3434343534&bgchvwrb=4b&jwl=35090536080b043604090c0c38333738373506350609&sna=02000200020002

Exercise caution when you see such patterns in the links to webpages especially if you receive them from unknown sources or if the links are to a webpage that you are not familiar with, unsure of the destination of, or suspicious of.

For more details on exploit trends and insights on security vulnerabilities please refer to the latest edition of the Microsoft Security Intelligence Report.

Tanmay Ganacharya
MMPC

Categories: Uncategorized Tags:

MS12-043 – Critical : Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (2722479) – Version: 4.2

Severity Rating: Critical
Revision Note: V4.2 (April 26, 2013): Corrected update replacement. This is an informational change only. There were no changes to the security update files or detection logic.
Summary: This security update resolves a publicly disclosed vulnerability in Microsoft XML Core Services. The vulnerability could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker would have no way to force users to visit such a website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes them to the attacker’s website.

Categories: Uncategorized Tags:

How to configure client certificate authentication in UAG 2010

April 25th, 2013 No comments

imageIn Forefront Unified Access Gateway 2010 (UAG), there are several scenarios that use SSL client certification authentication. For each trunk in Forefront UAG you can configure a simple client certificate or a smart card certificate and in this TechNet Wiki article, Microsoft’s own Junaid Jan shows you how:

How to get Client certificate authentication working on UAG 2010 Portal

J.C. Hornbeck | Knowledge Engineer | Microsoft GBS Management and Security Division

Get the latest System Center news on Facebook and Twitter:

clip_image001 clip_image002

System Center All Up: http://blogs.technet.com/b/systemcenter/
System Center – Configuration Manager Support Team blog: http://blogs.technet.com/configurationmgr/
System Center – Data Protection Manager Team blog: http://blogs.technet.com/dpm/
System Center – Orchestrator Support Team blog: http://blogs.technet.com/b/orchestrator/
System Center – Operations Manager Team blog: http://blogs.technet.com/momteam/
System Center – Service Manager Team blog: http://blogs.technet.com/b/servicemanager
System Center – Virtual Machine Manager Team blog: http://blogs.technet.com/scvmm

Windows Intune: http://blogs.technet.com/b/windowsintune/
WSUS Support Team blog: http://blogs.technet.com/sus/
The AD RMS blog: http://blogs.technet.com/b/rmssupp/

App-V Team blog: http://blogs.technet.com/appv/
MED-V Team blog: http://blogs.technet.com/medv/
Server App-V Team blog: http://blogs.technet.com/b/serverappv

The Forefront Endpoint Protection blog : http://blogs.technet.com/b/clientsecurity/
The Forefront Identity Manager blog : http://blogs.msdn.com/b/ms-identity-support/
The Forefront TMG blog: http://blogs.technet.com/b/isablog/
The Forefront UAG blog: http://blogs.technet.com/b/edgeaccessblog/

Categories: Uncategorized Tags:

How to configure client certificate authentication in UAG 2010

April 25th, 2013 No comments

imageIn Forefront Unified Access Gateway 2010 (UAG), there are several scenarios that use SSL client certification authentication. For each trunk in Forefront UAG you can configure a simple client certificate or a smart card certificate and in this TechNet Wiki article, Microsoft’s own Junaid Jan shows you how:

How to get Client certificate authentication working on UAG 2010 Portal

J.C. Hornbeck | Knowledge Engineer | Microsoft GBS Management and Security Division

Get the latest System Center news on Facebook and Twitter:

clip_image001 clip_image002

System Center All Up: http://blogs.technet.com/b/systemcenter/
System Center – Configuration Manager Support Team blog: http://blogs.technet.com/configurationmgr/
System Center – Data Protection Manager Team blog: http://blogs.technet.com/dpm/
System Center – Orchestrator Support Team blog: http://blogs.technet.com/b/orchestrator/
System Center – Operations Manager Team blog: http://blogs.technet.com/momteam/
System Center – Service Manager Team blog: http://blogs.technet.com/b/servicemanager
System Center – Virtual Machine Manager Team blog: http://blogs.technet.com/scvmm

Windows Intune: http://blogs.technet.com/b/windowsintune/
WSUS Support Team blog: http://blogs.technet.com/sus/
The AD RMS blog: http://blogs.technet.com/b/rmssupp/

App-V Team blog: http://blogs.technet.com/appv/
MED-V Team blog: http://blogs.technet.com/medv/
Server App-V Team blog: http://blogs.technet.com/b/serverappv

The Forefront Endpoint Protection blog : http://blogs.technet.com/b/clientsecurity/
The Forefront Identity Manager blog : http://blogs.msdn.com/b/ms-identity-support/
The Forefront TMG blog: http://blogs.technet.com/b/isablog/
The Forefront UAG blog: http://blogs.technet.com/b/edgeaccessblog/

Categories: Uncategorized Tags:

How to configure client certificate authentication in UAG 2010

April 25th, 2013 No comments

imageIn Forefront Unified Access Gateway 2010 (UAG), there are several scenarios that use SSL client certification authentication. For each trunk in Forefront UAG you can configure a simple client certificate or a smart card certificate and in this TechNet Wiki article, Microsoft’s own Junaid Jan shows you how:

How to get Client certificate authentication working on UAG 2010 Portal

J.C. Hornbeck | Knowledge Engineer | Microsoft GBS Management and Security Division

Get the latest System Center news on Facebook and Twitter:

clip_image001 clip_image002

System Center All Up: http://blogs.technet.com/b/systemcenter/
System Center – Configuration Manager Support Team blog: http://blogs.technet.com/configurationmgr/
System Center – Data Protection Manager Team blog: http://blogs.technet.com/dpm/
System Center – Orchestrator Support Team blog: http://blogs.technet.com/b/orchestrator/
System Center – Operations Manager Team blog: http://blogs.technet.com/momteam/
System Center – Service Manager Team blog: http://blogs.technet.com/b/servicemanager
System Center – Virtual Machine Manager Team blog: http://blogs.technet.com/scvmm

Windows Intune: http://blogs.technet.com/b/windowsintune/
WSUS Support Team blog: http://blogs.technet.com/sus/
The AD RMS blog: http://blogs.technet.com/b/rmssupp/

App-V Team blog: http://blogs.technet.com/appv/
MED-V Team blog: http://blogs.technet.com/medv/
Server App-V Team blog: http://blogs.technet.com/b/serverappv

The Forefront Endpoint Protection blog : http://blogs.technet.com/b/clientsecurity/
The Forefront Identity Manager blog : http://blogs.msdn.com/b/ms-identity-support/
The Forefront TMG blog: http://blogs.technet.com/b/isablog/
The Forefront UAG blog: http://blogs.technet.com/b/edgeaccessblog/

Categories: Uncategorized Tags:

Fraud alert: Free “Xbox points”

April 25th, 2013 No comments

Although Microsoft was founded 38 years ago this month, don’t fall for a widespread scam that offers free “Xbox points” for wishing the company a happy birthday. Online offers that seem too good to be true probably are. Learn more about common scams that use the Microsoft name.

One way to recognize a scam is to check for inaccurate spelling or wording. Points used on Xbox LIVE Marketplace are actually called “Microsoft Points” (not “Xbox points”). You can purchase them on your console dashboard at Xbox.com or at a video game retailer. Learn more about Microsoft Points and Xbox LIVE Rewards.

See our Facebook page message about this scam

How to configure client certificate authentication in UAG 2010

April 25th, 2013 No comments

imageIn Forefront Unified Access Gateway 2010 (UAG), there are several scenarios that use SSL client certification authentication. For each trunk in Forefront UAG you can configure a simple client certificate or a smart card certificate and in this TechNet Wiki article, Microsoft’s own Junaid Jan shows you how:

How to get Client certificate authentication working on UAG 2010 Portal

J.C. Hornbeck | Knowledge Engineer | Microsoft GBS Management and Security Division

Get the latest System Center news on Facebook and Twitter:

clip_image001 clip_image002

System Center All Up: http://blogs.technet.com/b/systemcenter/
System Center – Configuration Manager Support Team blog: http://blogs.technet.com/configurationmgr/
System Center – Data Protection Manager Team blog: http://blogs.technet.com/dpm/
System Center – Orchestrator Support Team blog: http://blogs.technet.com/b/orchestrator/
System Center – Operations Manager Team blog: http://blogs.technet.com/momteam/
System Center – Service Manager Team blog: http://blogs.technet.com/b/servicemanager
System Center – Virtual Machine Manager Team blog: http://blogs.technet.com/scvmm

Windows Intune: http://blogs.technet.com/b/windowsintune/
WSUS Support Team blog: http://blogs.technet.com/sus/
The AD RMS blog: http://blogs.technet.com/b/rmssupp/

App-V Team blog: http://blogs.technet.com/appv/
MED-V Team blog: http://blogs.technet.com/medv/
Server App-V Team blog: http://blogs.technet.com/b/serverappv

The Forefront Endpoint Protection blog : http://blogs.technet.com/b/clientsecurity/
The Forefront Identity Manager blog : http://blogs.msdn.com/b/ms-identity-support/
The Forefront TMG blog: http://blogs.technet.com/b/isablog/
The Forefront UAG blog: http://blogs.technet.com/b/edgeaccessblog/

Categories: Uncategorized Tags:

Distribution vs. development: What’s the story and why does it matter?

April 24th, 2013 No comments

​In today’s threat landscape, distributing malware and developing malware are two different worlds. Both require a different set of skills in order to work and in order to achieve their separate goals. 

For example, in my blog post Get gamed and rue the day…, I described a bot-controlled worm in which the code fragment suggested that it belonged to an offensive development called “Andromeda”.  This story about the Gamarue worm is a good example of the differences between the distribution and the development of malware. 

As a worm, Gamarue has the ability to spread through local network drives (The strange case of Gamarue propagation has the latest information about how it spreads).  However, despite this ability, this threat was actually first discovered as a payload that had been delivered through an attack via a social networking site. During an attack, a user’s browser is redirected to a malicious server that performs multiple browser-based exploit attacks. 

During a Blacole attack, a user’s browser is redirected to a malicious server that performs multiple browser-based exploit attacks

We generally think it is malware development that requires the greater level of technical skill and sophistication – but it is worth noting that malware distribution plays an equally important role in determining the success of an attack. For cybercriminals, like the perpetrators of the Gamarue worm, it is distribution that determines and even maximizes a malware’s profitability (for example, pay-per-install monetization).

The latest Microsoft Security Intelligence Report (SIRv14), reveals that the Blacole exploit kit was the most commonly detected exploit family in the second half of 2012. The term “exploit kit” refers to a malicious toolkit, packaged in such a way as to simplify or make it easy for anyone to carry out an attack. The high prevalence of Blacole correlates to all the vulnerabilities it uses to gain entry to an operating system.

Take note – Blacole is just one of a number of exploit kits being used. Other kits include Exploit:JS/Coolex.A, the “Cool” exploit kit, and Exploit:JS/DonxRef.A, the “Gong Da” exploit kit, just to name two.

And the story doesn’t end there. Malware such as the Gamarue family wouldn’t be able to spread to millions of machines without directing victims to Exploit servers (used for drive-by download attacks) – and the fastest way to get this victim traffic is through leveraging the web to create a distribution vector.

The main idea behind malware distribution is to steal legitimate or trusted traffic. One way to do this is for an attacker to find a vulnerability or weakness within a web server and plant a small, seemingly benign code. This code allows an attacker to control and hijack some of that server’s legitimate traffic. The detection we use to for such an attack, Trojan:JS/IframeRef, has become the most common detection. This trojan actually refers to a mass iframe injection attack, and signatures are added as-encountered on a daily basis.

Additionally, some Trojan:JS/IframeRef detections may also refer to an actual malicious domain that can be delivered through email and social networking sites.

The “Home and enterprise threats” section of the SIRv14 provides an interesting insight into the different ways attackers target both enterprise and home users. What’s interesting here is that Trojan:JS/IframeRef is in the number one spot in the list of top-10 families detected on domain-joined computers (these are computers in the enterprise environment that belong to an Active Directory Domain Service domain).

A specific variant detection, to which most of these findings are attributed, was first introduced in April last year. It was found to be associated with malicious traffic redirections and forwarding to deliberately-generated typo-squatted domains. This kind of behavior is often associated with criminal activities that frequently register hundreds, if not thousands of short-lived or disposable domains that are commonly observed in scam sites, spam and phishing emails. Overall, this detection intends to warn of untrusted traffic, which can also be leveraged for drive-by-download attacks (for example, 0-day threats).

In January this year, two specific Trojan:JS/IframeRef detections were moved into a new family name, and are now referred to as Trojan:JS/Seedabutor.A and Trojan:JS/Seedabutor.B. By renaming these specific IframeRef variants to Seedabutor, we will be able to track specific strains with more granular detail. This contributes to our research to better serve you with protection against infection vector from the web.

It’s best to consider having multiple protections enabled. Web browser protection, such as the Internet Explorer SmartScreen Filter provides additional help.

SmartScreen Filter helps combat these threats with a set of sophisticated tools:

  • Anti-phishing protection—to screen threats from imposter websites seeking to acquire personal information such as user names, passwords, and billing data

  • Application Reputation—to remove all unnecessary warnings for well-known files, and show severe warnings for high-risk downloads

  • Anti-malware protection—to help prevent potentially harmful software from infiltrating your computer.

There is more information about browser security on our Enterprise Security Best Practices page.

Our increasing reliance on the Internet and our interconnectivity can be targeted by attackers looking to syphon traffic to distribute malware. These threats constantly challenge our understanding, and the latest Microsoft Security Intelligence Report offers valuable insight.

Stay safe!

Methusela Cebrian Ferrer

MMPC Melbourne

Categories: Uncategorized Tags:

MS13-036 – Important : Vulnerabilities in Kernel-Mode Driver Could Allow Elevation Of Privilege (2829996) – Version: 3.1

Severity Rating: Important
Revision Note: V3.1 (April 24, 2013): Corrected KB article hyperlink and incorrect KB numbers for Windows 7 for x64-based Systems and Windows Server 2008 R2 for Itanium-based Systems in the Affected Software table. These are bulletin changes only.
Summary: This security update resolves three privately reported vulnerabilities and one publicly disclosed vulnerability in Microsoft Windows. The most severe of these vulnerabilities could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit the vulnerabilities.

Categories: Uncategorized Tags:

MS13-036 – Important : Vulnerabilities in Kernel-Mode Driver Could Allow Elevation Of Privilege (2829996) – Version: 3.1

Severity Rating: Important
Revision Note: V3.1 (April 24, 2013): Corrected KB article hyperlink and incorrect KB numbers for Windows 7 for x64-based Systems and Windows Server 2008 R2 for Itanium-based Systems in the Affected Software table. These are bulletin changes only.
Summary: This security update resolves three privately reported vulnerabilities and one publicly disclosed vulnerability in Microsoft Windows. The most severe of these vulnerabilities could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit the vulnerabilities.

Categories: Uncategorized Tags:

MS13-031 – Important : Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2813170) – Version: 1.1

Severity Rating: Important
Revision Note: V1.1 (April 24, 2013): Corrected update replacement. This is an informational change only. There were no changes to the security update files or detection logic.
Summary: This security update resolves two privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit the vulnerability.

Categories: Uncategorized Tags:

MS13-036 – Important : Vulnerabilities in Kernel-Mode Driver Could Allow Elevation Of Privilege (2829996) – Version: 3.1

Severity Rating: Important
Revision Note: V3.1 (April 24, 2013): Corrected KB article hyperlink and incorrect KB numbers for Windows 7 for x64-based Systems and Windows Server 2008 R2 for Itanium-based Systems in the Affected Software table. These are bulletin changes only.
Summary: This security update resolves three privately reported vulnerabilities and one publicly disclosed vulnerability in Microsoft Windows. The most severe of these vulnerabilities could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit the vulnerabilities.

Categories: Uncategorized Tags:

MS13-028 – Critical : Cumulative Security Update for Internet Explorer (2817183) – Version: 1.1

Severity Rating: Critical
Revision Note: V1.1 (April 24, 2013): Added CVE-2013-1338 as a vulnerability addressed by this update. In addition, corrected update replacement and clarified why this update replaces MS13-010. These are informational changes only.
Summary: This security update resolves two privately reported vulnerabilities in Internet Explorer. These vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Categories: Uncategorized Tags:

New update available for MS13-036

April 23rd, 2013 No comments

 Portuguese (Brazil), Русский

Today we released a new update to replace KB2823324, which was originally made available through MS13-036. As we previously discussed, we stopped distributing this update when we learned some customers were having issues. The new update, KB2840149, still addresses the Moderate security issue described in MS13-036, and should not cause these issues. If you have automatic updates enabled, you won’t need to take any actions. For those manually updating, we encourage you to apply this update at your earliest convenience.

Thanks,
Dustin Childs
Group Manager, Response Communications
Microsoft Trustworthy Computing

Categories: bulletin, security, Security Update Tags:

Recycle an old device on Earth Day

April 22nd, 2013 No comments

Today is Earth Day in 192 countries. What better time to learn how you can recycle computers and other devices more safely and where you can recycle hardware, packaging, and batteries.

The Environmental Protection Agency reports that recycling 1 million laptops saves enough energy to power more than 3,500 US homes for a year.

You can celebrate nature on a new device by adding a Windows theme that features student photos submitted to Bing to help educate the world about Earth Day. Download the Bing Earth Day student photo contest theme.

See more ways you can reduce your environmental impact