Today we are kicking off a new challenge so you can showcase your security prowess and, if we can, help you build some more. Our BlueHat Challenge is a series of computer security questions, which increase in difficulty as you progress. Only the rare and talented engineer will be able to finish the Challenge on the first attempt. It’s not a contest, so there’s no cash involved here, but there will be some great answers we’ll recognize publicly and you could win yourself a big chunk of bragging rights. You can find complete details about this new program over on the Security Research & Defense blog.

Good luck, and I look forward to seeing your submissions. Show me what you’ve got!

Dustin Childs
Group Manager, Response Communications
Microsoft Trustworthy Computing 

Today we are kicking off a new challenge so you can showcase your security prowess and, if we can, help you build some more. Our BlueHat Challenge is a series of computer security questions, which increase in difficulty as you progress. Only the rare and talented engineer will be able to finish the Challenge on the first attempt. It’s not a contest, so there’s no cash involved here, but there will be some great answers we’ll recognize publicly and you could win yourself a big chunk of bragging rights. You can find complete details about this new program over on the Security Research & Defense blog.

Good luck, and I look forward to seeing your submissions. Show me what you’ve got!

Dustin Childs
Group Manager, Response Communications
Microsoft Trustworthy Computing 

A couple of weeks ago we spoke about our approach to Software Defined Networking (SDN) – an approach that is open and extensible, driven by experience and most importantly, one that lets you leverage your existing investments.

Over the last few months, we have also spoken in detail about this with thousands of customers at MMS, Interop, TechEd North America and TechEd Europe . Over the course of these conversations, we realized a few common themes emerging:

• Confusion around means of realizing SDN that overshadow the benefits offered
• Questions around opportunities for server and networking admins to enhance their careers
• Non-traditional players like Microsoft will have significant roles to play

We felt this blog would be a good platform to discuss these in more detail since we are sure a lot of you have the same questions. Let’s double-click in.

Means of realizing Software Defined Networking:

SDN does not mean that you rip and replace your existing network devices and replace them with new “SDN aware devices”. In most cases, the cheapest and most flexible network infrastructure is the one you already own. If your network scales-up to meet your needs with a manageable OPEX, networking as you know it will continue to exist and you shouldn’t worry about jumping on the bandwagon just because everyone is talking about SDN.

With that said, networking is widely acknowledged to be the final piece of the puzzle requiring simplification in order to meet the agility and flexibility demands of modern datacenters. Centralized provisioning, management and monitoring of compute and storage is very common today.  Sadly, networking often remains stuck in the past – inflexible, ‘hard wired’ and complex.  This is the source of many of today’s most troublesome and difficult problems responsible for service downtimes and application slowdowns.  These are problems experienced by many large customers not just those operating at cloud scale running tens of thousands of hosts.  The complexity of the problems arising is beyond what can be manually fixed and/or monitored.

These real-world problems drove the need for a software defined solution to manage networking. The two approaches taken in large datacenters to do this are:

• Isolated virtual networks/network overlays.  These sit on top of the physical network and are abstracted from the underlying networking hardware. Since the virtual networks are software defined, it allows admins to create and manage them from a centralized location depending on the needs of the application, templatize it and replicate it across their datacenters. As a result, management overhead is greatly reduced and a lot of mundane, error prone tasks are automated as a part of virtual network definition. A couple of important points to note here are that customers leverage existing hardware investments and this approach does not require any change to the way applications are written. Microsoft’s Hyper-V Network Virtualization and VMware’s Nicira are solutions that fall within this category.
• Centralized controllers.  These control the physical network infrastructure directly from a centralized location.  This is often paired with an API for programming the network and gives the ability for software to program the network on the fly. This lets software, potentially even applications, dynamically configure the networks depending on current needs. This requires switches and routers to expose these functionalities (Southbound APIs) and a standardized interface for applications to consume them (Northbound APIs).  OpenFlow and Cisco One Platform kit are examples of this approach.   Since software directly configures the network, it needs to be rewritten to make use of this functionality. Custom applications that run within large datacenters, network diagnostic tools, apps that requires high fidelity connections, etc. are some examples where having such fine grained control will be helpful.

There are other variations of SDN solutions that exist today. But for the sake of simplicity, let’s focus on just these two.

As you see in both above mentioned cases, the end goal is the same – simplifying networking using the power of software. In one solution the application is aware of the underlying network and controls it using different protocols. In the other solution, the network is abstracted depending on application needs and the complexity is hidden.  Windows Server 2012 and System Center 2012 SP1 support and work with both these approaches. As highlighted in previous blog posts, Network Virtualization is built into Windows Server 2012 and customers can use System Center 2012 SP1 to create and manage virtual networks. With the Hyper-V Virtual Switch extensibility, partners like NEC have added functionality to the virtual switch to make it behave like an OpenFlow controller. Additionally applications like Lync are looking at ways to configure the network on the fly to ensure consistent call and video quality.  

Opportunities for Server and Networking admins

A common discussion that comes up in this new world of Software Define Networking is the opportunity it creates for Server and Network Admins to enhance their careers.  Traditionally both these groups have had well defined boundaries that have worked well for the most part – after all, network admins are the backbones of the modern internet that we all take for granted today.

Having said that, there is definitely room for improvement. When applications encounter performance issues, the blame is usually passed around before the actual issue is identified.  Identifying and fixing issues are often considered an ‘art’ with hundreds of manual steps. 

We don’t have a crystal ball to show us if these pain points will go away with SDN. But all signs are positive and bear good news for the careers of datacenter infrastructure folks and IT organizations in general:

• Network Admins grow into network architects – SDN helps remove the ‘work’ from the job of network admins. They spend more time designing/architecting the network to meet the needs of the application as opposed to working on fixing low-value issues. This could include helping their organizations decide the right approach to SDN from the choices that we covered earlier. Additionally, since automation is core to SDN, this helps network admins build a new muscle which spans beyond areas that they have traditionally worked on. In the new SDN world, network admins can expect to frequently use tools such as Windows PowerShell, System Center Orchestrator, System Center Virtual Machine Manager, etc. which were once considered exclusive to Server Admins.
• Server Admins will have a better understanding of how the underlying networking fabric is designed. Newer tools will be available that will not only help better diagnose and isolate network issues, but also be able to automatically fix them in many cases. Finally, they will have the flexibility to define abstractions that meets their business needs irrespective of how the underlying physical infrastructure is designed.

Why is Microsoft talking about SDN?

The last topic we wanted to talk about here is the role of companies like Microsoft in the transformation the networking industry is going through. In fact, in the keynote panel at Interop a back in May we had an unlikely combination of executives from Microsoft, VMware (both software companies) and Broadcom (chipset manufacturer) talk about SDN. These aren’t traditional networking players, so why are they talking about SDN?

In addition to the obvious term “software” in SDN, and Microsoft being a software company, there is another important trend that should be noticed. As more workloads are virtualized, the virtual switch is becoming the policy edge in networking as opposed to the physical switch. Networking teams work as much with the virtual switch in a heavily virtualized datacenter as they would do with the physical switch. With customers and partners building rich extensions and adding more functionality to the virtual switch, this trend is only going to improve. These non-traditional players will continue playing a significant role in years to come.

Additionally, Microsoft operates some of the largest datacenters in the world where we have faced a considerable number of challenges that many of you see in your datacenters. We onboard over 1000 new customers in Azure datacenters and make tens of thousands of networking changes every single day. Given the paranoia that exists around having every process automated, we have a unique opportunity to bring some of our learnings back into the product that runs both in our datacenters and our customer’s datacenters.

SDN is a paradigm that is evolving. This is not a change that will happen overnight. This is also not an ‘all-in’ choice that IT organizations has to take today that locks them in with a specific vendor or a protocol. In fact if we were to write a post about what SDN is not, this will be among the first few points that we will list.  There are incumbent players like Cisco and Juniper who are investing heavily in SDN. There are non-traditional players like Microsoft who are taking a fresh look at networking, along with a lot of startups innovating in this space as well.  Finally, there are industry consortiums like Open Daylight where some of the players we mentioned above are actively working on defining the direction of SDN.

Just as we discussed in the previous post, with Windows Server 2012, System Center 2012 SP1 and with the additional work we have delivered, side by side with our partners, you have the opportunity to explore the key benefits of SDN for yourselves. Try it out and let us know what you think:

• Windows Server 2012 R2 Preview download
• System Center 2012 R2 Preview download

It’s never too early for parents, caregivers, and educators to teach kids how to be respectful online citizens. Digiduck’s Big Decision is a downloadable digital book about friendship and responsibility that was created especially for kids ages four to eight.

Download Digiduck’s Big Decision (PDF file, 6.56 MB)

You can also read the book online.

Got teens? Download Own Your Own Space, a free e-book about online safety issues for older kids. 

BriForum kicks off today in Chicago. BriForum 2013 is the only technical virtualization conference that is 100% dedicated to desktop virtualization, VDI, application virtualization, Remote Desktop Services, and the consumerization of IT.

Later this week Microsoft Product Director Jason Leznek will present, “Enabling Consumerization Without Compromising Compliance”.  Jason’s session is on Thursday morning and will cover Microsoft’s approach to delivering people-centric IT is helping customers enable users to work on devices of their choosing with consistent experiences, and providing IT a unified infrastructure for managing and delivering applications and other resources, all while helping organizations protect what is important to them.  See how innovations in System Center 2012 R2 Configuration Manager, Windows Intune, and Windows Server 2012 R2 helps organizations enable Consumerization without compromising compliance, with a special focus on the technologies which help reduce VDI storage costs and improve the end user and administrator experience to both session and VM based VDI.

If you can’t wait until Thursday to be there live or wait for a recorded replay, be sure and checkout “What’s New in Remote Desktop Services for Windows Server 2012 R2” on the Remote Desktop Services Blog, or “What’s New in 2012 R2: Making Device Users Productive and Protecting Corporate Information” on Brad Andersons blog.  Both blog posts are lengthy but have a ton of good information we think you’ll find interesting.  You might want to view the six minute video below, “Empowering People-centric IT in the age of Consumerization” to learn more about the topic and where we are headed with personal device management.

And for those of you interested in downloading some of the products and trying them, here are some resources to help you:

• Windows Server 2012 R2 Preview download
• System Center 2012 R2 Preview download
• SQL Server 2014 Community Technology Preview 1 (CTP1) download

As always, follow us on Twitter via @WindowsServer

Written by Keith Combs, Microsoft Server and Tools

Over the years, our customers have come to expect a certain regularity and transparency in both our security updates and the guidance that goes with them. One regular piece of communication about our work is a yearly progress report, which provides a look into the program updates and bulletin statistics from the Microsoft Security Response Center (MSRC). Our report covering July 2012 through June 2013 is available, and it provides a great look back over the past year and includes some exciting new program updates that will help enhance customer protections in the years to come. Here’s a few highlights…

Going Behind the Scenes

Over the last 12 months, we released 92 security bulletins, two of which, MS12-063 and MS13-008, were released out-of-band. In the report, MSRC’s own William Peteroy provides a rare behind-the-scenes look at the Software Security Incident Response Process (SSIRP) and making of MS13-008. As William puts it, “Being pulled into a SSIRP feels about the same as a friend signing you up for a marathon and letting you know the night before.” It isn’t all doom and gloom though. Within the first couple days of availability, the update was downloaded around 286 million times. William concluded, “Ultimately it was very rewarding to be able to put so much time and effort toward something good for so many people over the holiday.”

The latest MAPP enhancements

Collaborating on defense through the Microsoft Active Protections Program (MAPP) community currently helps protect more than 1 billion customers and significantly reduces the time it takes security vendors to create protections. This year, we’re enhancing our existing MAPP offerings in some exciting new ways that will result in more robust customer protections and better guidance for those helping to secure systems around the world.

MAPP for Security Vendors is our traditional MAPP program with some new enhancements. As part of our monthly security bulletin release process, we will engage certain members of the MAPP community to help validate our guidance prior to final release. Working with the community in this way helps to ensure our guidance works for the widest possible set of partners. In addition, we will share detections earlier to select MAPP partners who meet stringent criteria. We will work to provide these partners with information three business days before Update Tuesday to help them create better quality solutions for our common customers.

MAPP for Responders is a new way to share technical information and threat indicators to organizations focused on incident response and intrusion prevention. Getting this information into the hands of those closest to the events can be invaluable in detecting and disrupting attacks. Many attackers share information amongst themselves, and defenders should share knowledge to help prevent and contain issues as they occur. MAPP for Responders will work to build a community for information exchange to counter the activities of those who wish to do harm.

MAPP Scanner is a cloud-based service that allows Office documents, PDF files, and URLs to be scanned for threats, which increases the likelihood of us learning about new attacks and attack vectors sooner rather than later. This service leverages our own product knowledge and is what we use internally to kick off new investigations. This service is currently in pilot with a limited number of partners.

Over on the BlueHat blog, Jerry Bryant provides additional information about these changes and how they fit into our larger security strategy.

These new programs, along with the bounty programs we launched last month, are part of a broader end-to-end strategy to help protect customers. The goal is to eliminate entire classes of attacks by working closely with partners to build up defenses, making it increasingly difficult to target Microsoft’s platform.

On to Black Hat 2013

Later this week, we’ll be at the Black Hat USA conference at Caesars Palace in Las Vegas, NV. I hope you take a few moments to read the progress report and come by to discuss the finding with us at our booth – and at our Researcher Appreciation party. I always enjoy speaking with people face-to-face about our latest programs and all the work we do throughout Trustworthy Computing to help ensure they have the safest computing experience possible.

Thanks, and I’ll see you in Vegas.

Dustin Childs
Group Manager, Response Communications
Microsoft Trustworthy Computing

Over the years, our customers have come to expect a certain regularity and transparency in both our security updates and the guidance that goes with them. One regular piece of communication about our work is a yearly progress report, which provides a look into the program updates and bulletin statistics from the Microsoft Security Response Center (MSRC). Our report covering July 2012 through June 2013 is available, and it provides a great look back over the past year and includes some exciting new program updates that will help enhance customer protections in the years to come. Here’s a few highlights…

Going Behind the Scenes

Over the last 12 months, we released 92 security bulletins, two of which, MS12-063 and MS13-008, were released out-of-band. In the report, MSRC’s own William Peteroy provides a rare behind-the-scenes look at the Software Security Incident Response Process (SSIRP) and making of MS13-008. As William puts it, “Being pulled into a SSIRP feels about the same as a friend signing you up for a marathon and letting you know the night before.” It isn’t all doom and gloom though. Within the first couple days of availability, the update was downloaded around 286 million times. William concluded, “Ultimately it was very rewarding to be able to put so much time and effort toward something good for so many people over the holiday.”

The latest MAPP enhancements

Collaborating on defense through the Microsoft Active Protections Program (MAPP) community currently helps protect more than 1 billion customers and significantly reduces the time it takes security vendors to create protections. This year, we’re enhancing our existing MAPP offerings in some exciting new ways that will result in more robust customer protections and better guidance for those helping to secure systems around the world.

MAPP for Security Vendors is our traditional MAPP program with some new enhancements. As part of our monthly security bulletin release process, we will engage certain members of the MAPP community to help validate our guidance prior to final release. Working with the community in this way helps to ensure our guidance works for the widest possible set of partners. In addition, we will share detections earlier to select MAPP partners who meet stringent criteria. We will work to provide these partners with information three business days before Update Tuesday to help them create better quality solutions for our common customers.

MAPP for Responders is a new way to share technical information and threat indicators to organizations focused on incident response and intrusion prevention. Getting this information into the hands of those closest to the events can be invaluable in detecting and disrupting attacks. Many attackers share information amongst themselves, and defenders should share knowledge to help prevent and contain issues as they occur. MAPP for Responders will work to build a community for information exchange to counter the activities of those who wish to do harm.

MAPP Scanner is a cloud-based service that allows Office documents, PDF files, and URLs to be scanned for threats, which increases the likelihood of us learning about new attacks and attack vectors sooner rather than later. This service leverages our own product knowledge and is what we use internally to kick off new investigations. This service is currently in pilot with a limited number of partners.

Over on the BlueHat blog, Jerry Bryant provides additional information about these changes and how they fit into our larger security strategy.

These new programs, along with the bounty programs we launched last month, are part of a broader end-to-end strategy to help protect customers. The goal is to eliminate entire classes of attacks by working closely with partners to build up defenses, making it increasingly difficult to target Microsoft’s platform.

On to Black Hat 2013

Later this week, we’ll be at the Black Hat USA conference at Caesars Palace in Las Vegas, NV. I hope you take a few moments to read the progress report and come by to discuss the finding with us at our booth – and at our Researcher Appreciation party. I always enjoy speaking with people face-to-face about our latest programs and all the work we do throughout Trustworthy Computing to help ensure they have the safest computing experience possible.

Thanks, and I’ll see you in Vegas.

Dustin Childs
Group Manager, Response Communications
Microsoft Trustworthy Computing

We recently discovered a new breed of the bootkit Rovnix that introduces a private TCP/IP stack.  It seems this is becoming a new trend for this type of malware.

The implementation of the private stack is based on an open-source TCP/IP project and it can be accessed from both kernel and user modes.

It works like this:

Figure 1: The private TCP/IP stack

The stack is introduced for stealth purposes:

• It bypasses the rest of NDIS library code so it can bypass the personal firewall hooks
• The port used by private TCP/IP stack cannot normally be accessed (such as “nbtstat” command)

Basically, this means Rovnix has introduced new stealth in its network communication.

Traditional methods of analysis, for example running network traffic monitoring software, may not be able to see the packets that are sent or received via a private TCP/IP stack.

However, the compromised machine will contact the domain youtubeflashserver.com. If a network administrator notices traffic sent to this domain, then most likely there are machines infected.

With our latest signature update, we detect the Rovnix dropper as TrojanDropper:Win32/Rovnix.I. Windows Defender Offline (WDO) also detects the infected volume boot record as Trojan:DOS/Rovnix.F.

Sample: SHA1: a9fd55b88636f0a66748c205b0a3918aec6a1a20

Chun Feng
MMPC

We recently discovered a new breed of the bootkit Rovnix that introduces a private TCP/IP stack.  It seems this is becoming a new trend for this type of malware.

The implementation of the private stack is based on an open-source TCP/IP project and it can be accessed from both kernel and user modes.

It works like this:

Figure 1: The private TCP/IP stack

The stack is introduced for stealth purposes:

• It bypasses the rest of NDIS library code so it can bypass the personal firewall hooks
• The port used by private TCP/IP stack cannot normally be accessed (such as “nbtstat” command)

Basically, this means Rovnix has introduced new stealth in its network communication.

Traditional methods of analysis, for example running network traffic monitoring software, may not be able to see the packets that are sent or received via a private TCP/IP stack.

However, the compromised machine will contact the domain youtubeflashserver.com. If a network administrator notices traffic sent to this domain, then most likely there are machines infected.

With our latest signature update, we detect the Rovnix dropper as TrojanDropper:Win32/Rovnix.I. Windows Defender Offline (WDO) also detects the infected volume boot record as Trojan:DOS/Rovnix.F.

Sample: SHA1: a9fd55b88636f0a66748c205b0a3918aec6a1a20

Chun Feng
MMPC

Bob writes:

My antivirus software keeps turning off and I can’t get it back on.

Here are the most common reasons you might encounter this problem:

Your computer is already infected with rogue security software

The warning that you’re antivirus software is turned off might be a fake alert, also known as “rogue security software.” This type of warning is designed to fool you into downloading malicious software or paying for antivirus software. Take our Real vs. Rogue quiz to see if you can identify the difference.”

You have more than one antivirus program

Your antivirus software could turn off if you try to install another antivirus program. Running more than one antivirus program at the same time can cause conflicts and errors that make your antivirus protection less effective or not effective at all.

You might have a virus

Some viruses can disable your antivirus software or disable updates to your antivirus software. Viruses can also prevent you from going online to update or reinstall your antivirus software.

For troubleshooting help, see What to do if your antivirus software stops working.

This post is a part of the nine-part “What’s New in Windows Server & System Center 2012 R2” series that is featured on Brad Anderson’s In the Cloud blog.  Today’s blog post covers standards-based management of open source software with System Center and how it applies to Brad’s larger topic of “Transforming the Datacenter.”  To read that post and see the other technologies discussed, read today’s post:  “What’s New in 2012 R2:  Enabling Open Source Software.”

Whether in the public cloud with Windows Azure, the private cloud with Windows Server and System Center, or a hybrid of both, running and managing open source workloads (such as Linux and JEE applications) is a key tenant of Microsoft cloud solutions. In this post, we will review the standards-based management approach used in System Center to manage open source software, take a detailed look at the management implementation in the UNIX/Linux agents for Operations Manager and Configuration Manager, and introduce System Center 2012 R2 improvements to these agents.

System Center 2012 R2 and Management of Open Source Software

System Center 2012 R2 is a great solution for management of the heterogeneous private cloud with Windows, Linux and UNIX workloads running side by side. With System Center 2012 R2, the portfolio of heterogeneous management capabilities has been substantially expanded and now encompasses:

• Inventorying and deploying software to Linux and UNIX with Configuration Manager
• Monitoring UNIX and Linux computers and services with Operations Manager
• Monitoring JEE Application Servers on Linux, UNIX, and Windows with Operations Manager
• Deploying Linux virtual machines and services with Virtual Machine Manager (and Windows Server Hyper-V)
• Backing up Linux virtual machines with Data Protection manager

In enabling the heterogeneous management features of System Center, our focus is on standards-based management. Open standards such as Common Information Model (CIM) and WS-Management play a key role in many of the heterogeneous management capabilities of System Center.

One of the primary benefits of a standards-based approach is that different implementations of similar technologies can be uniformly presented and managed. For example, a Linux server, AIX server, and Windows server may have very different implementations for identifying and reporting on operating system resources and performance (such as processor inventory and utilization), but by managing each of these servers through a management implementation based on CIM, the administrator or management software does not need to understand the specific architectures, APIs, and all details of each operating system’s conventions and implementations. Rather, a common interface and model is used to uniformly present key performance indicators and inventory. In turn, this allows management software, such as System Center, to tightly integrate management for a variety of platforms, with consistent presentation and experience throughout.

Figure 1 – A Linux Server Monitored in System Center 2012 R2 – Operations Manager

Implementing the Standards-Based Approach

In System Center 2012 R2, we continue our commitment to standards-based management of open source workloads, and have made a significant improvement in this regard by implementing a common CIM server in both the Operations Manager and Configuration Manager agents for UNIX and Linux.

In the Windows realm, a consistent CIM implementation has been available since the introduction of WMI (as far back as NT 4.0). Likewise, WS-Management (or WS-Man) has been available for Windows in Windows Server 2003 and beyond. However, expanding common management capabilities to a broad array of UNIX and Linux operating systems (and architectures) with these standards required new implementations.

The UNIX and Linux agents for Operations Manager consist of a CIM Object Manager (i.e. CIM Server), and a set of CIM Providers. The CIM Object Manager is the “server” component that implements the WS-Management communication, authentication, authorization and dispatch of requests to the providers. The providers are the key to the CIM implementation in the agent, defining the CIM classes and properties, interfacing with the kernel APIs to retrieve raw data, formatting the data (e.g. calculating deltas and averages), and servicing the requests dispatched from the CIM Object Manager. From System Center Operations Manager 2007 R2 through System Center 2012 SP1, the CIM Object Manager used in the Operations Manager UNIX and Linux agents is the OpenPegasus server. The providers used to collect and report monitoring data are developed by Microsoft, and open-sourced at CodePlex.com.

Figure 2- Software Architecture of the Operations Manager UNIX/Linux Agent

This CIM/WS-Man standards-based approach also brings benefits to the agent implementation itself. The resulting management agent is lightweight, with a small footprint and low impact to the monitored host. Additionally, such a CIM server and provider implementation is quite portable, allowing it to be consistently implemented across a broad matrix of UNIX and Linux operating system distros, versions, and architectures – while returning monitoring data with a uniform presentation. Lastly, the standards-based approach enables the Operations Manager server to UNIX/Linux agent communication with well-defined protocols (WS-Man over HTTPS) and established interfaces (WinRM).

A very similar agent software architecture is employed in the UNIX and Linux agents for Configuration Manager, first available in the System Center 2012 SP1 product. Like the Operations Manager UNIX and Linux agents, the Configuration Manager UNIX and Linux agents implement a lightweight CIM Object Manager and set of providers. While the Operations Manager agent providers are focused on system monitoring metrics, the Configuration Manager agent providers enable scenarios such as hardware inventory.

By adopting a standards-based approach to enabling and managing open source software, System Center 2012 R2 is able to deliver consistency in the standards, protocols, and management interfaces that are employed in managing Windows Server workloads and open source software.

Introducing Open Management Infrastructure in System Center

With System Center 2012 R2, UNIX/Linux agents for both Configuration Manager and Operations Manager are now based on a fully consistent implementation of Open Management Infrastructure (OMI) as their CIM Object Manager. In the case of the Operations Manager UNIX/Linux agents, OMI is replacing OpenPegasus. Like OpenPegasus, OMI is an open-source, lightweight, and portable CIM Object Manager implementation – though it is certainly lighter in weight and more portable than OpenPegasus.

An excellent introduction to OMI can be found on the Windows Server Blog, but some of the key features of OMI include:

• Very small footprint (the package size for Operations Manager UNIX/Linux agents has been reduced by half)
• Highly portable
• Simple provider extensibility

While these are immediately realized benefits in the System Center 2012 R2 UNIX and Linux agents, perhaps the most significant and exciting benefit of OMI can be found in the promise of real and broad cross-platform and standards-based management. OMI has been designed not just to be portable between UNIX, Linux and Windows, but also for devices and embedded systems. As an example, both Cisco and Arista are working on WS-Man/CIM implementations for network device management with OMI. Given the possibility of using a single protocol or mechanism to manage network and storage devices, baseboard management controllers and Windows, UNIX, and Linux servers, one can quickly imagine the scenarios this could unlock in the automation-centric cloud world we now live in. OMI’s portability and standards-based implementation open this management opportunity to a potentially incredible array of managed devices and entities and management platforms and tools with streamlined interoperability. Thusly, it is easy to see why OMI is a foundational implementation element of the Datacenter Abstraction Layer (DAL) concept.

Further discussion of some of the management scenarios that OMI, and a link to a great demo, can be found the PowerShell Team Blog.

Summary

As we continue to broaden the portfolio of management capabilities for open source software in System Center 2012 R2, we are reaffirming our commitment to open standards-based management, and aligning with exciting new models developing in the cloud era. The availability of OMI, and its adoption into the System Center agents for UNIX and Linux is another step forward in the realm of standards-based management. Now, a CIM and WS-Man based implementation used for management of Windows and Linux/UNIX can extend even broader to devices, embedded systems, and applications. This benefits the System Center user, as we continue to provide consistent experiences regardless of the managed platform, and this benefits the management ecosystem – as additional management providers and management tools can more fully and capably interoperate.

To see all of the posts in this series, check out the What’s New in Windows Server & System Center 2012 R2 archive

Update Rollup 3 (UR3) for System Center 2012 SP1 has been released and is now available for download. This update rollup contains fixes for System Center App Controller, Data Protection Manager, Operations Manager, Virtual Machine Manager and more. You can get all the details as well as a download link here:

KB2836751  – Description of Update Rollup 3 for System Center 2012 Service Pack 1 (http://support.microsoft.com/kb/2836751)

J.C. Hornbeck | Knowledge Engineer | Microsoft GBS Management and Security Division

Get the latest System Center news on Facebook and Twitter:

System Center All Up: http://blogs.technet.com/b/systemcenter/
System Center – Configuration Manager Support Team blog: http://blogs.technet.com/configurationmgr/
System Center – Data Protection Manager Team blog: http://blogs.technet.com/dpm/
System Center – Orchestrator Support Team blog: http://blogs.technet.com/b/orchestrator/
System Center – Operations Manager Team blog: http://blogs.technet.com/momteam/
System Center – Service Manager Team blog: http://blogs.technet.com/b/servicemanager
System Center – Virtual Machine Manager Team blog: http://blogs.technet.com/scvmm

Windows Intune: http://blogs.technet.com/b/windowsintune/
WSUS Support Team blog: http://blogs.technet.com/sus/
The AD RMS blog: http://blogs.technet.com/b/rmssupp/

App-V Team blog: http://blogs.technet.com/appv/
MED-V Team blog: http://blogs.technet.com/medv/
Server App-V Team blog: http://blogs.technet.com/b/serverappv

The Forefront Endpoint Protection blog : http://blogs.technet.com/b/clientsecurity/
The Forefront Identity Manager blog : http://blogs.msdn.com/b/ms-identity-support/
The Forefront TMG blog: http://blogs.technet.com/b/isablog/
The Forefront UAG blog: http://blogs.technet.com/b/edgeaccessblog/

Technology can make everything in our lives easier—including sharing too much information (TMI). Just because you can take a picture of your new credit card and post it on Instagram doesn’t mean that you should. In fact, you shouldn’t.

Sharing too much information can lead to identity theft. It can also damage your online reputation, which could prevent you from getting into college, getting a job, or even getting health insurance.

Here are ways to avoid sharing TMI:

1. Never share your address, phone number, Social Security number, or other personal information through online interactions. 
2. Use and manage your privacy settings. Limit who can see details of your online profiles.
3. Never shop, bank, or enter passwords or credit card numbers over public Wi-Fi.
4. Ask questions. Sometimes we do need to share personal information, but before doing so, ask why the information is necessary and beware of imposters.
5. Use sites that you can trust. Learn what to look for.
6. Stop and think before you post an image, blog, tweet, or comment. What does it say about you and how you want to be viewed online?
7. Take charge of your online reputation: Discover, evaluate, protect, cultivate, and restore as needed.

For more tips on avoiding TMI, check out the hashtag #IsThisTMI on our Twitter channel.

Although People-centric IT capabilities are great on Windows devices, these capabilities are not limited to Windows devices. We also put a lot of work into enabling first class support for heterogeneous devices in our People Centric IT capabilities. Putting users at the center of what we do includes enabling a broad set of devices. Active Directory is a core service enabling this and other scenarios.

This week, Microsoft VP Brad Anderson examines a few examples of holistic end-to-end customer scenarios that are a result of our cross-company collaboration in blog post “What’s New in 2012 R2: People Centric IT In Action – End-to-End Scenarios Across Products”.  Specifically, he looks at:

1. Providing users with secure access to their files on their personal devices. 
2. Enabling users to provision their iOS devices for work while allowing IT Pros to restrict access to corporate resources.
3. Enabling IT Pros to deliver VPN functionality to corporate and personal devices.  This includes both Microsoft and 3rd party VPNs, clients, and gateways – and it also covers upcoming support for this on Windows RT.

Each of these three examples combine and maximize capabilities from across Windows, Windows Server, System Center and Windows Intune. 

This is a relatively long and technical blog post with a lot of example screen shots.  Stick with it, there is a lot of information in the article.  For those of you that haven’t downloaded the R2 Preview wave of products, this will be a good way to get somewhat acclimated to the new techniques and new device support.

And for those of you interested in downloading some of the products and trying them, here are some resources to help you:

• Windows Server 2012 R2 Preview download
• System Center 2012 R2 Preview download
• SQL Server 2014 Community Technology Preview 1 (CTP1) download

As always, follow us on Twitter via @WindowsServer!  

A Microsoft account—formerly known as a Windows Live ID—is the combination of an email address and a password that you use to sign in to services such as Xbox LIVE and Outlook.com, as well as devices such as Windows Phone and computers running Windows 8.

If you think your Microsoft account has been hacked, we recommend that you reset your password right away. To change your Outlook.com (formerly Hotmail) password, sign in to your Microsoft account, and then go to the Password section.

Your Microsoft account includes settings to help protect your privacy

• If you have added security information to your account and you have lost your password or your account is compromised, you can request an account-recapture code that Microsoft will send you in a text message or an alternate email address to help you regain access to your account. 

• If you receive an email message about the security of your Microsoft account, it could be a phishing scam. Don’t click links in any messages unless you trust or check with the sender. Instead, reset your password. Note: Microsoft does not send unsolicited communication that requests personal information. For more information, see Avoid scams that use the Microsoft name fraudulently

• Scammers can get into your email account by installing malicious software on your computer without your knowledge. Make sure you use antivirus software that updates automatically, such as Microsoft Security Essentials, which is available for computers that are running Windows 7, Windows Vista, or Windows XP. If you’re using Windows 8, you already have antivirus and antispyware protection called Windows Defender.

To learn how to adjust privacy settings in your Microsoft account, see Privacy and your Microsoft account.

Severity Rating: Critical
Revision Note: V1.2 (July 18, 2013): Bulletin revised to clarify that the issue referenced as CVE-2013-4015 is addressed in a defense-in-depth update. This is an informational change only.
Summary: This security update resolves seventeen privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the most severe of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Severity Rating: Critical
Revision Note: V1.2 (July 17, 2013): Added a link to Microsoft Knowledge Base Article 2722913 under Known Issues in the Executive Summary.
Summary: This security update resolves four privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Severity Rating: Important
Revision Note: V1.3 (July 17, 2013): Corrected the update replacement for the 2585542 update. This is a bulletin change only. There were no changes to the detection logic or update files.
Summary: This security update resolves a publicly disclosed vulnerability in SSL 3.0 and TLS 1.0. This vulnerability affects the protocol itself and is not specific to the Windows operating system. The vulnerability could allow information disclosure if an attacker intercepts encrypted web traffic served from an affected system. TLS 1.1, TLS 1.2, and all cipher suites that do not use CBC mode are not affected.

Today we launched our new Microsoft Malware Protection Center website.

Throughout the redesign process we have been listening to your feedback. You asked for an easier way to find our security software and updates; you can now get to all of our product downloads straight from our homepage.

While you’re on the homepage you’ll also see links to our help archive, blogs, and trending security topics from the Microsoft Community forums.

One of our top priorities is to make it easier for you to solve any issues with malware and potentially unwanted software. To help, we created a box on each page of our new website that answers some of your most-asked questions.

We also added new content to address common problems, such as:  

• How to identify and fix ransomware
• How to avoid exploits
• How to avoid rogue security software
• What common error codes in Microsoft security software mean

To make it simpler to find the information you need about specific malware, we’ve given our malware encyclopedia a face-lift. You can still find detailed information about each threat under the “Technical information” tab. 

Please stop by the new site and have a look around. As always, we’re listening to your feedback and would love to know what you think. You can use the feedback form at the bottom of most pages to let us know.

Today we launched our new Microsoft Malware Protection Center website.

Throughout the redesign process we have been listening to your feedback. You asked for an easier way to find our security software and updates; you can now get to all of our product downloads straight from our homepage.

While you’re on the homepage you’ll also see links to our help archive, blogs, and trending security topics from the Microsoft Community forums.

One of our top priorities is to make it easier for you to solve any issues with malware and potentially unwanted software. To help, we created a box on each page of our new website that answers some of your most-asked questions.

We also added new content to address common problems, such as:  

• How to identify and fix ransomware
• How to avoid exploits
• How to avoid rogue security software
• What common error codes in Microsoft security software mean

To make it simpler to find the information you need about specific malware, we’ve given our malware encyclopedia a face-lift. You can still find detailed information about each threat under the “Technical information” tab. 

Please stop by the new site and have a look around. As always, we’re listening to your feedback and would love to know what you think. You can use the feedback form at the bottom of most pages to let us know.