Microsoft Security Bulletin MS09-001 - Critical: Vulnerabilities in SMB Could Allow Remote Code Execution (958687)

Yes folks, it's that time of the month. And it looks like someone's New Years resolution to stop hacking Microsoft products has been broken already.

Microsoft Security Bulletin MS09-001 - Critical: Vulnerabilities in SMB Could Allow Remote Code Execution (958687)




Published: January 13, 2009

Version: 1.0



Executive Summary



This security update resolves two privately reported vulnerabilities and one publicly disclosed vulnerability in Microsoft Server Message Block (SMB) Protocol. The vulnerabilities could allow remote code execution on affected systems. An attacker who successfully exploited these vulnerabilities could install programs; view, change, or delete data; or create new accounts with full user rights. Firewall best practices and standard default firewall configurations can help protec"

First Look: Windows 7

INTRO


Over the weekend, I downloaded the Windows 7 Beta from Microsoft. Interestingly, the TechNet site isn't compatible with the Safari browser which meant that after an hour of assuming that the download site was busy, I finally had to boot up my trusty Windows XP/Boot Camp image to download it. The file 7000.0.081212-1400_client_en-us_Ultimate-GB1CULFRE_EN_DVD.iso contains the Ultimate version of Windows 7 and as such contains all the features.

AT A GLANCE

At first glance, not much has changed except that the task bar has been slightly redesigned. The quick launch icons are integrated with the task bar in such a way that programs that are assigned a quick launch icon also now contain their window title. Not sure if I care for it or not yet. Also, the widgets for sidebar are no longer confined to the sidebar dock, they can be detached and displayed anywhere on the desktop.

PERFORMANCE

I haven't done any real benchmarks as of yet, but I can say that the response time of the full screen VMWare Fusion image of Windows 7 running on my MacBook Pro seems to run better than a similarly configured Vista image. Not quite as fast as my Windows XP Boot Camp image, but close enough to make most productivity apps run quite well.

FINAL THOUGHTS

This one's still fresh with a few subtle graphics anomalies, but certainly nothing that I would consider a show-stopper. Compared to previous betas, this one appears quite usable and unlike Vista which barfed at a lot of my XP drivers, Windows 7 seemed to take all my legacy Vista drivers without a hitch. I'll update this item once I've had more time with Windows 7, but so far, I have t say that this one looks a little more promising and might eventually replace my Windows XP in my Boot Camp partition. I've also downloaded OpenSuse 11.1 and OpenSolaris 2008.11, so look for those "First Looks" soon.

Upgrading a MacBook Pro

INTRO

So after a little over 2 years since I switched back to Mac after 20 years, I found myself really maxxing out my 2007 Santa Rosa-based MacBook Pro in terms of both memory and disk space. Chalk it up to my vigorous use of my digital camera, a growing MP3 collection, or my insatiable appetite for virtual machines (i.e. how I get my Windows work done!), but I finally found myself out of hard drive space. I tried all the usual Mac tricks of stripping out unused languages and binaries, clearing out all the caches and old PLISTS, but alas, I was finally time to upgrade. Although the newer unibody Macs were really enticing, I just couldn't see myself parting with $2000 when I could just upgrade my existing system that's served me well for the last two years for about $200. Even if I could get $1000-$1200 for my current model, it would still be $800 out of pocket that I really didn't feel like spending. At first, I thought it might be a bit of a daunting task, but as it turns out, memory and disk upgrades aren't as difficult as one might think. Memory upgrades consist of removing the battery, three screws that hold the memory cover in place, and presto! I now have 4GB of memory as opposed to the 2GB that it came with. The second task of replacing the hard drive was the one that was a bit more daunting, but thanks to a great tutorial by iFixIt and about 3 hours, I was in business with a new 320GB/7200RPM/16MB Cache Hitachi drive, almost 3x the capacity and certainly a much better performer than my factory installed 120GB/5400RPM/8MB Cache Fujitsu drive.

TOOLS NEEDED

The basic tools needed for this "operation" are a small phillips screwdriver (I happen to use this one), a T6 Torx screwdriver (this one), and a "spudger", a small flat piece of plastic used to "pry" cases apart, something I happened to have lying around when I ordered a replacement digitzer for my old Dell Axim X51v off of eBay. You could probably use a flat blade screwdriver if you're VERY careful, but I chose not to since I actually had the right tool and didn't want to chew up the MacBook Pro's aluminum case.

REFERENCES

You can download the "how to" guide from iFixIt.com located here. They also have guides for other Macs, so check 'em out.

FINAL THOUGHTS

In all, the actual hard disk replacement only took about 20 minutes, the bulk of the 3 hours was due to copying all the data, which I used Carbon Copy Cloner for, the remaining 40 minutes was reading the guide and testing the new config before I put all the screws back in. In all, not bad for an afternoon's worth of work.

Why RAID is not enough...

JournalSpace, a popular provider of blog hosting has closed its doors and selling off its assets. It's reason? They didn't have backups! They had been running a RAID 1 implementation for redundancy and assumed that it would prevent them from catastrophe. Although the specific cause is unknown, it appears that somehow the database that runs the site was wiped out and could not be retrieved. They did acknowledge that a database copy did not exist which does pose a question. How many organizations do proper backups? More importantly, how many of them test their restores on a regular basis to ensure that what was backed up can actually be restored properly?

Click here for more info straight from the horse's whatever...