Jump to content

Ioannis Zontos

Members
  • Posts

    181
  • Joined

  • Last visited

Everything posted by Ioannis Zontos

  1. Severity: Medium Summary: · This vulnerability affects: All current versions of Microsoft Visio · How an attacker exploits it: By enticing one of your users into opening a maliciously crafted Visio document · Impact: An attacker can execute code, potentially gaining complete control of your users' computers · What to do: Deploy the appropriate Visio patches as soon as possible, or let Windows Update do it for you Exposure: Microsoft Visio is a very popular diagramming application, which many administrators use to create network diagrams. It also ships with some Office packages. In a security bulletin released yesterday, Microsoft describes two security vulnerabilities that affect all current versions of Visio. The vulnerabilities differ technically, but share the same scope and impact. They both involve flaws in how Visio parses Visio documents. If an attacker can entice one of your users into opening a specially crafted Visio file (such as .vsd, .vdx, .vst, or .vtx), he could exploit either of these flaws to execute code on that user’s computer with that user's privileges. If your user has administrative privileges, the attacker could gain complete control of their computer. Solution Path: Microsoft has released Visio patches to fix this flaw. You should download, test, and deploy the appropriate patches as soon as possible, or let Windows Update do it for you. · Visio 2003 · Visio 2007 · Visio 2010 · Visio 2010 x64
  2. Summary: · These vulnerabilities affect: All current versions of Windows and components that ship with it · How an attacker exploits them: Multiple vectors of attack, including sending specially crafted network packets, enticing your users to open malicious files, or running malicious applications locally · Impact: Various results; in the worst case, an attacker can gain complete control of your Windows computer · What to do: Install the appropriate Microsoft patches immediately, or let Windows Automatic Update do it for you. Exposure: Yesterday, Microsoft released six security bulletins describing seven vulnerabilities that affect Windows and components that ship with it. Each vulnerability affects different versions of Windows to varying degrees. However, a remote attacker could exploit the worst of these flaws to gain complete control of your Windows PC. The summary below lists the vulnerabilities, in order from highest to lowest severity. · MS11-059: Data Access Components Code Execution Vulnerability According to Microsoft, Windows Data Access Components (Windows DAC) help provide access to information across an enterprise. Unfortunately, Windows DAC allows unrestricted access to the loading of external libraries. By enticing one of your users to open a specially crafted Excel file residing in the same location as a malicious DLL file, an attacker could exploit this flaw to execute code on that user's system, with that users privileges. If your users have local administrative privileges, the attacker gains complete control of their machine. This flaw only affects Windows 7 and later. Microsoft rating: Important. · MS11-061: Remote Desktop Web Access XSS Vulnerability Windows Remote Desktop (RD) allows you to gain network access to your Windows desktop from anywhere. The Web Access component provides this capability through a web browser. Unfortunately, the RD Web Access component suffers from a Cross-Site Scripting (XSS) vulnerability. By enticing one of your users into clicking a specially crafted link, an attacker could run script on that users computer under the context of the RD Web Access component, potentially giving the attacker access to your remote desktop. This flaw only affects Windows Server 2008 R2 x64. Microsoft rating: Important. · MS11-062: RAS NDISTAPI Driver Elevation of Privilege Vulnerability Remote Access Service (RAS) is a component that allows you to access networks over phone lines, and the NDISTAPI driver is one of the RAS components that helps provide this functionality. The NDISTAPI driver doesn't properly validate users input that it passes to the Windows kernel. By running a specially crafted application, an attacker can leverage this flaw to elevate his privilege, gaining complete control of your Windows machine. However, the attacker would first need to gain local access to your Windows computers using valid credentials, in order to run his special program. This factor significantly reduces the risk of this flaw. Finally, this flaw only affects XP and Server 2003. Microsoft rating: Important. · MS11-063: CSRSS Elevation of Privilege Vulnerability The Client/Server Run-time SubSystem (CSRSS) is an essential Windows component responsible for console windows and creating and deleting threads. It suffers from a Elevation of Privilege (EoP) vulnerability. Like the NDISTAPI driver flaw above, by running a specially crafted program, an authenticated attacker could leverage these flaws to gain complete, SYSTEM-level control of your Windows computers. However, like before, the attacker would first need to gain local access to your Windows computers using valid credentials, which somewhat reduces the risk of these flaws. Microsoft rating: Important. · MS11-064: TCP/IP Stack DoS Vulnerabilities The Windows TCP/IP stack provides IP-based network connectivity to your computer. It suffers from two Denial of Service (DoS) vulnerabilities. On of the flaws is a variant of the very old Ping of Death vulnerability. By sending a specially crafted ICMP message, an attacker can cause your system to stop responding or reboot. Most firewalls, including WatchGuard's XTM appliances, prevent external exploit of this classic DoS flaw. The second flaw has to do with how the TCP/IP stack handles specially crafted URLs. By sending a specially crafted URL to one of your Windows Web servers, an attacker could exploit this flaw to cause the server to lock up or reboot. These flaws only affect Windows Vista and later. Microsoft rating: Important. · MS11-068: Windows Kernel DoS Vulnerability The kernel is the core component of any computer operating system. The Windows kernel suffers from a Denial of Service (DoS) vulnerability, involving a flaw in the way it parses metadata in files. By running a specially crafted program, an attacker could leverage this flaw to gain complete control of your Windows computers. However, the attacker would first need to gain local access to your Windows computers using valid credentials. This factor significantly reduces the risk of these flaws. This flaw only affect Windows Vista and later. Microsoft rating:Moderate. Solution Path: Microsoft has released patches for Windows which correct all of these vulnerabilities. You should download, test, and deploy the appropriate patches throughout your network immediately. If you choose, you can also let Windows Update automatically download and install these for you. MS11-059: · For Windows 7 (w/SP1) · For Windows 7 x64 (w/SP1) · For Windows Server 2008 R2 x64 (w/SP1) · For Windows Server 2008 R2 Itanium (w/SP1) MS11-061: · For Windows Server 2008 R2 x64 MS11-062: · For Windows XP (w/SP3) · For Windows XP x64 (w/SP2) · For Windows Server 2003 (w/SP2) · For Windows Server 2003 x64 (w/SP2) · For Windows Server 2003 Itanium (w/SP2) MS11-063: · For Windows XP (w/SP3) · For Windows XP x64 (w/SP2) · For Windows Server 2003 (w/SP2) · For Windows Server 2003 x64 (w/SP2) · For Windows Server 2003 Itanium (w/SP2) · For Windows Vista (w/SP2) · For Windows Vista x64 (w/SP2) · For Windows Server 2008 (w/SP2) · For Windows Server 2008 x64 (w/SP2) · For Windows Server 2008 Itanium (w/SP2) · For Windows 7 (w/SP1) · For Windows 7 x64 (w/SP1) · For Windows Server 2008 R2 x64 (w/SP1) · For Windows Server 2008 R2 Itanium (w/SP1) MS11-064: · For Windows Vista (w/SP2) · For Windows Vista x64 (w/SP2) · For Windows Server 2008 (w/SP2) · For Windows Server 2008 x64 (w/SP2) · For Windows Server 2008 Itanium (w/SP2) · For Windows 7 (w/SP1) · For Windows 7 x64 (w/SP1) · For Windows Server 2008 R2 x64 (w/SP1) · For Windows Server 2008 R2 Itanium (w/SP1) MS11-068: · For Windows Vista (w/SP2) · For Windows Vista x64 (w/SP2) · For Windows Server 2008 (w/SP2) · For Windows Server 2008 x64 (w/SP2) · For Windows Server 2008 Itanium (w/SP2) · For Windows 7 (w/SP1) · For Windows 7 x64 (w/SP1) · For Windows Server 2008 R2 x64 (w/SP1) · For Windows Server 2008 R2 Itanium (w/SP1)
  3. Καλημέρα σε όλους <?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /> Δεν θα μπω στον σχολιασμό για το ποια τεχνολογία είναι καλύτερη και ποια χειρότερη , ο καθένας έχει τις απόψεις του ,οι προσωπική μου άποψη είναι επειδή δουλεύω με αρκετές Ναυτιλιακές είναι ότι εκεί που όλα είναι MS βάζω HyperV και έχω έως τώρα πραγματικό uptime 99%, σε κάποιες που υπάρχουν custom εφαρμογές σε unix έχω Vmware γιατί έτσι το βρήκα και παίζει μια χαρά . Το ποια πλατφόρμα προτιμώ καλύτερα, τον hyperV αλλά αυτό είναι υποκειμενικό Aπλά πραγματικά με ενόχλησε το ύφος του συναδέλφου κου Κουκουλιερου προς τον Παναγιώτη !!! Και ειλικρινά δεν θεωρώ ότι τα post σου συνάδελφε μπορούν να θεωρηθούν ότι είναι αντικειμενικά , γιατί τέτοιο πάθος δεν μπορώ να το κατανοήσω , ούτε μετοχές έχεις στην VMware (μακάρι να έχεις φυσικά ), ίσως φταίει το νερό όπως είπε και ο Βαγγέλης , ίσως οι Τσεχες , Και φυσικά όταν εκφέρεις δημόσια άποψη έχουν δικαίωμα να κριτικάρουν την άποψη σου, και εφόσον διαφωνούσες με αυτά που έγραφε ο Παναγιώτης να παραθέσεις της απόψεις σου. Αλλά το ύφος ήταν σε αρκετά σημεία λίγο ως πολύ εριστικό ,από τον τίτλο και μόνο ξεκινάς με άσχημο τρόπο και συνεχίζεις σε αρκετά σημεία του <<αντικειμενικού post >>να μειώνεις εμάς που δουλεύουμε στην ψωροκώσταινα (δεν το λες αλλά αυτό καταλαβαίνω εγω ότι πιστεύεις ) . Επιλογή μας φίλε μου είναι να προσπαθήσουμε να βοηθήσουμε την χώρα μας και τις εταιρείες που είναι στην Ελλάδα ο καθένας μας με τον τρόπο του , και ναι ,αν μπορώ να εξοικονομήσω χρήματα σε αυτούς τους δύσκολους καιρούς από ένα πελάτη μου χρησιμοποιώντας τον HyperV το κάνω και θα συνεχίσω να το κάνω Τυχαίνει να εργαζόμαστε εδώ στην χώρα μας που ευτυχώς η δυστυχώς τον 90-95% είναι μικρομεσαίες άρα μας ενδιαφέρει η σχέση τιμής απόδοσης Αυτό που δεν καταλαβαίνω είναι γιατί σε ενόχλησε κάτι που είναι αλήθεια γιατί δεν ξέρω στην μεγάλη εταιρεία που δουλεύεις εσύ , αλλά εδώ στην Ελλάδα αν πας σε στον οικονομικό διευθυντή και του πεις ότι θα πληρώσεις για κάτι που έχεις για να συνεχίσεις να το έχεις θα σε κοιτάξει κάπως…. Πάντως θα με ενδιέφερε μια σύγκριση στο ITPRO και ένα lab , δεν νομίζω να έχει πρόβλημα ο Δάσκαλος (Κλαδακης ), ανοιχτός είναι σε προτάσεις από όλους τους συναδέλφους καλές διακοπές σε όλους μας
  4. Ένα πολύ καλό άρθρο για τα θέματα ασφαλείας που μπορούν να επηρεάσουν την καθημερινότητα μας , για τους κινδύνους που γεννιούνται καθημερινά , είναι σίγουρα άξιο σχολιασμού , παραθέτω το άρθρο στα αγγλικά Las Vegas (CNN) -- If you've seen the 1983 movie "WarGames," in which a young Matthew Broderick accidentally uses computers to bring the world to the edge of "global thermonuclear war," then you have a pretty good idea what hackers and security researchers are super-concerned about these days -- in real life. Here at the Black Hat hacker conference at Caesars Palace, computer security experts have shown ways they can use virtual tools to tap into and tamper with all kinds of stuff in the real world, which is the gist of what made "WarGames" so scary. No longer limited to the digital domain, hackers -- many of them working for good -- are now targeting prison systems, the power grid and automobiles. They'll target anything with a mini-computer inside of it. These days, that's pretty much everything. Researcher Don Bailey pointed out that there's even a pill bottle with a cellular connection, so that it can remind its owner when to take his or her medicine. His first thought: "I'm not sure if that's a good idea." A computer worm called Stuxnet is the main reason hackers and security types are focusing on these "real-world exploits" right now. While Stuxnet isn't grabbing as many headlines these days as Anonymous and LulzSec -- two hacking groups that have been stealing personal data and taking over big-name websites -- in-the-know security experts and ex-government officials say the idea behind that worm is actually far scarier. "The Stuxnet attack is the Rubicon of our future," Cofer Black, the former head of the CIA's Counterterrorism Center, said during a keynote talk here. Stuxnet showed, for the first time, that a bit of malicious computer code could control industrial systems. The common wisdom is that the worm, which spread all over the Internet last year, was designed to attack and possibly blow up nuclear facilities in Iran. No one knows for sure who wrote that worm, and its powers were never put to use. But the code is out there, and security researchers and hackers are jumping at the chance to study that code and figure out what else it -- or something like it -- could do. The examples surfacing at Black Hat and DEF CON, a companion hacker conference attended by 15,000 people, sound like they're pulled from a Hollywood thriller. Tiffany Rad, a computer science professor by day, showed that a little-known electronic component in correctional facilities could be hacked and used to throw open all the doors that lock prisoners in their cells. "Where there exists a computer, there's still a chance of breaking that computer," said Teague Newman, who worked with Rad on the hack. The two say they have gone to the federal government with their research. They won't publish the exact code someone could use to tap into prison lock systems for fear that such an event would actually occur. The prison hack wasn't even that hard, they said. Working in a home basement in Virginia on a budget of $2,000, it took the duo only two hours to figure out and exploit the bug, which attacks a Siemens networking component called a programmable logic controller. "It was not difficult," Newman said. Siemens is working on a fix, but it won't necessarily come quickly. "We need time to go after those vulnerabilities," said a Siemens engineer who asked not to be named because he's not authorized to speak on the record. "It's not like in the IT world where you can quickly create a patch. We are really talking about critical systems here ... so if you create a patch you want to make sure the patch doesn't influence operations and the PLC (the networking component) is still running afterwards as designed." Rad and Newman said that company doesn't deserve all the blame. The way prison security systems are networked, and the way employees use them, are also at fault. Central computers that control locks should not be hooked up to the Internet, for example, but they often are, the researchers said. Other Black Hat speakers discussed the vulnerabilities of electrical grid and water systems, which, theoretically, could be attacked using similar methods. And further attacks focused on holes in cellular networks. Again, the targets are real-world, not virtual. Bailey of iSEC Partners demonstrated a way to hack into the mobile components on many cars to unlock or start the vehicles with a few texts from his Android phone. But breaking into cars isn't the scary part, Bailey said in an interview. "I could care less if I could unlock a car door," he said. "It's cool. It's sexy. But the same system is used to control phone, power, traffic systems. I think that's the real threat." As for solutions, Bailey said the problem is the cost and lack of regulation. "The issue is not just architecture but its cost," he said. "A lot of the errors and the vulnerabilities I'm seeing (are) in overall architecture. It's all systems -- whether it's your car or your tracking device or your pill bottle or whatever. "It's the issue of no regulations, no standards and no one enforcing any semblance of security." Security professionals need to step back from the technology and look at how these real-world systems -- from prisons to power plants -- are designed, said Tom Parker, vice president of security services at FusionX, a computer security company. "We're making the same mistakes over and over again," he said, adding that these at-risk networking components are doing more than they were designed to do. None of the researchers argue that society should stop putting little computers inside everything. Instead, they said, we need to work harder to make those little computers secure. And if we don't, they say, the consequences could be huge.
  5. A bug in a popular WordPress utility is being misused by attackers to upload and make appear on the targeted site annoying and possibly malicious content. The bug was discovered by Mark Maunder, the CEO of Feedjit, when he loaded his blog and an ad that should not have been there popped up. After digging through the code, he narrowed down the problem to TimThumb, an image resizing utility that is widely used by many WordPress themes. In fact, when Googling the timthumb.php script, more than 39 million results show just how widespread its use is. "The utility only does a partial match on hostnames allowing hackers to upload and execute arbitrary PHP code in your timthumb cache directory," explains Maunder. "Timthumb.php is inherently insecure because it relies on being able to write files into a directory that is accessible by people visiting your website." Curiously enough, TimThumb's developer's own site was hacked in the very same way. In a comment on Maunder's blog post, he apologized for the oversight in the code and said he hopes that his error didn't lead to too many problems. "At the moment the best fix is to simply use the latest version of TimThumb," he shared. "There have been a stack of tweaks that will make the script harder to abuse." For those who want to be absolutely sure that the script won't be misused by attackers, the best thing to do is to remove the file using rm timthumb.php for the time being, and make sure the removal didn’t affect the theme. Also, there are a lot of themes in which the name of this script has been modified to thumb.php, so search for that as well.
  6. Κατά την εγκατάσταση ενός SBS 2008 η ενός SBS2011 επειδή όλα τα features εγκαθιστάτε στο volume (C:), υπάρχουν αρκετά εργαλεία που μπορούν να μας βοηθήσουν να κερδίσουμε χώρο στο δίσκο C:\ Όταν ένας SBS τρέχει με περιορισμένο χώρο στον δίσκο C έχουμε κάποια services που δεν ξεκινανε , μπορεί να έχουμε προβλήματα στα mail μας και errors or non-delivery-reports: Error 0x800CCC6C, SMTP_452_NO_SYSTEM_STORAGE, η 452 4.3.1 Insufficient system resources. Από μπορούμε να γλιτώσουμε χώρο όμως ? ακολούθουν τα σημεία και ο τρόπος που μπορούμε να αυξήσουμε την χωρητικότητα μας . IIS and SBS Logs Από default, όλα τα IIS hosted web sites έχουν το logging ενεργό , μπορεί να δούμε μεγάλα folders στο C:\inetpub\logs\LogFiles (Αν θέλουμε να μεταφέρουμε τα log files δείτε στο post). Αν θέλουμε να σταματήσουμε τα log στον WSUS Τρέχουμε τον IIS Manager από τα Administrative Tools. 1. Expand Server, Sites, and select the WSUS Administration web site. 2. On the feature panel, click to open Logging. 3. Click Disable in the Actions panel (rightmost panel) 4. Μπορείτε να επαναλάβετε τα βήματα για όλα τα web site. Μερικά log files για τον SBS 2008 μπορεί να είναι πολύ μεγάλα , όλα τα SBS logs είναι στο folder (και στα subfolders): C:\Program Files\Windows Small Business Server\Logs\. Console.log, αυτό το log μεγαλώνει οσο ο SBS Console τρέχει *.evtx files, αυτά τα log files όταν ο server έχει μπει στην παραγωγή και εχουμε τελειώσει όλα τα βήματα της εγκατάστασης W3wp.log, στο C:\Program Files\Windows Small Business Server\Logs\WebWorkplace folder. Είναι τα log για το Remote Web Workplace. C:\Program Files\Windows Small Business Server\Logs\MonitoringServiceLogs folder. Αυτά είναι τα logs από το Windows SBS Manager service. POP3 Connector Badmail directory Αν έχουμε POP3 Connector, θα βρούμε στο C:\Program Files\Windows Small Business Server\Data\badmail αρχεία που μπορούμε να σβήσουμε The licensing log Μπορούμε να σβήσουμε τα events για τα Windows SBS 2008 licensing log Για να σβήσουμε events από το Windows SBS 2008 licensing log 1. Πάμε στον server, ανοίγουμε Command Prompt window σαν administrator. Start, à command prompt. 2. Command Prompt, and then click Run as administrator. 3. Πληκτρολογούμε : del "%systemroot%\system32\winevt\logs\Microsoft-Windows-Server Infrastructure Licensing*%4Debug.etl.*" Για να απενεργοποιήσουμε από Registry Editor το licensing log. 1. Click Start, type regedit, and then press ENTER. 2. In Registry Editor, locate and then click the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ServerInfrastructureLicensing 3. In the details pane, right-click TraceMask, and then click Modify. 4. In the Edit DWORD dialog box, change the value for Value data to 0 (zero), and then click OK. 5. Restart the server. Windows Server Update Services (WSUS) Server Cleanup Wizard Στο WSUS, μπορούμε να σβήσουμε τα unused updates και τα update revisions,. Μπορούμε να τρέξουμε τον WSUS Server Cleanup Wizard. Server Cleanup Wizard : 1. In the WSUS administration console (launch it from the Administrative Tools), select Options, and then Server Cleanup Wizard. 2. By default this wizard will remove unneeded content and computers that have not contacted the server for 30 days or more. Select all possible options, and then click Next. 3. The wizard will begin the cleanup process, and will present a summary of its work when it is finished, depending on the server performance, this may take a very long time. Click Finish to complete the process. Very large SharePoint SQL transaction log file Για τα transaction logs από τα sharepoint μπορούμε να πάρουμε πληροφορίες από 2000544 SBS 2008 BPA Reports that The Windows SharePoint Services configuration databases log file is getting large (currently over 1gb in size) Active Directory Certificate Services transaction log files Όταν ολοκληρώνετε ένα a critical or system state backup of the C: volume, ένα νέο transaction log δημιουργείτε στο c:\windows\system32\certlog\ folder. Είναι ασφαλές να αφαιρέσουμε αυτά τα logs όσο το CA database file είναι consistent. Open the Services MMC and stop the Active Directory Certificate Services service. 1. Make a backup copy of ALL the file contents present in the c:\windows\system32\certlog\ folder. 2. Delete EDB.CHK and all the files that have an extension of .LOG (*.LOG) 3. Restart the Active Directory Certificate Services service. Windows Component Clean Tool Τέλος το Windows Component Clean Tool (COMPCLN.exe) Σημείωση : You cannot uninstall Windows Vista SP2 or Windows Server 2008 SP2 after you run this tool on an image.
  7. Severity: Medium Summary: · This vulnerability affects: Visio 2003, only · How an attacker exploits it: By enticing one of your users into opening a maliciously crafted Visio document · Impact: An attacker can execute code, potentially gaining complete control of your users' computers · What to do: Deploy the Visio 2003 patch as soon as possible, or let Windows Update do it for you Exposure: Microsoft Visio is a very popular diagramming application, which many administrators use to create network diagrams. It also ships with some Office packages. In a security bulletin released today, Microsoft describes a security vulnerability that only affects Visio 2003. Specifically, Visio 2003 suffers from an insecure Dynamic Link Library (DLL) loading vulnerability, sometimes referred to as a binary planting flaw. We first described this class of flaw in a September Wire post, which describes this Microsoft security advisory. If an attacker can entice one of your users into opening a Visio related filw (such as .vsd, .vdx, .vst, or .vtx) file from the same location as a specially crafted DLL, he could exploit this flaw to execute code on that user’s computer with full system privileges, thus gaining complete control of the computer. Solution Path: Microsoft has released a Visio 2003 patch to fix this flaw. You should download, and deploy the patch as soon as possible, or let Windows Update do it for you. Status: Microsoft has released a fix.
  8. Μερικές φορές έχει παρατηρηθεί σε sbs2011 να έχουμε το έξης μήνυμα κατά την επανεκκίνηση του συστήματος μας BOOTMGR is missing. Press Ctrl+Alt+Del to restart. Ένας από τους λόγους που μπορεί να προκληθεί αυτό το μήνυμα είναι αν το System Reserved Partition δεν είναι Active. Για να το επιλύσουμε θα χρειαστούμε το DVD tou SBS2011 και θα πρέπει να κάνουμε τις έξης ενέργειες 1.) Boot server από το installation disk του SBS 2.) Επιλέγουμε Next και μετά 'Repair your computer' 3.) Επιλέγουμε το πρωτο radio button, και πατάμε Next. 4.) Επιλεγούμε το 'Command Prompt' και δίνουμε τις εξής εντολές 5.) Πληκτρολογούμε την εντολή Diskpart και πατάμε Enter. 6.) Πληκτρολογούμε την εντολή List Volume και πατάμε Enter. Θα δούμε όλα τα volumes του συστήματος μας 7.) Το System Reserved partition είναι περίπου 100 MB. Στο δικό μας παράδειγμα είναι το Voulme 1 και έχει το γράμμα D. 8.) Πληκτρολογούμε την εντολή Select Volume 1 και μετά Enter. 9.) Πληκτρολογούμε την εντολή Active και μετά Enter. Θα δούμε το έξης μήνυμα 'DiskPart marked the current partition as active'. 10.) Πληκτρολογούμε την εντολή List Volume και μετά Enter. Θα δούμε ένα αστερίσκο για το active (*) ,στην περίπτωση μας το System Reserved partition. 11.) Για να σιγουρευτούμε ότι System Partition είναι Active, Πληκτρολογούμε την εντολή List Disk και μετά Enter. 12.) Συνήθως ο Disk 0 έχει τα Windows . Πληκτρολογούμε την εντολή Select Disk 0 και μετά Enter. Θα δούμε το μήνυμα 'Disk 0 is now the selected disk'. 13.) Πληκτρολογούμε την εντολή List Partition και Enter. 14.) Πληκτρολογούμε την εντολή Select Partition 1 και Enter. Θα δούμε το μήνυμα 'Partition 1 is now the selected partition'. 15.) Πληκτρολογούμε την εντολή Detail Partition και Enter. Όπως βλέπουμε το System Partition (που είναι το Partition 1 στον Disk 0) είναι Active. 11.) Βγαίνουμε από το DiskPart και δίνουμε reboot στον server Είμαστε έτοιμη και το σύστημα μας πλέον μπορεί να λειτουργήσει κανονικά
  9. · These vulnerabilities affect: All current versions of Windows and components that ship with it · How an attacker exploits them: Multiple vectors of attack, including sending specially crafted wireless Bluetooth traffic · Impact: An attacker can gain complete control of your Windows computer · What to do: Install the appropriate Microsoft patches immediately, or let Windows Automatic Update do it for you. Exposure: Today, Microsoft released three security bulletins describing 21 vulnerabilities that affect Windows and components that ship with it. Each vulnerability affects different versions of Windows to varying degrees. However, a remote attacker could wirelessly exploit the worst of these flaws to gain complete control of your Windows PC. The summary below lists the vulnerabilities, in order from highest to lowest severity (according to Microsoft's summary). · MS11-053: Bluetooth Stack Code Execution Vulnerability Bluetooth is an open wireless technology and standard for transmiting data over short distances. The Bluetooth stack that ships with more recent versions of Windows suffers from a code execution vulnerability involving how it accesses memory that hasn't been deleted or initialized. By wirelessly sending a series of specially crafted Bluetooth packets, an attacker could leverage this flaw to gain complete control of your vulnerable computers. However, an attacker would need to remain in Bluetooth range to carry out this attack. The average range of Bluetooth varies from 5 to 100 meters. However, using special gear, Bluetooth "Snipers" have extended the range up to a Kilometer. This flaw only affects Windows Vista and 7. Microsoft rating: Critical · MS11-054 15 Kernel-Mode Driver Elevation of Privilege Flaws The kernel is the core component of any computer operating system. Windows also ships with a kernel-mode device driver (win32k.sys) which handles many kernel-level devices. This kernel-mode driver suffers from 15 elevation of privilege (EoP) vulnerabilities. The flaws all differ technically, but generally share the same scope and impact. By running a specially crafted program, a local attacker could leverage these flaws to gain complete control of your Windows computers. However, the attacker would first need to gain local access to your Windows computers using valid credentials. This factor significantly reduces the risk of this flaw. Microsoft rating: Important · MS11-056: CSRSS Local Elevation of Privilege Vulnerability The Client/Server Run-time SubSystem (CSRSS) is an essential Windows component responsible for console windows and creating and deleting threads. It suffers from five technically different, but functionally similar, Elevation of Privilege (EoP) vulnerabilities. Like the Kernel-Mode Driver flaw above, by running a specially crafted program, an authenticated attacker could leverage these flaws to gain complete, SYSTEM-level control of your Windows computers. However, like before, the attacker would first need to gain local access to your Windows computers using valid credentials, which somewhat reduces the risk of these flaws. · Microsoft rating: Important Solution Path: Microsoft has released patches for Windows which correct all of these vulnerabilities. You should download, test, and deploy the appropriate patches throughout your network immediately. If you choose, you can also let Windows Update automatically download and install these for you. MS11-053: · For Windows Vista w/SP1 · For Windows Vista w/SP2 · For Windows Vista x64 w/SP1 · For Windows Vista x64 w/SP2 · For Windows 7 · For Windows 7 x64 * Note: Windows Vista SP1 is only affected if you install the optional Feature Pack for Wireless MS11-054: · For Windows XP (w/SP3) · For Windows XP x64 (w/SP2) · For Windows Server 2003 (w/SP2) · For Windows Server 2003 x64 (w/SP2) · For Windows Server 2003 Itanium (w/SP2) · For Windows Vista (w/SP1 or SP2) · For Windows Vista x64 (w/SP1 or SP2) · For Windows Server 2008 (w/SP2) · For Windows Server 2008 x64 (w/SP2) · For Windows Server 2008 Itanium (w/SP2) · For Windows 7 · For Windows 7 x64 · For Windows Server 2008 R2 x64 · For Windows Server 2008 R2 Itanium MS11-056: · For Windows XP (w/SP3) · For Windows XP x64 (w/SP2) · For Windows Server 2003 (w/SP2) · For Windows Server 2003 x64 (w/SP2) · For Windows Server 2003 Itanium (w/SP2) · For Windows Vista (w/SP1 or SP2) · For Windows Vista x64 (w/SP1 or SP2) · For Windows Server 2008 (w/SP2) · For Windows Server 2008 x64 (w/SP2) · For Windows Server 2008 Itanium (w/SP2) · For Windows 7 · For Windows 7 x64 · For Windows Server 2008 R2 x64 · For Windows Server 2008 R2 Itanium Status: Microsoft has released patches correcting these issues. References: · Microsoft Security Bulletin MS11-053 · Microsoft Security Bulletin MS11-054 · Microsoft Security Bulletin MS11-056
  10. Σε συνέχεια προηγούμενου post που μιλήσαμε για το backup σε sbs2011 –sbs2008 συνεχίζουμε και θα μιλήσουμε για το system state backup Το backup wizard στον SBS 2008/2011 περιέχει όλες τια απαραίτητες πληροφορίες για να μπορούμε να επαναφέρουμε ολοκληρωτικά τον server. Όπως είναι φυσικό περιέχει και το system state. Μερικές φόρες είναι αναγκαίο να έχουμε ένα backup μόνο του system state , πχ αν κάνουμε σημαντικές αλλαγές στο active directory. Για να το καταφέρουμε αυτό δεν μπορούμε να το κάνουμε από το GUI interface του backup.θα πρέπει να χρησιμοποιήσουμε το εργαλείο wbadmin.exe ,που είναι command line εργαλείο . Ανοίγουμε ένα command prompt σαν administrator. Η εντολή για να ξεκινήσουμε ένα system state backup είναι : Wbadmin start systemstatebackup –backuptarget:Ε: Όπου Ε : είναι το drive που θέλουμε να έχουμε το system state backup. Το target volume για το system state backup δεν μπορεί να είναι το source volume by default. Αν θέλουμε να το αλλάξουμε αυτό πρέπει να πάμε στο μητρώο και να φτιάξουμε μια εγγραφή AllowSSBToAnyVolume στον server. HKLM\SYSTEM\CurrentControlSet\Services\wbengine\SystemStateBackup\AllowSSBToAnyVolume Type: DWORD Value: 1 Aν έχουμε value of 0 δεν μας αφήνει να έχουμε το system state backup στο source volume. Aν έχουμε value of 1 μας αφήνει να έχουμε system state backup στο source volume. Πάντως καλό θα είναι να το αποφεύγουμε να έχουμε το backup του system state στο source δίσκο Όταν τρέξουμε το εργαλείο θα δημιουργηθεί ένα directory στο target drive που ορίσαμε με όνομα WindowsImageBackup, αυτό θα είναι περίπου 11GB Αν θέλουμε να κάνουμε restore system state backup , κάνουμε reboot τον server σε Directory Services Restore Mode (DSRM). Μόλις μπούμε σε DSRM, ανοίγουμε command prompt με administrator rights και εκτελούμε τις ακόλουθες εντολές για να ξεκινήσει το restore. Πρώτα θα δούμε το version από το backup που θέλουμε να κάνουμε restore. Τρέχουμε την WBADMIN GET VERSIONS που θα μας δώσει όλα τα backups στο μηχάνημα και το version identifier. Θα είναι ως εξης : Backup time: 16/6/2011 3:33 PM Backup target: Fixed Disk labeled Ε: Version identifier: 16/06/2011-20:33 Can Recover: Application(s), System State Αφού δούμε το version identifier, ξεκινάμε το restore με την έξης εντολή WBADMIN START SYSTEMSTATERECOVERY -version: <version id> Όπου version id είναι το version identifier που μας έδωσε η εντολή the Get Versions command. Δηλαδή WBADMIN START SYSTEMSTATERECOVERY -version: 10/06/2011-20:33 Η WBADMIN θα μας κάνει restore το system state ,όταν ολοκληρωθεί κάνουμε σε reboot σε normal mode πλέον για να ολοκληρωθεί το restore. To part 1ΕΔΩ
  11. Για να αλλάξουμε το client time-out για το Remote Web Workplace ( το default = 30 minutes) 1. Ανοίγουμε τον Registry Editor. 2. Βρίσκουμε το : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SmallBusinessServer\ \RemoteUserPortal αν δεν υπαρχει το RemoteUserPortal το δημιουργούμε !!! 3. Φτιάχνουμε ένα DWORD (32-bit) value με όνομα PublicTimeOut 4. Στο Value data Βάζουμε τα min που θέλουμε να μας κάνει to Remote Web Workplace session times out Σημαντικό που θέλει προσοχή : Αυτό που θα βάλουμε θα πρέπει να μην είναι μεγαλύτερο από 1440 Decimal (5a0 Hex). Αν είναι δεν θα δουλεύει καλά !!! 5. Πατάμε OK. Για να αλλάξουμε το server time-out για το Remote Web Workplace (default = 20 minutes) 1. Πάμε στον Windows SBS 2008 server, --> Start-->Administrative Tools, -->Information Services (IIS) Manager. 2. User Account Control prompt, πατάμε συνεχεία (αν το έχετε enable που πρέπει να το έχετε ) 3. Αριστερα διπλο double-click στο onoma tou server 4. Διπλό κλικ στα Sites για αν γίνει expand iκαι μετά Διπλό κλικ στο SBS Web Applications 5. Στο SBS Web Applications Home, Διπλό κλικ στο Session State. 6. Στο Cookie Settings, αλλάζουμε το Time-out (in minutes) 7. Τέλος πατάμε ΟΚ για αν σώσουμε τις αλλαγές μας Αν το client timeout value είναι μεγαλύτερο από το server timeout value: Η RWW page θα μας κάνει will log you off μετα το client timeout value και θα μας γυρίσει στο RWW logon page χωρίς κάποιο άλλο μήνυμα, Αν ανοίξουμε το OWA από το link που έχουμε στο RWW, το OWA page επίσης θα μας κάνει logged off και θα μας γυρίσει στο OWA logon page όταν πάμε να κλικαρουμε οτιδήποτε μέσα στο OWA. Αν το client timeout value είναι ισο η μικρότερο από το server timeout value: Η RWW page θα μας κάνει will log you off βασιζόμενη στο client timeout value και θα έχουμε μήνυμα στην οθόνη μας όπως . Αν έχουμε ανοίξει το OWA από το link που έχουμε στο RWW, τότε το OWA θα παραμείνει ανοιχτό μέχρι το δικό του timeout που είναι 15 minutes). Για πληροφορίες για το OWA idle timeout μπορούμε να δούμε στο TechNet: OWA Public TimeOut (default is 15 minutes) OWA Private TimeOut (default is 8 hours)
  12. Summary: · These vulnerabilities affect: All current versions of Windows and components that ship with it (as well as some optional components like .NET Framework) · How an attacker exploits them: Multiple vectors of attack, including sending specially crafted network traffic or enticing your users to view malicious images · Impact: Various results; in the worst case, an attacker can gain complete control of your Windows computer · What to do: Install the appropriate Microsoft patches immediately, or let Windows Automatic Update do it for you. Exposure: Today, Microsoft released eleven security bulletins describing a dozen vulnerabilities that affect Windows and components that ship with it. Each vulnerability affects different versions of Windows to varying degrees. However, a remote attacker could exploit the worst of these flaws to gain complete control of your Windows PC. The summary below lists the vulnerabilities, in order from highest to lowest severity (according to Microsoft's summary). · MS11-038: OLE Automation Code Execution Vulnerability According to Microsoft, Object Linking and Embedding (OLE) Automation is a Windows protocol that allows an application to share data with or to control another application. Unfortunately, OLE Automation suffers from a vulnerability involving the way it parses specially crafted Windows MetaFile (WMF) images. By tricking a user into viewing a specially crafted image, perhaps hosted on a web site, an attacker could exploit this flaw to execute code with that user's privileges. If your users have local administrative privileges, the attacker gains complete control of their machines. Microsoft rating: Critical · MS11-039 & MS11-044 : Two .NET Framework Code Execution Vulnerabilities The .NET Framework is software framework used by developers to create new Windows and web applications. The .NET Framework (and SilverLight) suffers from two complex vulnerabilities having to do with how it validates parameters passed to network function, or how its JIT compiler validates values within objects. The scope and impact of these complex vulnerabilities differs depending on the attack vector. There are three potential vectors of attack: An attacker can host a malicious .NET web site; attack your .NET web site, or leverage one of your custom .NET applications to potentially elevate his privilege. We believe the malicious .NET web site poses the most risk. If an attacker can entice you to a specially crafted site (or to a legitimate site that somehow links to his malicious site), he can exploit this flaw to execute code on your computer, with your privileges. If you are a local administrator, the attacker has full control of your machine. If you've installed .NET Framework, you should patch, even if you do not run custom .NET applications or web sites. Microsoft rating: Critical · MS11-041 Kernel-Mode Drivers Code Execution Vulnerability The kernel is the core component of any computer operating system. Windows also ships with a kernel-mode device driver (win32k.sys) which handles many kernel-level devices. This kernel-mode driver suffers from a code execution flaw involving the way it handles OpenType fonts on 64-bit systems. By enticing one of your users to view a specially crafted font, an attacker could exploit this flaw to gain full control of that user's computer (regardless of the user's privilege). However, the malicious font would have to reside on the local computer, or a network share in order for this attack to succeed. Again, the flaw only affects 64-bit versions of Windows. Microsoft rating: Critical · MS11-042 DFS Memory Corruption Vulnerability Microsoft's Distributed File System (DFS) is a collection of client and server services that allows you to create what appears to be a single file share, but actually consists of shares on multiple hosts. The Windows DFS service suffers from two security vulnerabilities. The worst is a memory corruption flaw that has to do with how the DFS client handles specially crafted DFS responses. By hosting a malicious server on your network, which sends specially crafted DFS responses to requesting clients, an attacker could exploit this memory corruption flaw to gain complete control of a Windows computer (or in some cases, just crash your computer). That said, most adminstrators do not allow DFS traffic past their firewall. So these vulnerabilites primarily pose an internal risk. Microsoft rating: Critical · MS11-043: SMB Client Code Execution Vulnerability Microsoft Server Message Block (SMB) is the protocol Windows uses for file and print sharing. According to Microsoft, the Windows SMB client suffers from a security vulnerability which attackers could leverage to execute malicious code. By enticing one of your users to connect to a malicious SMB server, or by sending a specially crafted SMB message in response to a legitimate local request, an attacker can exploit this flaw to gain complete control of a vulnerable Windows computer. However, firewalls like WatchGuard's XTM appliances typically block SMB traffic from the Internet, making these vulnerabilities primarily an internal risk. That said, many types of malware leverage SMB vulnerabilities to self-propagate within networks, once they infect their first victim. Microsoft rating: Critical · MS11-037: MHTML Information Disclosure Vulnerability In our February advanced notification post, we mentioned a zero day MHTML vulnerability that was similar to a Cross-site Scripting (XSS) vulnerability.The flaw involves the Windows MHTML or MIME HTML component, which is used to handle special web pages that include both HTML and MIME (typically pictures, audio, or video) content contained in one file. If an attacker can entice you to visit a specially crafted web-page, or click a malicious link, he could exploit this flaw in much the same way he might exploit a Cross-Site Scripting (XSS) vulnerability; to steal your cookies, redirect your browser to malicious sites, or essentially take any action you could on a web site. Last April, Microsoft supposedly fixed this flaw. However, their fix must not have been complete since this update fixes a new variant of essentially the same issue. Microsoft rating: Important. · MS11-046 AFD Elevation of Privilege Vulnerability The Ancillary Funtion Driver (AFD.sys) is driver that handles Winsock TCP/IP communications. This kernel-mode driver suffers from an elevation of privilege (EoP) vulnerability. By running a specially crafted program, a local attacker could leverage these flaws to gain complete control of your Windows computers. However, the attacker would first need to gain local access to your Windows computers using valid credentials. This factor significantly reduces the risk of this flaw. Microsoft rating: Important · MS11-047: Windows 2008 Hyper-V DoS Vulnerability Hyper-V is the hypervisor technology that Windows 2008 uses for virtualization. Hyper-V suffers from a Denial of Service (DoS) vulnerability having to do with how it handles specially crafted communications between a guest OS and the host OS. By running a specially crafted program within a guest OS, an attacker can exploit this flaw to cause a 2008 server to stop responding until you reboot it. However, the attacker needs administrative access on the guest OS in order to exloit this flaw. The flaw only affects 2008 servers. Microsoft rating: Important · MS11-048: SMB Server DoS Vulnerability The Windows SMB Server suffers from a Denial of Service (DoS) vulnerability having to do with how it handles specially crafted SMB requests. By sending a specially crafted SMB packet, an attacker can exploit this flaw to cause a Windows computer to stop responding until you rebooted it. Like the SMB client vulnerabilit mentioned before, this vulnerability primarily poses an internal risk since firewalls block SMB. Microsoft rating: Important · MS11-051 AD Certificate Services Web Enrollment EoP Vulnerability The Active Directory (AD) Certificates Services Web Enrollment site suffers from a Cross-site Scripting (XSS) vulnerability. By enticing one of your users to click a specially crafted link, an attacker could exploit this flaw to steal your cookies, redirect your browser to malicious sites, or essentially take any action you could on the AD Web Enrollment site. This flaw only affects the non-Itanium, server versions of Windows. Microsoft rating: Important Solution Path: Microsoft has released patches for Windows which correct all of these vulnerabilities. You should download, test, and deploy the appropriate patches throughout your network immediately. If you choose, you can also let Windows Update automatically download and install these for you. MS11-038: · For Windows XP (w/SP3) · For Windows XP x64 (w/SP2) · For Windows Server 2003 (w/SP2) · For Windows Server 2003 x64 (w/SP2) · For Windows Server 2003 Itanium (w/SP2) · For Windows Vista (w/SP1 or SP2) · For Windows Vista x64 (w/SP1 or SP2) · For Windows Server 2008 (w/SP2) * · For Windows Server 2008 x64 (w/SP2) * · For Windows Server 2008 Itanium (w/SP2) · For Windows 7 · For Windows 7 x64 · For Windows Server 2008 R2 x64 * · For Windows Server 2008 R2 Itanium * Note: Server Core installations not affected. MS11-039 & MS11-044: Due to the complicated, version-dependent nature of .NET Framework updates, we recommend you see the Affected & Non-Affected Software section of Microsoft's Bulletins for patch details (or let Windows Automatic Updates handle the patch for you). · MS11-039 Affected & Non-Affected Software section · MS11-044 Affected & Non-Affected Software section MS11-041: · For Windows XP x64 (w/SP2) · For Windows Server 2003 x64 (w/SP2) · For Windows Server 2003 Itanium (w/SP2) · For Windows Vista x64 (w/SP1 or SP2) · For Windows Server 2008 x64 (w/SP2) · For Windows Server 2008 Itanium (w/SP2) · For Windows 7 x64 · For Windows Server 2008 R2 x64 · For Windows Server 2008 R2 Itanium MS11-042: · For Windows XP (w/SP3) · For Windows XP x64 (w/SP2) · For Windows Server 2003 (w/SP2) · For Windows Server 2003 x64 (w/SP2) · For Windows Server 2003 Itanium (w/SP2) · For Windows Vista (w/SP1 or SP2) · For Windows Vista x64 (w/SP1 or SP2) · For Windows Server 2008 (w/SP2) · For Windows Server 2008 x64 (w/SP2) · For Windows Server 2008 Itanium (w/SP2) · For Windows 7 · For Windows 7 x64 · For Windows Server 2008 R2 x64 · For Windows Server 2008 R2 Itanium MS11-043: · For Windows XP (w/SP3) · For Windows XP x64 (w/SP2) · For Windows Server 2003 (w/SP2) · For Windows Server 2003 x64 (w/SP2) · For Windows Server 2003 Itanium (w/SP2) · For Windows Vista (w/SP1 or SP2) · For Windows Vista x64 (w/SP1 or SP2) · For Windows Server 2008 (w/SP2) · For Windows Server 2008 x64 (w/SP2) · For Windows Server 2008 Itanium (w/SP2) · For Windows 7 · For Windows 7 x64 · For Windows Server 2008 R2 x64 · For Windows Server 2008 R2 Itanium MS11-037: · For Windows XP (w/SP3) · For Windows XP x64 (w/SP2) · For Windows Server 2003 (w/SP2) · For Windows Server 2003 x64 (w/SP2) · For Windows Server 2003 Itanium (w/SP2) · For Windows Vista (w/SP1 or SP2) · For Windows Vista x64 (w/SP1 or SP2) · For Windows Server 2008 (w/SP2) * · For Windows Server 2008 x64 (w/SP2) * · For Windows Server 2008 Itanium (w/SP2) · For Windows 7 · For Windows 7 x64 · For Windows Server 2008 R2 x64 * · For Windows Server 2008 R2 Itanium * Note: Server Core installations not affected. MS11-046: · For Windows XP (w/SP3) · For Windows XP x64 (w/SP2) · For Windows Server 2003 (w/SP2) · For Windows Server 2003 x64 (w/SP2) · For Windows Server 2003 Itanium (w/SP2) · For Windows Vista (w/SP1 or SP2) · For Windows Vista x64 (w/SP1 or SP2) · For Windows Server 2008 (w/SP2) · For Windows Server 2008 x64 (w/SP2) · For Windows Server 2008 Itanium (w/SP2) · For Windows 7 · For Windows 7 x64 · For Windows Server 2008 R2 x64 · For Windows Server 2008 R2 Itanium MS11-047: · For Windows Server 2008 (w/SP2) · For Windows Server 2008 x64 (w/SP2) · For Windows Server 2008 Itanium (w/SP2) MS11-048: · For Windows Vista (w/SP1 or SP2) · For Windows Vista x64 (w/SP1 or SP2) · For Windows Server 2008 (w/SP2) · For Windows Server 2008 x64 (w/SP2) · For Windows Server 2008 Itanium (w/SP2) · For Windows 7 · For Windows 7 x64 · For Windows Server 2008 R2 x64 · For Windows Server 2008 R2 Itanium MS11-051: · For Windows Server 2003 (w/SP2) · For Windows Server 2003 x64 (w/SP2) · For Windows Server 2008 (w/SP2) · For Windows Server 2008 x64 (w/SP2) · For Windows Server 2008 R2 x64 Status: Microsoft has released patches correcting these issues. References: · Microsoft Security Bulletin MS11-037 · Microsoft Security Bulletin MS11-038 · Microsoft Security Bulletin MS11-039 · Microsoft Security Bulletin MS11-041 · Microsoft Security Bulletin MS11-042 · Microsoft Security Bulletin MS11-043 · Microsoft Security Bulletin MS11-044 · Microsoft Security Bulletin MS11-046 · Microsoft Security Bulletin MS11-047 · Microsoft Security Bulletin MS11-048 · Microsoft Security Bulletin MS11-051
  13. Summary: · These vulnerabilities affect: Most current versions of Excel, which ships with Microsoft Office · How an attacker exploits it: By enticing one of your users to open a malicious Excel document · Impact: In the worst case, an attacker executes code on your user's computer, gaining complete control of it · What to do: Install Microsoft Office updates as soon as possible, or let Microsoft's automatic update do it for you Exposure: As part of today's Patch Day, Microsoft released a security bulletin describing eight vulnerabilities found in Excel -- part of Microsoft Office for Windows and Mac. The flaws also affect some of the Office document viewer and converter applications Though the eight vulnerabilities differ technically, they share the same scope and impact. If an attacker can entice one of your users into downloading and opening a maliciously crafted Excel document, he can exploit any of these vulnerabilities to execute code on a victim's computer, usually inheriting that user's level of privileges and permissions. If your user has local administrative privileges, the attacker gains full control of the user's machine. Solution Path Microsoft has released patches for Office to correct all of these vulnerabilities. You should download, test, and deploy the appropriate patches throughout your network immediately, or let the Microsoft Automatic Update feature do it for you. Excel update for: · Office XP w/SP3 · Office 2003 w/SP3 · Office 2007 w/SP2 · Office 2010 32-bit · Office 2010 64-bit · Office 2004 for Mac · Office 2008 for Mac · Office for Mac 2011 · Open XML File Format Converter for Mac · Excel Viewer · Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Status: Microsoft has released Office updates to fix these vulnerabilities. References: · MS Security Bulletin MS11-045
  14. Σήμερα ανακοινώθηκαν νέα update που διορθώνουν περίπου 34 προβλήματα ασφαλείας που αφορούν αρκετά προϊόντα όπως · Internet Explorer (IE) · Windows (and components that ship with it) · Office · SQL Server · .NET Framework · Silverlight · Visual Studio · Forefront Threat Management Gatewa Πληροφορίες στο Microsoft's summary bulletin. Καλό θα είναι να δώσουμε προσοχή στα update που αφορούν τον ΙΕ άμεσα That said, lately attackers have focused on leveraging web and browser-based vulnerabilities to install malware via "Drive-by Downloads."
  15. Σε συστήματα server SBS 2008 η SBS2011 ενδέχεται μετά από reboot να μην μπορούν να ξεκινήσουν αυτόματα κάποιες υπηρεσίες που αφορούν τον Microsoft Exchange server 2007 η τον Microsoft Exchange server 2010 Τα services που δεν ξεκινούν είναι Microsoft Exchange Information Store Microsoft Exchange RPC Client Access (SBS 2011 Server Only) Microsoft Exchange Forms Based Authentication (SBS 2011 Server Only) Στο event viewer συνήθως θα δούμε κάποια η όλα από τα εξής μηνύματα Το Αναγνωριστικό συμβάντος: 1005 Προέλευση: MSExchangeSA Κατηγορία: Γενικά Τύπος: σφάλμα Το Αναγνωριστικό συμβάντος: 2601 Προέλευσης: MSExchange ADAccess Κατηγορία: Γενικά Τύπος: προειδοποίηση Το Αναγνωριστικό συμβάντος: 1121 Προέλευση: MSExchangeIS Κατηγορία: Γενικά Τύπος: σφάλμα Περιγραφή: Σφάλμα 0x96e τη σύνδεση με το Microsoft Active Directory. Το Αναγνωριστικό συμβάντος: 5000 Προέλευση: MSExchangeIS Κατηγορία: Γενικά Τύπος: σφάλμα Περιγραφή: Δεν είναι δυνατή Η προετοιμασία της υπηρεσίας Microsoft Exchange Information Store. -Σφάλμα 0x96e. Αν προσπαθήσουμε να τα ξεκινήσουμε manual τα τα services θα ξεκινήσουν κανονικά .Το πρόβλημα αυτό οφείλετε στο ότι στον ίδιο server SBS2008/2011 που έχουμε τον exchange server έχουμε και τον Global Catalog tou Domain μας Υπάρχει λύση σε αυτό πρόβλημα στο παρακάτω άρθρο KB article που έχει ανακοινωθεί από την ομάδα του exchange server , στο άρθρο όπως θα δείτε υπάρχουν 4 λύσεις Για τον sbs προτείνετε σαν best practice η 2 και η 3 , και ειδικά την δεύτερη
  16. H λυση σου ειναι ενας TMG η ενα XTM πολλαπλες γραμμες και φυσικα Θα προσθέσεις redundancy & high availability και λιγοτερη δουλεια γιατι θα εχεις κεντρικη διαχειρηση , επισης θα εχεις logs που θα μπορεις να βγαλεις αν κατι τρεχει στο δικτυο σου .......................
  17. Δες εδω , θα μπορεσεις να εχεις τους top senders from your system , με την βοηθεια των Log Parser queries http://blogs.technet.com/b/exchange/archive/2007/11/28/3404414.aspx
  18. Καλό θα είναι αν στο επιτρέπει το hardware σου το νέο –νεα storage group και οι βάσεις που θα φτιάξεις να είναι σε διαφορετικό δίσκο , σε άλλο raid controller <?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /> To αν θα σβήσεις την παλιά σου βάση εξαρτάται από το αν θα μεταφέρεις όλα τα mailbox σε νέα storage group και σε νέες βάσεις ,είναι καθαρά διαδικαστικό το θέμα σου και ανάλογος το τι hardware έχεις Επίσης μπορεί κατά την μεταφορά να έχεις θέμα με corrupt items που ενδεχομένως να έχεις στα mail box σου αν έχεις φυσικά Για το θεμα του disaster αναλόγως τι exchange έχεις και διαφορετικές επιλογές, Exchange 2010 με DAG ,exchange 2007 LCR ή CCR. Ο exchange σου είναι VM η φυσικός , είναι και αυτό μια σημαντική παράμετρος , γενικά πάντως ο σχεδιασμός ενός disaster recovery είναι κάτι που χρειάζεται αρκετή ανάλυση και πληροφορίες για την υποδομή σου , τις ανάγκες τις εταιρείας σου για business continuity ,etc
  19. Σε αυτό το άρθρο θα έχουμε μια πρώτη γνωριμία με το Remote Web Access (RWA) του SBS2011 To Remote Web Workplace (RWW) υπάρχει από τον sbs2003 και δίνει την δυνατότητα σε απομακρυσμένους χρήστες να μπορούν να συνδεθούν στο δίκτυο τους να έχουν πρόσβαση στα email τους , στον υπολογιστή τους , στα share points και όλα αυτά χωρίς την ανάγκη κάποιου client για vpn access Στον Windows Small Business Server (SBS) 2011 Standard, το νέο όνομα για το RWW is RWA(Remote Web Access), με το νέο Remote Web Access έχουμε μεγαλύτερο usability, δυνατότητες customizations και additional features όπως το file sharing. Για να μπορούμε να συνδεθούμε στο Remote Web Access του Windows Small Business Server (SBS) 2011 θα πρέπει να έχουμε TCP 443 and TCP 987 να είναι ανοιχτές από το hardware firewall Clients are running Internet Explorer 6.0 SP2 η νεότερο The RDP 6.1 or higher να είναι εγκατεστημένο στο client machine Ο client θα πρέπει να εχει trust το SSL certificate που είναι εγκατεστημένο on the Default Web Site The client θα πρέπει να συνδεθεί χρησιμοποιώντας το ακριβές URL που υπάρχει στο common name του certificate (συνήθως remote.domaincomapny.conm) User Interface Το user interface το βλέπουμε παρακάτω ,χρησιμοποιεί Forms Based Authentication όπως και οι προηγούμενες εκδόσεις Μόλις δώσουμε τα στοιχεία μας θα δούμε μια σελίδα που βασίζετε στα δικαιώματα και τις προτιμήσεις που έχει ο χρήστης Από αυτή την κεντρική τοποθεσία μπορούμε να Να Δούμε τα email μας με το OWA Να έχουμε πλήρες πρόσβαση στο Internal Web Site (Companyweb) Να έχουμε πλήρες πρόσβαση στα Shared Folders – αυτό δεν υπάρχει στον sbs2003 –sbs2008 είναι νέο feature του SBS 2011 Να έχουμε πλήρες πρόσβαση στα εσωτερικά computers Δυνατότητα να μπορούμε να αλλάξουμε το δικό μας domain password Να έχουμε πλήρες πρόσβαση στα Access Organizational and Administrative Links (ανάλογα των δικαιωμάτων που έχει ο χρήστης RWA Gadget Μπορούμε να κόψουμε δυνατότητες από το RWA αλλα ότι αλλάζουμε στο RWA Home page links επηρεάζει όλους τους χρήστες μας Web Access Properties από Windows SBS Console > Shared Folders and Web Sites tab > Web Sites Αν ο χρήστης μας είναι μέλος του Windows SBS Admin Tools Group θα βλεπει και τα the Administrative Links list. Αν θέλουμε να αλλάξουμε κάτι θα πρέπει να πάμε στο Remote web access link properties και να δώσουμε ανάλογα δικαιώματα .
  20. Η λύση σου εφόσον εχεις sbs2003 είναι να παίξεις με ETRN από κάποιον ISP provider , υπάρχουν πιστεύω στην ελληνική αγορά λύσεις που θα σε ικανοποιήσουν <?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
  21. οπως παντα μας φερνεις τα καλυτερα νεα
  22. Ανακοινώθηκε χτες 10/05/2011 ένα πρόβλημα που άφορα την υπηρεσία Windows Internet Name Service (WINS) για τους windows server 2003 & windows server 2008 H συγκεκριμένη υπηρεσία πάσχει από memory corruption που μπορεί να προκληθεί όταν σταλούν πειραγμένα πακέτα wins στον server μας , το αποτέλεσμα είναι να αποκτήσει ο επιτιθέμενος δυνατότητα να εκτελέσει εντολές με SYSTEM privileges, δηλαδή πλήρες έλεγχο του συστήματος Η συγκεκριμένη υπηρεσία δεν είναι ενεργοποιημένη από default αλλά σε πολλά δίκτυα την εγκαθιστούμε εμείς Τρόπος Αντιμετώπισης Κλείνουμε από το Firewall την πόρτα TCP /UDP 42 , με αυτό τον τρόπο περιορίζουμε το τυχόν πρόβλημα στο εσωτερικό μας δίκτυο · Και κατεβάζουμε τα ανάλογα update .H Microsoft έχει ανακοινώσει λύση με το παρακάτω Microsoft Security Bulletin MS11-034 MS11-035: · For Windows Server 2003 (w/SP2) · For Windows Server 2003 x64 (w/SP2) · For Windows Server 2003 Itanium (w/SP2) · For Windows Server 2008 (w/SP2) For Windows Server 2008 x64 (w/SP2)
×
×
  • Create New...