Desktop Management Software

MS Investigation on Vulnerability in MS word which could allow Remote Code Execution.

Here is a security advisory on MS word. Microsoft says it is still investigating the issue. Please check the alert and report in case you feel you have been attacked.

Microsoft is investigating new public reports of a possible vulnerability in Microsoft Office Word 2002 Service Pack 3. Our initial investigation indicates that customers who use all other supported versions of Microsoft Office Word, Microsoft Office Word Viewer, Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats, and Microsoft Office for Mac are not affected.

At this time, Microsoft is aware of limited, targeted attacks that attempt to use this vulnerability. While Microsoft Office Word 2000 does not appear vulnerable to this issue, Word 2000 may unexpectedly exit when opening a specially crafted .doc file that the attacker is using in an attempt to exploit the vulnerability.

Purpose of Advisory : To provide customers with initial notification of the publicly disclosed vulnerability. For more information see the “Workarounds” and “Suggested Actions” sections of the security advisory.

Advisory Status : The issue is currently under investigation.

Recommendation : Do not open or save Microsoft Office files that you receive from untrusted sources or that are received unexpectedly from trusted sources.

Affected Software : Microsoft Office Word 2002 Service Pack 3.

Customers who believe that they have been attacked can obtain security support at http://www.microsoft.com/protect/support/default.mspx and should contact the national law enforcement agency in their country. Customers in the United States can contact Customer Service and Support at no charge using the PC Safety hotline at 1-866-PCSAFETY. Additionally, customers in the United States should contact their local FBI office or report their situation at www.ic3.gov.

http://www.microsoft.com/technet/security/advisory/953635.mspx

Cheers
Romanus

End of sale for Windows XP has been announced.

Found this interesting letter from Bill Veghte, Senior Vice President,Microsoft Corporation, regarding the ‘End of Sale’ of Windows XP.

Today, more than 1 billion personal computers around the world run Windows. Over the years, Windows has been the catalyst for innovations that have transformed the way people communicate, access information, create and share content, and much more, at work and at home. Windows is the platform that most people use to get the greatest value and benefit from their personal computers. Windows is also the platform that brings together the broadest array of choices across PCs, devices and applications.

To all of our Windows customers, thank you!
To the hundreds of thousands of partners that develop millions of solutions for Windows, thank you.

It also deals about the VISTA and windows 7 views.

For more details on support life cycle

http://support.microsoft.com/lifecycle/?LN=en-gb&x=16&y=12&C2=1173

http://www.microsoft.com/windows/products/windowsxp/future.mspx

Cheers
Romanus

Hi Folks

Please find the latest hotfix available for Desktop Central 6.

Desktop Central Hotfix build : 60118
After the upgrade, you should see the server build number as 60118, and the agent version as 6.1.13. (so, wait for the agents to get upgraded automatically)

The instructions to install the hotfix is available in the forum announcement.

Desktop Central users are advised to install this hotfix which has the fix for CPU and Memory shoot-up in Inventory module.

cheers
Romanus

One more interesting read on Microsoft XP SP3 installation by Mark Dormer, MVP.

Windows XP SP3 breaks Windows Update

If you install XP SP3 on a clean SP2 box Windows Update will no longer work. Unless you have the newer Windows Update Agent 3.0 your stuck in a hole. There is no way to get it via AU or WU or MU only a manual installation can resolve the issue

1. Download the new Agent (but do not Run it yet) to your Desktop (so you can find it below) :

X86 Version Download.

2. Start, Run, CMD

In the black box:
net stop wuauserv
“%userprofile%\Desktop\WindowsUpdateAgent30-x86.exe” /wuforce (don’t forget the quotation marks)
net start wuauserv exit

The original post.

cheers

Romanus

Hi Folks

Here is the News (..actually a year old ) for the admins who don’t want the Service Packs to be rolled out to their network without their permission (especially SP3 for XP) .   Since most of us are concerned about the XP SP3 roll out, this may be of interest of many to ensure that SP3 doesn’t get through their network without their knowledge.   Microsoft has this tool (SPBlockerTools.EXE) in site for more than a year as i mentioned, which can block Service Pack installation which happens through Windows Updates.  This tool can be used to block (temporarily) the installation of SP updates.   It can block

• Windows Server 2003 Service Pack 2 (valid through March, 2008 - time elapsed)
• Windows XP Service Pack 3 (valid for 12 months following general availability)
• Windows Vista Service Pack 1 (valid for 12 months following general availability)

Here is the extract which talks about ‘How it works?‘

This toolkit contains three components. All of them function primarily to set or clear a specific registry key that is used to detect and block download of Service Packs from Windows Update. You only need to use the component which best serves your organization’s computer management infrastructure.

• A Microsoft-signed executable
• A script
• An ADM template

1. The executable creates a registry key on the computer on which it is run that blocks or unblocks (depending on the command-line option used) the delivery of a Service Pack to that computer through Windows Update. The key used is HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate.
   1. When the ‘/B’ command line option is used, the key value name ‘DoNotAllowSP’ is created and its value set to 1. This value blocks delivery of a Service Pack to the computer through Automatic Update or Windows Update.
   2. When the ‘/U’ command line option is used, the previously created registry value that temporarily blocked the delivery of a Service Pack to the computer through Automatic Update or Windows Update is removed. If the value does not exist on the computer on which it is run, no action is taken.
2. The script does the same thing as the executable, but allows you to specify the remote machine name on which to block or unblock delivery of Service Packs. Note that the executable and script have been tested only as a command-line tool and not in conjunction with other systems management tools or remote execution mechanisms.
3. The ADM template allows administrators to import group policy settings to block or unblock delivery of Service Packs into their Group Policy environment. Administrators can then use Group Policy to centrally execute the action across systems in their environment.

The SPBlockerToolKit can be downloaded from Microsoft.

Folks, importantly you’ll have to keep in mind that it will not prevent SP installs from DC/DVD, or from stand-alone downloads. It can only block SP installs through Windows Updates.

Cheers
Romanus

Desktop Central Technical Support Team

If you have any new feature request in Desktop Central, please post it in

http://roadmap.manageengine.com/index.php?category=DesktopCentral

This is the place customer can post and decide the priority the new features. Based on the number of votes the priority of the requirements can be decided. So I request all the users of Desktop Central to post their requirements here.

Thanks

Mathi