SCUP and Flash

I deployed Adobe Flash 10.1 through System Center UpdatesPublisher (SCUP).  Its kind of sad how excited this makes me. SCUP is a framework that allows you to integrate third-party update deployment into your SCCM/WSUS server.   Companies can provide a CAB file that you import into SCUP, approve updates and publish them to your SCCM server.  …

Continue reading ‘SCUP and Flash’ »

50 Percent of Enterprise XP running SP2

According to Qualys, 50% of enterprise Windows XP computers are still running Service Pack 2. This was reported by Byron Acohido in a USA Today article. This matters because MIcosoft will stop providing security patches for computers with this service pack in July. If you’re running XP, you must have service pack 3 to continue …

Continue reading ‘50 Percent of Enterprise XP running SP2’ »

Patch Tuesday

Here’s a roundup of patch Tuesday. Microsoft Patches There are two patches this month from Microsoft. One in Outlook Express/Microsoft Mail. One in Microsoft Visual Basic for Applications Adobe released an update for ColdFusion. A security update for Shockwave. This one is listed as critical. Not a bang-your-head-on-the-desk as last month, but I could have …

Continue reading ‘Patch Tuesday’ »

BitLocker vs Third Party FDE

Like many organizations, we skipped Vista. So with Windows 7 we are facing the question “is Windows 7 good enough” or do we still need to pay for a third-party full disk encryption (FDE) product. This question was asked back in 2006 at the SANS Desktop Encryption Summit. The FDE vender’s felt their product was …

Continue reading ‘BitLocker vs Third Party FDE’ »

Messege Encoding and Blackberry

Last week a user reported trouble reading a message on his blackberry. He would get an error “This S\MIME message was formatted using an encoding that is not supported on handheld.” He could still read the message correctly in Outlook 2007 and in Outlook Web Access. It turned out the commonality to the problem was …

Continue reading ‘Messege Encoding and Blackberry’ »

Zscaler protects against IE Zero Day

On Tuesday, as seems to be the custom, Microsoft released patches and announced a new zero day in Internet Explorer. MSKB 981374 is a remote code execution in IE6 and IE7. Who know that being on IE5 could ever be a good thing. The KB says Microsoft released details to venders in their Microsoft Active …

Continue reading ‘Zscaler protects against IE Zero Day’ »

Microsoft Security Advisory for Flash

Microsoft published a security bulletin for Flash 6 which is included in Windows XP. MSKB 979267 recommends removing Flash 6 and installing the latest version of Flash from Adobe. Maybe its just me, but I think since Microsoft included Flash 6 in the default XP install, shouldn’t they be responsible for patching it? Flash should …

Continue reading ‘Microsoft Security Advisory for Flash’ »

MS09-031 Authentication Bypass

I was reading this morning about an ISA authentication bypass that effects a very specific configuration scenario. (Doesn’t effect my setup). Read more about it on the ISA blog. It put a smile on my face to think that somewhere Thomas Shinder is kicking a hole in a wall.