Category Archives: Microsoft

Microsoft Patch Tuesday – June 2018

Microsoft has released its monthly security advisories for vulnerabilities that have been identified and addressed in various Microsoft products. This month’s advisory release addresses 50 flaws, with 11 of them rated “critical,” and 39 rated “important.” These vulnerabilities impact Microsoft Edge, Internet Explorer, Chakra Scripting Engine, Windows DNSAPI, Microsoft Office, Windows Kernel and more.

In addition to the 50 vulnerabilities referenced above, Microsoft has also released a critical update advisory, ADV180014, the June 2018 Adobe Flash Security Update, which addresses the vulnerabilities described in the security bulletin.

Critical Vulnerabilities

This month, Microsoft is addressing 11 vulnerabilities that are rated “critical.” Talos believes these three vulnerabilities in particular are notable and require prompt attention.

CVE-2018-8225 – Windows DNSAPI Remote Code Execution Vulnerability

A remote code vulnerability is present within Windows DNS. This vulnerability manifests due to DNSAPI.dll improperly handling DNS responses. This vulnerability could allow a remote attacker to execute arbitrary code within the context of the LocalSystem account on affected systems. An attacker could leverage a malicious DNS server and send specially crafted DNS responses to trigger this vulnerability.

CVE-2018-8229 – Chakra Scripting Engine Memory Corruption Vulnerability

A remote code execution vulnerability is present within Microsoft Scripting Engine. This vulnerability manifests due to the Chakra engine improperly handling objects in memory. This vulnerability could be leveraged by attackers to execute arbitrary code on affected systems within the context of the current user. This vulnerability could be leveraged in web-based attacks where a user is convinced to visit a web page that has been specially crafted to exploit this vulnerability. This could be in the form of an attacker controlled webpage, or simply a page that hosts external content, such as advertisements.

CVE-2018-8267 – Scripting Engine Memory Corruption Vulnerability

A remote code execution vulnerability is present within Microsoft Scripting Engine. THis vulnerability manifests due to scripting engine not properly handling objects in memory in Internet Explorer. This vulnerability could be leveraged by attackers to execute arbitrary code on affected systems within the context of the current user. This vulnerability was publicly disclosed prior to a patch being made available.

Other vulnerabilities deemed “critical” are listed below:

Important vulnerabilities

This month, Microsoft is addressing 39 vulnerabilities that are rated “important.” One of these vulnerabilities is TALOS-2018-0545, which was assigned CVE-2018-8210. This vulnerability is a Windows remote code execution flaw that was discovered by Marcin Noga of Cisco Talos. Additional information related to this vulnerability can be found in the advisory report here.

Additionally, Talos believes the following vulnerability is notable and requires prompt attention.

CVE-2018-8227 – Chakra Scripting Engine Memory Corruption Vulnerability

A remote code execution vulnerability is present within the Microsoft Scripting Engine. This vulnerability manifests due to the Chakra engine improperly handling objects in memory. This vulnerability could be leveraged by attackers to execute arbitrary code on affected systems within the context of the current user. This vulnerability could be leveraged in web-based attacks where a user is convinced to visit a web page that has been specially crafted to exploit this vulnerability. This could be in the form of an attacker controlled webpage, or simply a page that hosts external content, such as advertisements.

Other vulnerabilities deemed “important” are listed below:





Duncan is a technology professional with over 20 years experience of working in various IT roles. He also has a wide range of other skills in radio, electronics and telecommunications.

Windows Server 2019 – Now Available In Preview

Windows Server 2019 is built on the strong foundation of Windows Server 2016 – which continues to see great momentum in customer adoption. Windows Server 2016 is the fastest adopted version of Windows Server, ever! Microsoft have been busy since its launch at Ignite 2016 drawing insights from your feedback and product telemetry to make this release even better.

They spent a lot of time with customers to understand the future challenges and where the industry is going. Four themes were consistent – Hybrid, Security, Application Platform, and Hyper-converged infrastructure. They will bring numerous innovations on these four themes in Windows Server 2019.

Windows Server 2019 will also aim to reduce the Server Core base container image down by a third from 5GB which should improve performance for developers using containers.

Windows Defender Advanced Threat Protection is being embedded into the operating system. The benefit of this is that it provides customers with access to deep kernel and memory sensors to improve anti-tampering and faster response time to new threats.

There is also greater support for Linux with the addition of Shielded Virtual Machines, which is a security measure that has been implemented in Hyper V since Windows Server 2016. And Microsoft is adding support for the Windows Subsystem on Linux, which makes it possible to run both Linux and Windows containers together.

Microsoft introduced its Project Honolulu, a browser-based management app, back in September 2017 and now, according to the company Windows Server 2019 and Project Honolulu will work together in order to allow administrators to integrate existing apps and infrastructure with Azure Backup and Azure File Sync. Microsoft will also enable Project Honolulu to work together with Windows Server 2019 as a control dashboard for HCI deployments.

The preview build is available now to Windows Insiders  This is the semiannual channel release form of the server, is labeled “build 17623,” according to Microsoft’s Windows Insider program announcement. The preview is good until July 2, 2018. It’s activated using common keys for either the Standard or Datacenter edition.  Testers must have already registered as an Insider participant,  that can be accomplished here.




Frequently asked questions

Q: When will Windows Server 2019 be generally available?

A: It will be generally available in the second half of calendar year 2018.

Q: Is Windows Server 2019 a Long-Term Servicing Channel (LTSC) release?

A: Windows Server 2019 will mark the next release in our Long-Term Servicing Channel. LTSC continues to be the recommended version of Windows Server for most of the infrastructure scenarios, including workloads like Microsoft SQL Server, Microsoft SharePoint, and Windows Server Software-defined solutions.

Q: What are the installation options available for Windows Server 2019?

A: As an LTSC release Windows Server 2019 provides the Server with Desktop Experience and Server Core installation options – in contrast to the Semi-Annual Channel that provides only the Server Core installation option and Nano Server as a container image. This will ensure application compatibility for existing workloads.

Q: Will there be a Semi-Annual Channel release at the same time as Windows Server 2019?

A: Yes. The Semi-Annual Channel release scheduled to go at the same time as Windows Server 2019 will bring container innovations and will follow the regular support lifecycle for Semi-Annual Channel releases – 18 months.

Q: Does Windows Server 2019 have the same licensing model as Windows Server 2016?

A: Yes. Check more information on how to license Windows Server 2016 today in the Windows Server Pricing page. It is highly likely we will increase pricing for Windows Server Client Access Licensing (CAL). We will provide more details when available.





Duncan is a technology professional with over 20 years experience of working in various IT roles. He also has a wide range of other skills in radio, electronics and telecommunications.

Windows 10 Version 1507 Will No Longer Receive Security Updates

Duncan is a technology professional with over 20 years experience of working in various IT roles. He also has a wide range of other skills in radio, electronics and telecommunications.

Microsoft Word 2007 Update KB4011608

Microsoft Word 2007 update KB4011608 is a security update that resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Microsoft Common Vulnerabilities and Exposures ADV170021.

This security update replaces the previously released update KB 4011266.

Note To apply this security update, you must have the release version of Service Pack 3 for the 2007 Microsoft Office Suite installed on the computer.

How to get and install the update

Method 1: Microsoft Update

This update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see Windows Update: FAQ.

Method 2: Microsoft Update Catalog

To get the stand-alone package for this update, go to the Microsoft Update Catalog website.

Method 3: Microsoft Download Center

You can get the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.

Download the security update KB4011608 for the 32-bit version of Word 2007



Duncan is a technology professional with over 20 years experience of working in various IT roles. He also has a wide range of other skills in radio, electronics and telecommunications.

Windows 10 Creators Update (Version 1709) Release Date

Windows 10 Fall Creators Update (Version 1709) will be available worldwide on October 17th 2017.

This marks the fourth major update to Windows 10, and it brings with it a whole host of features to ensure that anyone can express their creativity.

For starters, Windows Inking is better than ever, allowing you to annotate PDFs to make sharing comments easier. Smart Ink also uses AI to automatically create shapes and tables based on your doodles, and an all new Windows Find my Pen feature lets you track down your Pen if it’s fallen down the side of the couch.

Other new features in the update include a revamped Photos app which can deliver remixed experiences for telling your stories with photos, videos, music, 3D and inking, while OneDrive Files On-Demand allows you to access cloud files like any other file on your PC, without eating into your local storage space.




Gaming also makes up a large part of the update thanks to Game Mode, which allows your games to use the full processing power of your device as if it were an Xbox console, at the click of a button on the new Game bar.

Security, which is now more important than ever, also gets a boost in the form of an updated Windows Defender, powered by cloud intelligence that provides new defences against ransomware and exploits.

Accessibility has also been updated, with an incredible new Eye Control feature which uses eye-tracking technology that lets you type and use a mouse using nothing but your eyes.

This update is known as Version 1709 (Fall Creators Update) codenamed “Redstone 3”, it is the fourth major update to Windows 10 and the third of the four major updates planned under the Redstone codenames.





Duncan is a technology professional with over 20 years experience of working in various IT roles. He also has a wide range of other skills in radio, electronics and telecommunications.

Microsoft Releases Azure Stack

Microsoft has expanded its cloud service by letting companies enjoy all the benefits of Azure within their own data centres.

Azure Stack has been rolled out across the world, and allows developers to create and run applications on their own servers but use all the Azure tools that cloud-only professionals enjoy.

The service will appeal to companies that have a so-called hybrid model – using servers on their own premises as well as Microsoft’s cloud. Using Azure Stack will cut latency and connectivity issues as data is processed on-site, rather than online. It will also allow certain industries – such as banking or healthcare – to meet regulations or policy requirements regarding uploading data to the cloud.





“Azure Stack is an extension of Azure, thereby enabling a truly consistent hybrid cloud platform,” Mike Neil, Corporate Vice-President of Azure Infrastructure and Management Consistency, wrote in a blog post. “Consistency removes hybrid cloud complexity, which helps you maximize your investments across cloud and on-premises environments. Consistency enables you to build and deploy applications using the exact same approach – same APIs, same DevOps tools, same portal – leading to increased developer productivity. Consistency enables you to develop cloud applications faster by building on Azure Marketplace application components. Consistency enables you to confidently invest in people and processes knowing that those are fully transferable.

“The ability to run consistent Azure services on-premises gets you full flexibility to decide where applications and workloads should reside. An integrated systems-based delivery model ensures that you can focus on what matters to your business (i.e., your applications), while also enabling us to deliver Azure innovation to you faster.”

Microsoft announced the release of Azure Stack at Inspire, the company’s annual partner conference. Customers can order the solution from Dell EMC, HPE and Lenovo, with the first systems shipping in September.

Microsoft has adopted “pay-as-you-use” and capacity-based models for the new service. Azure storage starts at £0.005 a month, virtual machines are available from £0.006 an hour and the App Service costs £0.042 an hour.

Saxo Bank, the Danish firm that specializes in online trading and investment, uses Azure Stack because of its flexible model, while ICT group Mitsui Knowledge Industry adopted the service to modernize its applications. The fact Azure Stack addresses connectivity issues means it is also proving popular for operators of factories, cruise ships and mines.

Azure Stack users can choose to have the service delivered and managed for them via multiple partners, including Avanade, Daisy, Evry, Rackspace and Tieto.

You can try Azure Stack for free as a single-server deployment. Click here for further information.

Microsoft is one of the biggest cloud operators, with more than 40 Azure regions across the world. Around 90% of the 500 largest companies in the US use Microsoft’s cloud, and 120,000 new Azure subscriptions are logged every month.

Story via Microsoft



 

Duncan is a technology professional with over 20 years experience of working in various IT roles. He also has a wide range of other skills in radio, electronics and telecommunications.