Wednesday 28 September 2011

Linkbait: September 2011 - Industry News and Views

My colleague Carl has compiled a list of interesting links and news bulletins that may interest you. I always find these links worth at least a quick skim - so, have a read.


Platform News
It is not just WindowsXP that is due to be unsupported in the near future, Office 2003, Windows Server 2003, Exchange 2003, SCCM 2003 are on their way out too
Control multiple computers with one keyboard and mouse without a KVM with a new Microsoft tool.
Have you ever wondered where the XP default wallpaper was photographed? The story goes that the grapes normally growing in the California valley had a disease that year and grass was growing instead.

Virtualisation News
ThinApp is on a new version, 4.6.2 with all kinds of new improvements and extra compatibility.
Funky 1970s Microsoft video taking a shot at VMWare.
Lots of new images of prebuilt VMs are available for download

Windows 8 News and Rumours
An incomplete developer preview of Windows 8 and Windows Server 8 has been released at //build/ conference, 500,000 people downloaded it in the 1st 24 hours, it has already began receiving updates
The official Windows 8 forums are at http://win8.ms/forums
There were 300+ features that were not shown at the conference.
Hyper-V is included in the workstation release
It doesn’t work in all virtual environments.
A Microsoft engineering blog dedicated to building (hype about) Windows 8 featuring videos, interviews and stories
Windows 8 boots differently and faster than Windows 7, here’s how it works.
Windows 8 may include phone capabilities.
Many of the new features requiring a touch screen have been tested on older computers.
You can boot off a USB stick, but what happens if you take it out?

Internet Buzz

Browser News
IE 9 and 10 now get 100% on the ACID3 test because the criteria have been lowered.
A widely-reported story about Internet Explorer users being stupid was a hoax

Office News
Learn best-practices in Outlook with this free online course of videos.
Amiproject is a very impressive-looking online viewer for MS Project files.

Packaging News
InstallShield 2012 has been released, meh.
All dedicated packagers should see the new Bruce Willis movie called “Setup
Windows 8’s MSI is barely changed



Monday 26 September 2011

Internet Explorer 9 in the Enterprise

Just a quick note today. As you have seen, we have busy working on Internet Explorer 9 compatibility issues with the release of our AOK IE 9 Plugins.

As part of a larger series of white papers, webinars and pod-casts on Internet Explorer migrations and adoption, the ChangeBase team has created a good introduction to some of the challenges involved with browser migrations in large organizations, with particular reference to the organizational and technical challenges relating to the migration from IE6 to IE 9.

To help large organizations work through the IE 9 migration process this whitepaper walks through the following migration related challenges;

  1. What problems must be overcome in order to successfully migrate web-based applications?
  2. How do you take an application, designed for yesterday’s desktop environment, and make it work on tomorrow’s platform?
  3. What is the impact of migrating your current websites, browsers and intranet to IE9? 

For those interested in reading this whitepaper on Internet Explorer 9, please have a look at the following link on the ChangeBase website;  Considerations for Browser Migrations in the Enterprise.

And, speaking of pod-casts, we just finished recording a session with Chris Jackson last Friday on IE9, Windows 8 and Internet Explorer 10. Watch this space to find out more.



Thursday 15 September 2011

Making the leap to IE9

Some say the summer months are an opportunity to kick back, relax and take in what’s been going on in the world at large. It doesn’t seem to be that way at ChangeBASE though, our development team have been busier than ever and the professional services team are maxed out working with partners and their prospects to ensure the world of application compatibility is doing what it should.


Which in itself is nothing new for a rapidly growing company, but what has been interesting is the work they are doing around Internet Explorer 9 and getting web applications compatible with the browser. On average 20% of the Fortune 1000 and FTSE 500 companies we will be working with over the next 12 months are looking at deploying IE9 as part of their Windows 7 migration. What’s causing them issues is achieving compatibility and that has led us to revisit the AOK plug-in road map and bring forward some of our scheduled development.

Today we’re announcing AOK IE9 Report Group Plug-ins. In total we’ve developed fourteen plug-ins which address the presentation and operational issues surrounding web application compatibility to this browser. You can read the press release in full here, but in essence we’ve addressed the following issues;

IE9 Presentation Compatibility

The AOK IE9 Plug-ins addresses compatibility issues including; MIME Handling Analysis, Asian font, static text issues and CSS3 Declaration Compatibility. For all of these concerns, the AOK IE9 Plug-ins will test the web application against these known issues and report via the AOK Red Amber Green reporting structure all at the click of a button.

IE9 Operational Compatibility

Operational compatibility issues concern the way in which a web application behaves when accessed via the browser. In IE9 there are nine areas which can cause the web application to experience errors. These include compatibility issues around HTML syntax, attributes and properties, iFrames, JavaScript properties, framework and functions, and Deprecated DOM events. Again, in all of these errors the AOK IE9 plug-in will test and report on compatibility issues, illustrating the severity via the AOK Red Amber Green reports at a granular level.



To coincide with the release of the AOK IE9 Plug-in we’ve created a short video to give an overview of some of the challenges organisations are facing when it comes to web application compatibility and specifically IE9. In the video we also demonstrate the plug-ins so you can see for yourself how they work within the AOK Workbench. You can view the video here.


Check it out; it might just be the solution to your IE9 web application compatibility challenge.

Wednesday 14 September 2011

September 13th Microsoft Patch Tuesday Application Compatibility Report


With this September Microsoft Patch Tuesday update, we see again a relatively small set of updates in comparison to the lists of updates released by Microsoft in the previous months. In total there are five Microsoft Security Updates with the rating of Important. This is a minor update from Microsoft and the potential impact for the updates is likely to be moderate.



As part of the Patch Tuesday Security Update analysis performed by the ChangeBASE AOK team, we have seen very little cause for potential compatibility issues.



Given the nature of the changes and updates included in each of these patches, most systems will require a reboot to successfully implement any and all of the patches and updates released in this September Patch Tuesday release cycle.



Sample Results 1: MS11-070 Vulnerability in WINS Could Allow Elevation of Privilege





Sample Results 2: MS11-073 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution





Testing Summary



MS11-070 Vulnerability in WINS Could Allow Elevation of Privilege (2571621)

MS11-071 Vulnerability in Windows Components Could Allow Remote Code Execution (2570947)

MS11-072 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2587505)

MS11-073 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2587634)

MS11-074 Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2451858)



Sample Results 3: AOK Summary Report Sample from a small database



AOK RAG Summary

Security Update Detailed Summary

MS11-070 Vulnerability in WINS Could Allow Elevation of Privilege (2571621)

Description This security update resolves a privately reported vulnerability in the Windows Internet Name Service (WINS). The vulnerability could allow elevation of privilege if a user received a specially crafted WINS replication packet on an affected system running the WINS service. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.

Payload W03a3409.dll, Wins.exe, Winsevnt.dll, Ww03a3409.dll, Wwins.exe, Wwinsevnt.dll

Impact Important - Elevation of Privilege



MS11-071 Vulnerability in Windows Components Could Allow Remote Code Execution (2570947)

Description This security update resolves a publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a legitimate rich text format file (.rtf), text file (.txt), or Word document (.doc) that is located in the same network directory as a specially crafted dynamic link library (DLL) file. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Payload Imjpapi.dll

Impact Important - Remote Code Execution



MS11-072 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2587505)

Description This security update resolves five privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Installing and configuring Office File Validation (OFV) to prevent the opening of suspicious files blocks the attack vectors for exploiting the vulnerabilities described in CVE-2011-1986 and CVE-2011-1987.

Payload Excel.exe

Impact Important - Remote Code Execution



MS11-073 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2587634)

Description This security update resolves two privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Office file or if a user opens a legitimate Office file that is located in the same network directory as a specially crafted library file. An attacker who successfully exploited either of the vulnerabilities could gain the same user rights as the logged on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Payload Ietag.dll, Mso.dll

Impact Important - Remote Code Execution



MS11-074 Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2451858)

Description This security update resolves five privately reported vulnerabilities and one publicly disclosed vulnerability in Microsoft SharePoint and Windows SharePoint Services. The most severe vulnerabilities could allow elevation of privilege if a user clicked on a specially crafted URL or visited a specially crafted Web site. For the most severe vulnerabilities, Internet Explorer 8 and Internet Explorer 9 users browsing to a SharePoint site in the Internet Zone are at a reduced risk because, by default, the XSS Filter in Internet Explorer 8 and Internet Explorer 9 helps to block the attacks in the Internet Zone. The XSS Filter in Internet Explorer 8 and Internet Explorer 9, however, is not enabled by default in the Intranet Zone.

Payload Groove.exe, Groovedocumentsharetool.dll, Grooveutil.dll, Groovewebplatformservices.dll, Groovewebservices.dll

Impact Important - Elevation of Privilege



*All results are based on an AOK Application Compatibility Lab’s test portfolio of over 1,000 applications.