Monday 21 October 2013

DELL Webcast: How automation rescues a stalled migration to Windows 7/8

IT environments need to continuously change to keep pace with updated applications and new technology; meaning, business partners (like you) are constantly under pressure to deliver cost-effective solutions. 
In this webcast, you’ll learn how to better manage each customer’s application estate for a successful migration from WindowsĂ’ XP to Windows 7/8, and still meet your SLAs by reducing costs and improving efficiency.

Join us for this live 60-minute webcast, where you’ll see how DellĂ’ Software solutions can help you:
  • Meet your SLAs and reduce post-deployment failures.
  • Speed up testing, fixing and converting of applications by 50 percent through automation.
  • Easily convert legacy applications into Standard Windows Installers (MSIs) in minutes.
  • Identify which applications can be virtualized within seconds.
  • Get point-in-time information through Dashboard views.
Plus, learn about the exciting new re-architected version of ChangeBASE (v6.0).

Register Now >>

Thursday 10 October 2013

Microsoft Patch Tuesday: October 2013

Executive Summary

With this October Microsoft Patch Tuesday update, we see a set of 8 updates; 4 of which are marked as “Critical” and 4 rated as “Important”.

The Patch Tuesday Security Update analysis was performed by the Dell ChangeBASE Patch Impact team and identified a small percentage of applications from the thousands of applications included in testing for this release which showed amber issues.

Of the eight patches, 3 "require a restart to load correctly",  and 4 "may require a restart", leaving only one which claims it doesn't need a restart -  so the usual advice is that it is probably best to assume all require a restart to be installed correctly.


Sample Results 

Here are two sample results showing amber warnings generated as a result of patches MS13-080 and MS13-083.





Here is a Sample Summary report:


Testing Summary






Security Update Detailed Summary


MS13-080
Cumulative Security Update for Internet Explorer (KB2879017)
Description
This security update resolves one publicly disclosed vulnerability and nine privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the most severe of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Payload
Browseui.dll, Html.iec, Ieencode.dll, Iepeers.dll, Mshtml.dll, Mshtmled.dll, Mstime.dll, Shdocvw.dll, Tdc.ocx, Url.dll, Urlmon.dll, Vgx.dll, Wininet.dll
Impact
Critical - Remote Code Execution

MS13-081
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (KB2870008)
Description
This security update resolves seven privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow remote code execution if a user views shared content that embeds OpenType or TrueType font files. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system.
Payload
Atmfd.dll
Impact
Critical - Remote Code Execution

MS13-082
Vulnerabilities in .NET Framework Could Allow Remote Code Execution (KB2878890)
Description
This security update resolves two privately reported vulnerabilities and one publicly disclosed vulnerability in Microsoft .NET Framework. The most severe of the vulnerabilities could allow remote code execution if a user visits a website containing a specially crafted OpenType font (OTF) file using a browser capable of instantiating XBAP applications.
Payload
No specific file payload
Impact
Critical - Remote Code Execution

MS13-083
Vulnerability in Windows Common Control Library Could Allow Remote Code Execution (KB2864058)
Description
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends a specially crafted web request to an ASP.NET web application running on an affected system. An attacker could exploit this vulnerability without authentication to run arbitrary code.
Payload
Comctl32.dll, Controls.man, Wcomctl32.dll
Impact
Critical - Remote Code Execution

MS13-084
Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (KB2885089)
Description
This security update resolves two privately reported vulnerabilities in Microsoft Office server software. The most severe vulnerability could allow remote code execution if a user opens a specially crafted Office file in an affected version of Microsoft SharePoint Server, Microsoft Office Services, or Web Apps.
Payload
Svrsetup.exe, Wsssetup.dll, Bform.js_1025, Form.js_1025, Rgnlstng.xml_1025, Bform.js_1026, Form.js_1026, Rgnlstng.xml_1026, Bform.js_1027, Form.js_1027, Rgnlstng.xml_1027, Bform.js_1029, Form.js_1029, Rgnlstng.xml_1029, Rgnlstng.xml_1106, Bform.js_1030, Form.js_1030, Rgnlstng.xml_1030, Stsomr.dll_1030, Bform.js_1031, Form.js_1031, Rgnlstng.xml_1031, Bform.js_1032, Form.js_1032, Rgnlstng.xml_1032, Bform.js_1033, Form.js_1033, Rgnlstng.xml_1033, Bform.js_3082, Form.js_3082, Rgnlstng.xml_3082, Bform.js_1061, Form.js_1061, Rgnlstng.xml_1061, Bform.js_1035, Form.js_1035, Rgnlstng.xml_1035, Bform.js_1036, Form.js_1036, Rgnlstng.xml_1036, Avreport.htm_2108, Bpstd.asx_2108, Calendar.css_2108, Core.css_2108, Core.rsx_2108, Datepick.css_2108, Error.htm_2108, Filedlg.htm_0011_2108, Fontdlg.htm_2108, Help.css_2108, Iframe.htm_2108, Instable.htm_2108, Irmrept.htm_2108, Isswfresources_llcc.resx_2108, Menu.css_2108, Mssmsg.dll_0001.x86.2108, Owsnocr.css_2108, Rgnlstng.xml_2108, Selcolor.htm_2108, Spadminlcid.rsx_2108, Spmsg.dll_2108, Spstd1.asx_0001_2108, Spstd2.asx_0001_2108, Spstd3.asx_2108, Spstd4.asx_2108, Spstd5.asx_2108, Spstd6.asx_2108, Spstd7.asx_2108, Spstd8.asx_2108, Spthemes.xml_2108, Stsomr.dll_2108, Workflowactions_intl_resources.dll_2108, Workflows_intl_resources.dll_2108, Wsetupui.dll_2108, Wss.intl.res.dll.x86.2108, Wss.search.oob.sql.x86.2108, Wss.srchadm.rsx.x86.2108, Wsslcid.rsx_2108, _basicpg.htm_2108, _wppage.htm_2108, Bform.js_1037, Form.js_1037, Rgnlstng.xml_1037, Bform.js_1081, Form.js_1081, Rgnlstng.xml_1081, Bform.js_1050, Form.js_1050, Rgnlstng.xml_1050, Bform.js_1038, Form.js_1038, Rgnlstng.xml_1038, Stsomr.dll_1038, Bform.js_1040, Form.js_1040, Rgnlstng.xml_1040, Bform.js_1041, Form.js_1041, Rgnlstng.xml_1041, Bform.js_1087, Form.js_1087, Rgnlstng.xml_1087, Bform.js_1042, Form.js_1042, Rgnlstng.xml_1042, Bform.js_1063, Form.js_1063, Rgnlstng.xml_1063, Bform.js_1062, Form.js_1062, Rgnlstng.xml_1062, Rgnlstng.xml_1071, Rgnlstng.xml_1086, Bform.js_1044, Form.js_1044, Rgnlstng.xml_1044, Bform.js_1043, Form.js_1043, Rgnlstng.xml_1043, Bform.js_1045, Form.js_1045, Rgnlstng.xml_1045, Bform.js_1046, Form.js_1046, Rgnlstng.xml_1046, Stsomr.dll_1046, Bform.js_2070, Form.js_2070, Rgnlstng.xml_2070, Bform.js_1048, Form.js_1048, Rgnlstng.xml_1048, Bform.js_1049, Form.js_1049, Rgnlstng.xml_1049, Bform.js_1051, Form.js_1051, Rgnlstng.xml_1051, Bform.js_1060, Form.js_1060, Rgnlstng.xml_1060, Bform.js_2074, Form.js_2074, Rgnlstng.xml_2074, Bform.js_1053, Form.js_1053, Rgnlstng.xml_1053, Bform.js_1054, Form.js_1054, Rgnlstng.xml_1054, Bform.js_1055, Form.js_1055, Rgnlstng.xml_1055, Stsomr.dll_1055, Bform.js_1058, Form.js_1058, Rgnlstng.xml_1058, Bform.js_1066, Form.js_1066, Rgnlstng.xml_1066, Bform.js_2052, Form.js_2052, Rgnlstng.xml_2052, Bform.js_1028, Form.js_1028, Rgnlstng.xml_1028
Impact
Important - Remote Code Execution

MS13-085
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (KB2885080)
Description
This security update resolves two privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Office file with an affected version of Microsoft Excel or other affected Microsoft Office software. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Payload
Excel.exe
Impact
Important - Remote Code Execution

MS13-086
Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (KB2885084)
Description
This security update resolves two privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a specially crafted file is opened in an affected version of Microsoft Word or other affected Microsoft Office software. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Payload
Winword.exe, Wwlib.dll
Impact
Important - Remote Code Execution

MS13-087
Vulnerability in Silverlight Could Allow Information Disclosure (KB2890788)
Description
This security update resolves a privately reported vulnerability in Microsoft Silverlight. The vulnerability could allow information disclosure if an attacker hosts a website that contains a specially crafted Silverlight application that could exploit this vulnerability and then convinces a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. Such websites could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit a website. Instead, an attacker would have to convince users to visit a website, typically by getting them to click a link in an email message or in an Instant Messenger message that takes them to the attacker's website. It could also be possible to display specially crafted web content by using banner advertisements or by using other methods to deliver web content to affected systems.
Payload
Silverlight_developer_x64.exe, Silverlight_x64.exe
Impact
Important - Information Disclosure

* All results are based on the ChangeBASE Application Compatibility Lab’s test portfolio of over 3,000 applications


Monday 7 October 2013

Online Webinars from DELL Software Group

Loads going on at the moment - and, you will see that the DELL Software Group (DSG) has some great online web sessions and demos dealing with Identity and Access Management (IAM) and of course Windows migrations.

Hare some of the sessions scheduled for the next few weeks;

Online Webinars:
Addressing the Multi Device Reality: Unified Endpoint Management
Did you know that 87% of business device users rely on a PC and at least one mobile device to get their jobs done? Or that one out of eight mobile devices will be lost or stolen? This webinar will discuss the realities of multi-device proliferation and the need for such core considerations as data loss protection and BYOD policies.  There will also be demonstrations of the latest release of the Dell KACE K3000 Mobile Management Appliance. 

Webcast:
 Understanding the 7 Building Blocks of IAM 
This webinar aims to help customers and prospects to understand the relationship between these core components of identity and access management (IAM) in order to make their organization more compliant, productive and secure. Security expert Randy Franklin Smith teaches about the most effective IAM strategies he’s observed over the years. Then Dell Software’s Jason Remillard discusses advances in IAM technology, and how risk analysis needs to be built into decisions and processes.
 View this webcast on demand.

Dell Endpoint Systems Management – Live Demo in your language
Dell Endpoint Systems Management offers comprehensive systems management tools through Dell KACE System Management Appliances and Dell User Workspace Management software: Dell Desktop Authority and Dell vWorkspace. Both empower IT organizations and enhance user productivity.
Register here – available weekly
graphic

Windows Migration with Dell Software
This seminar is held in collaboration with Microsoft and will show how Dell Software can improve the accuracy and efficiency of applications while reducing the risks and costs associated with migration.
  
Information Management Roadshows
Showcasing Information Management’s end to end solutions for data management, integration and analysis, these roadshows will feature Toad, SharePlex and the new Toad BI Suite.
  
Governance and Auditing: Responding to Compliance Issues
At this breakfast seminar we will discuss how to achieve compliance and IT governance with the help of Dell Software
Boulogne – 18 October

Migration Seminar
Learn more about Dell Software migration solutions and how to ensure a ZeroIMPACT migration, consolidation or restructuring.Paris – 18 October
  
Exchange Migration Technology Breakfast
At this breakfast seminar, our product specialists will discuss how Dell Software & Dell Services can help to ensure a smooth and successful Exchange migration.
Madrid – 23 October