Application Compatibility Blog

Another form of Compatibility: Application Eco-systems

2012-01-31T22:25:00.000Z

A little while ago I was asked to present on the topic of application compatibility in a future multi-platform, multi-user, multi-device world. I agreed and started thinking about the "multi-multi-multi" problem that we are starting to enjoy the benefits from (think tables, mobile and desktop versions of the same application) and then about the technical challenges and getting things working across the the new "multi-multi-multi" or M3 reality.

And, by getting things working, I raise the bar somewhat and consider the following requirements for "getting things working" which includes;

- Deployment: automated, secure deployments with update and uninstall support

- Management: reporting, telemetry and access control

- Cohabitation: multiplatform support, application co-existence, services/data access and integration

This in effect means that applications install properly, work well on each platform and more challengingly (is this a word?) work well together. Interestingly, while I was treading around my RSS feeds, I found the following image describing the new battle ground in the multi-multi-multi universe;

I thought that this image was pretty apt - Not because it was accurate, more rather it represents a very narrow view of the coming challenges of multiple platforms and more importantly the increasing importance of multiple application eco-systems.

It's now all about ;

1) multiple platforms (hardware)

2) multiple devices (desktop, mobile, tablet)

and 3) multiple eco-systems. Yes, we have seen the spectacular rise of the Apple App store and with Microsoft strategically aping this approach, we will have at least a few distinct and most like non-compatibile application eco-systems.

As a final note on this, don't count Microsoft out yet as they has developed THE LARGEST application ecosystem over the past few decades and the Microsoft App store is very likely to build on that huge momentum for some time to come.

Windows 8: Some ARM Twisting for Legacy Applications

2012-01-24T17:01:00.000Z

As we have have heard for the last long while from Microsoft, application compatibility is key to their product development and a key feature of the Windows ecosystem (extended franchise model?) This was a huge issue for the release of Windows 7 (as evidenced by the creation of several companies successfully built on identifying and solving compatibility issues for clients) and will likely continue to be an issue for the release of Windows 8; for both versions. Meaning for separate platforms; INTEL and ARM.

This is the first time that Microsoft has released a version of their operating system for use on a non-Intel architecture and this move asks a number of questions;

Which applications will run on the new ARM platform?
Which applications will run on both?
Will the build and application deployment techniques and technology differ for each platform?

We are coming up to a big fork in the road for Microsoft: How is Microsoft going to ship and provide application support for the ARM Windows platform?

And, it already looks like we are seeing these two roads differ with the three nominated ARM-based Windows 8 vendors (Nvidia, Qualcomm and Texas Instruments) indicating that their customized versions would not be compatible with each other.

In addition, Renee James from Intel said about application compatibility and legacy support on ARM based Windows 8 system;

"upcoming versions of Windows that Microsoft will provide for ARM-based systems will not run "legacy" applications. "Our competitors will not be running legacy applications. Not now. Not ever,"

In addition, Renee added;

"There will be four Windows 8 SoCs for ARM. Each one will run for that specific ARM environment, and they will run new applications or cloud-based applications," "They are neither forward- nor backward-compatible between their own architecture – different generations of a single vendor – nor are they compatible across different vendors. Each one is a unique stack."

Wow! And I thought having to worry about deprecated API's, new file-systems and old middle-ware dependencies would be enough to keep interested Windows 8 application compatibility issues.

Having multiple platforms, multiple stacks, new input hardware (touch) and potentially zero support for legacy applications on some versions of Windows 8 will definitely increase the complexity number of compatibility issues for Windows 8.

Application Compatibility Experts - Don't quit now, Windows 8 is coming!

And, for further interesting further reading:

Will Windows 8 on ARM be an OEM-only product?

http://www.zdnet.com/blog/microsoft/will-windows-8-on-arm-be-an-oem-only-product/11682

Microsoft embraces ARM with Windows 8 Breaks Wintel fidelity

http://www.channelregister.co.uk/2011/01/05/windows_8_arm/

In case you have not heard about the ARM architecture and/or just need to know more, read here: http://en.wikipedia.org/wiki/ARM_architecture

Windows 8 - A New Filesystem is born - ReFS

2012-01-19T01:08:00.000Z

Microsoft has recently announced that Windows 8 Server and then Windows 8 (desktop?) will support a new file system called ReFS or Resilient File System. This will be the first low-level update of the desktop and server platform file systems for just over 10 years with the introduction of NTFS (New Technology File System) in 2000.

Some of the key benefits of this new FileSystem will include;

Maintain a high degree of compatibility with a subset of NTFS features that are widely adopted while deprecating others that provide limited value at the cost of system complexity and footprint.
Verify and auto-correct data.
Optimize for extreme scale.
Never take the file system offline.
Provide a full end-to-end resiliency architecture when used in conjunction with the Storage Spaces feature,

Some great ideas and once again, Microsoft has a strong focus on backward compatibility, and so compatibility deserves a space at the top of the new system's feature list.

You can read more about this new filesystem in the reference linked below, but I thought it was key to highlight some of the features that will not be supported by ReFS;

Named streams
Object IDs,
Short names
Compression
File level encryption (EFS)
User Data Transactions
Hard-linking,
Extended attributes, and quotas

I am sure as we learn more about these new filesystems and storage service offerings from Microsoft, we find to what extend deprecating these features and functionality will impact users and developers. To address some of these compatibility concerns Microsoft has offered an architectural diagram of how applications and services will operate with the ReFS compatibility layer.

Could the next compatibility challenge be related to how applications work with the underlying filesystem? I wonder how some virtualization vendors will be affected with their filesystem redirectors and virtual drivers.

References:

Building Windows 8

http://blogs.msdn.com/b/b8/archive/2012/01/16/building-the-next-generation-file-system-for-windows-refs.aspx

Check out Mary Jo Foley's view on this topic here:

http://www.zdnet.com/blog/microsoft/microsoft-goes-public-with-plans-for-its-new-windows-8-file-system/11666?tag=nl.e539

Patch Tuesday - Jan 2012

2012-01-11T20:10:00.002Z

With this January Microsoft Patch Tuesday update, we see a set of 7 updates; 1 with the rating of Critical and 6 with the rating of Important. This is a moderately sized update from Microsoft and the potential impact for the updates is likely to be low.

As part of the Patch Tuesday Security Update analysis performed by the ChangeBASE team, we have seen a small number of potential compatibility issues, including some which were caused by the fifth update in this release, MS12-005, where vulnerabilities in Microsoft Windows could allow Remote Code Execution.

Given the nature of the changes and updates included in each of these patches, most systems will require a reboot to successfully implement any and all of the patches and updates released in this January Patch Tuesday release cycle.

Here is a sample of the results for two applications tested for compatibility with these updates:

Top: MS12-005: Vulnerabilities in Microsoft Windows Could Allow Remote Code Execution.

Bottom: MS12-006: Vulnerabilities in SSL/TLS Could Allow Information Disclosure.

Testing Summary

MS12-001 : Vulnerability in Windows Kernel Could Allow Security Feature Bypass (2644615)
MS12-002 : Vulnerability in Windows Object Packager Could Allow Remote Code Execution (2603381)
MS12-003 : Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2646524)
MS12-004 : Vulnerabilities in Windows Media Could Allow Remote Code Execution (2636391)
MS12-005 : Vulnerability in Microsoft Windows Could Allow Remote Code Execution (2584146)
MS12-006 : Vulnerability in SSL/TLS Could Allow Information Disclosure (2643584)
MS12-007 : Vulnerability in AntiXSS Library Could Allow Information Disclosure (2607664)

Patch Name	Total Issues	Matches Affected	Reboot
Microsoft Security Bulletin MS12-001	<1%	<1%	YES
Microsoft Security Bulletin MS12-002	<1%	<1%	YES
Microsoft Security Bulletin MS12-003	<1%	<1%	YES
Microsoft Security Bulletin MS12-004	<1%	<1%	YES
Microsoft Security Bulletin MS12-005	<1%	<1%	YES
Microsoft Security Bulletin MS12-006	<1%	<1%	YES
Microsoft Security Bulletin MS12-007	<1%	<1%	YES

Legend:

	No Issues Detected Applications flagged as GREEN have no issues identified against them.
	Potentially fixable application Impact An AMBER issue is one that pertains to the installation routine. A packager can change things in the installation routine and so can AOK Workbench. Anywhere an issue is found and a change can be made to the installation routine to get rid of it we will flag it as amber. AOK Workbench fixes almost all of the issues it flags as amber. For the few issues that require a decision to be made, a packager can manually remediate these using the issue data provided by AOK Workbench.
	Serious Compatibility Issue A RED issue is generally one that pertains to how the code or actual program works. In this case we will flag as Red issues where a package tries to use objects or functions that have been deprecated from the OS or where their use has been restricted. In this case there are no changes that a packager (or AOK Workbench) can make to the install routine to fix the problem. The problem needs to be dealt with at the program code level by the programmer that wrote it or by providing a more up to date driver. However it is reasonably straightforward once a programmer has the information provided by AOK Workbench to make these changes. For vendor MSIs an upgrade may be required.

Security Update Detailed Summary

MS12-001	Vulnerability in Windows Kernel Could Allow Security Feature Bypass (2644615)
Description	This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow an attacker to bypass the SafeSEH security feature in a software application. An attacker could then use other vulnerabilities to leverage the structured exception handler to run arbitrary code. Only software applications that were compiled using Microsoft Visual C++ .NET 2003 can be used to exploit this vulnerability.
Payload	Ntdll.dll, Wntdll.dll, Updspapi.dll
Impact	Important - Security Feature Bypass

MS12-002	Vulnerability in Windows Object Packager Could Allow Remote Code Execution (2603381)
Description	This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a legitimate file with an embedded packaged object that is located in the same network directory as a specially crafted executable file. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Payload	No specific files affected
Impact	Important - Remote Code Execution

MS12-003	Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2646524)
Description	The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application. The attacker could then take complete control of the affected system and install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability can only be exploited on systems configured with a Chinese, Japanese, or Korean system locale.
Payload	Winsrv.dll, Updspapi.dll
Impact	Important - Elevation of Privilege

MS12-004	Vulnerabilities in Windows Media Could Allow Remote Code Execution (2636391)
Description	This security update resolves two privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if a user opens a specially crafted media file. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Payload	Mciseq.dll, Winmm.dll, Updspapi.dll
Impact	Critical - Remote Code Execution

MS12-005	Vulnerability in Microsoft Windows Could Allow Remote Code Execution (2584146)
Description	This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office file containing a malicious embedded ClickOnce application. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Payload	Packager.exe, Updspapi.dll
Impact	Important - Remote Code Execution

MS12-006	Vulnerability in SSL/TLS Could Allow Information Disclosure (2643584)
Description	This security update resolves a publicly disclosed vulnerability in SSL 3.0 and TLS 1.0. This vulnerability affects the protocol itself and is not specific to the Windows operating system. The vulnerability could allow information disclosure if an attacker intercepts encrypted web traffic served from an affected system. TLS 1.1, TLS 1.2, and all cipher suites that do not use CBC mode are not affected.
Payload	Schannel.dll, Winhttp.dll, Updspapi.dll
Impact	Important - Information Disclosure

MS12-007	Vulnerability in AntiXSS Library Could Allow Information Disclosure (2607664)
Description	This security update resolves one privately reported vulnerability in the Microsoft Anti-Cross Site Scripting (AntiXSS) Library. The vulnerability could allow information disclosure if a an attacker passes a malicious script to a website using the sanitization function of the AntiXSS Library. The consequences of the disclosure of that information depend on the nature of the information itself. Note that this vulnerability would not allow an attacker to execute code or to elevate the attacker's user rights directly, but it could be used to produce information that could be used to try to further compromise the affected system. Only sites that use the sanitization module of the AntiXSS Library are affected by this vulnerability.
Payload	No specific files affected
Impact	Important - Information Disclosure

*All results are based on a ChangeBASE Application Compatibility Lab's test portfolio of over 1,000 applications.

Windows 7 Webinar with Microsoft Quest, ChangeBase and Flexera

2012-01-10T18:25:00.000Z

Join us on January 18th for an overview of available tools and solutions to assist in accelerating Windows 7 deployment. During this webcast we will cover the following topics:

Setting strategy for seamless and effective Windows 7 deployment
Solutions to aid Application Compatibility and Application Lifecycle Management
Using desktop virtualization tools to further deployment efforts
Application virtualization strategies and tools
Open Discussion and Q&A

January 18th, 2012 – 11:00am – 12:00pm

Speakers:

Nishant Padhye, Optimized Desktop Specialist - Microsoft

Mike Russell, Systems Consultant – Quest

Steven Hunt, Solution Architect – Quest

Ken Hilker, Sales Engineer – Flexera Software

EVENT DETAILS

Date: January 18, 2012

Start Time: 11:00 AM PST

End Time: 12:00 PM PST

Microsoft TechReady 14 - Heck, I'm Ready!

2012-01-04T10:31:00.000Z

It's that time again for the bi-annual Microsoft internal tech-fest called Tech Ready. TechReady is Microsoft's internal briefing to Microsoft staff (only). Luckily the folks from ChangeBase\Quest have been invited to present an instructor led lab to Microsoft staff on the benefits of automated assessment and remediation delivered by the ChangeBASE tool.

Here is a brief overview of we plan to cover;

During this session, Greg Lambert (that's me) , Chief Technology Architect of ChangeBASE will discuss the 3 M’s of application migration and virtualisation: multi-usage, multi-input and multi-scenario. Using real-life illustration, documentation and testimonials this deep dive technical session will look at the mechanics of achieving the utopian within your client base. It will outline the problems you will face as you look to migrate your customers. Broken into three distinct categories, I will discuss the compatibility challenges facing each area and using technical demonstration will illustrate how these challenges can be addressed.

Taking each in turn I will discuss;

Windows 8 application compatibility including;

1) Desktop migrations issues including;

- Windows 7 Compatibility

- 64-bit Compatibility

- App-V Streaming compatibility

2) IE8, 9 and 10 compatibility including;

- Presentation challenges

- Security

- HTML and Javascript

From this Instructor Led Laboratory (ILL) session delegates will learn;

A) What areas of consideration are needed to migrate application estates to a Windows 7, App-V based platform

B) An understanding of the 3 M’s of application migration and virtualisation and how they affect the enterprise

C) The primary hurdles facing organisations as they migrate Windows 7 and virtual desktops and how to practically address those challenge

This lab will be presented by me (Greg Lambert) and my Quest colleagues on Tuesday, January 31 in the afternoon in the Seattle convention centre. If you have any questions or would like to attend please leave a comment on this posting and I will try to get back to ASAP.

Microsoft Patch Tuesday Compatibility Report by ChangeBASE - 13th December 2011

2011-12-15T12:36:00.000Z

With this December Microsoft Patch Tuesday update, we see a relatively large set of updates. In total there are 13 Microsoft Security Updates; 3 with the rating of Critical and 10 with the rating of Important. This is a relatively large update from Microsoft and the potential impact for the updates is likely to be moderate.

As part of the Patch Tuesday Security Update analysis performed by the ChangeBASE team, we have seen moderate cause for potential compatibility issues.

Sample Results

Here is a sample of the results for one application and a summary of the Patch Tuesday results for one of our AOK Sample databases:

MS11-091: Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution.

MS11-093: Vulnerabilities in OLE Could Allow Remote Code Execution.

And here is a sample AOK Summary report for a sample database where the AOK Patch Impact team has run the latest Microsoft Updates against a small application portfolio:

Testing Summary

MS11-087	Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2639417)
MS11-088	Vulnerability in Microsoft Office IME (Chinese) Could Allow Elevation of Privilege
MS11-089	Vulnerability in Microsoft Office Could Allow Remote Code Execution (2590602)
MS11-090	Cumulative Security Update of ActiveX Kill Bits (2618451)
MS11-091	Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution (2607702)
MS11-092	Vulnerability in Windows Media Could Allow Remote Code Execution (2648048)
MS11-093	Vulnerability in OLE Could Allow Remote Code Execution (2624667)
MS11-094	Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2639142)
MS11-095	Vulnerability in Active Directory Could Allow Remote Code Execution (2640045)
MS11-096	Vulnerability in Microsoft Excel Could Allow Remote Code Execution (2640241)
MS11-097	Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2620712)
MS11-098	Vulnerability in Windows Kernel Could Allow Elevation of Privilege (2633171)
MS11-099	Cumulative Security

Security Update Detailed Summary

MS11-087	Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2639417)
Description	This security update resolves a publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted document or visits a malicious Web page that embeds TrueType font files.
Payload	Win32k.sys
Impact	Critical - Remote Code Execution

MS11-088	Vulnerability in Microsoft Office IME (Chinese) Could Allow Elevation of Privilege
Description	This security update resolves a privately reported vulnerability in Microsoft Office IME (Chinese). The vulnerability could allow elevation of privilege if a logged-on user performed specific actions on a system where an affected version of the Microsoft Pinyin (MSPY) Input Method Editor (IME) for Simplified Chinese is installed. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights. Only implementations of Microsoft Pinyin IME 2010 are affected by this vulnerability. Other versions of Simplified Chinese IME and other implementations of IME are not affected.
Payload	Not Defined
Impact	Important - Elevation of Privilege

MS11-089	Vulnerability in Microsoft Office Could Allow Remote Code Execution (2590602)
Description	This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Word file. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Payload	Not Defined
Impact	Important - Remote Code Execution

MS11-090	Cumulative Security Update of ActiveX Kill Bits (2618451)
Description	This security update resolves a privately reported vulnerability in Microsoft software. The vulnerability could allow remote code execution if a user views a specially crafted Web page that uses a specific binary behavior in Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This update also includes kill bits for four third-party ActiveX controls.
Payload	Not Defined
Impact	Critical - Remote Code Execution

MS11-091	Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution (2607702)
Description	This security update resolves one publicly disclosed vulnerability and three privately reported vulnerabilities in Microsoft Office. The most severe vulnerabilities could allow remote code execution if a user opens a specially crafted Publisher file. An attacker who successfully exploited any of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Payload	Mspub.exe, Prtf9.dll, Ptxt9.dll, Pubconv.dll
Impact	Important - Remote Code Execution

MS11-092	Vulnerability in Windows Media Could Allow Remote Code Execution (2648048)
Description	This security update resolves a privately reported vulnerability in Windows Media Player and Windows Media Center. The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Digital Video Recording (.dvr-ms) file. In all cases, a user cannot be forced to open the file; for an attack to be successful, a user must be convinced to do so.
Payload	Encdec.dll
Impact	Critical - Remote Code Execution

MS11-093	Vulnerability in OLE Could Allow Remote Code Execution (2624667)
Description	The vulnerability could allow remote code execution if a user opens a file that contains a specially crafted OLE object. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Payload	Ole32.dll
Impact	Important - Remote Code Execution

MS11-094	Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2639142)
Description	This security update resolves privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted PowerPoint file. An attacker who successfully exploited either of the vulnerabilities could take complete control of an affected system. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Payload	Not Defined
Impact	Important - Remote Code Execution

MS11-095	Vulnerability in Active Directory Could Allow Remote Code Execution (2640045)
Description	This security update resolves a privately reported vulnerability in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS). The vulnerability could allow remote code execution if an attacker logs on to an Active Directory domain and runs a specially crafted application. To exploit this vulnerability, an attacker would first need to acquire credentials to log on to an Active Directory domain.
Payload	Adamdsa.dll
Impact	Important - Remote Code Execution

MS11-096	Vulnerability in Microsoft Excel Could Allow Remote Code Execution (2640241)
Description	This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Installing and configuring Office File Validation (OFV) to prevent the opening of suspicious files blocks the attack vectors for exploiting the vulnerabilities described in CVE-2011-3403.
Payload	Excel.exe
Impact	Important - Remote Code Execution

MS11-097	Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2620712)
Description	This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application designed to send a device event message to a higher-integrity process. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.
Payload	Csrsrv.dll
Impact	Important - Elevation of Privilege

MS11-098	Vulnerability in Windows Kernel Could Allow Elevation of Privilege (2633171)
Description	This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application designed to exploit the vulnerability. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.
Payload	Ntkrnlmp.exe, Ntkrnlpa.exe, Ntkrpamp.exe, Ntoskrnl.exe, Mpsyschk.dll
Impact	Important - Elevation of Privilege

MS11-099	Cumulative Security
Description	This security update resolves three privately reported vulnerabilities in Internet Explorer. The most severe vulnerability could allow remote code execution if a user opens a legitimate HyperText Markup Language (HTML) file that is located in the same directory as a specially crafted dynamic link library (DLL) file.
Payload	Not Defined
Impact	Important - Remote Code Execution

*All results are based on a ChangeBASE Application Compatibility Lab’s test portfolio of over 1,000 applications.

Linkbait: November 2011

2011-11-30T10:39:00.001Z

Here's this month's Industry Newsletter by my ChangeBASE colleague, Carl Bennett.

Packaging News

A new tool from Microsoft, the Program Install and Uninstall Troubleshooting Tool, attempts to resolve MSI install issues.
Active Setup introduction on InstallShield blog.
A nice roundup of Program Compatibility Assistant’s features care of Chris Jackson.
All regsvr32 does is Load¬Library, Get¬Proc¬Address, and then calls the function. Why can’t you query if it was successful?
InstallShield 2012 SP1 is out.
More news on Symantec’s retirement of Wise.
Examine the contents of MSU and CAB Microsoft Update installs.
Lessmsi, the tool for quickly extracting files from MSIs now has shell integration.
Microsoft Deployment Toolkit 2012 Beta 2 is available.

Platform News
The experience of installing Windows 8 has been improved.
Windows 8 defrag has new options.
Synaptics have unveiled a great-looking mouse driver for Windows 8.
Make your Windows 7 desktop more Autumnal with a theme.

Office News
Microsoft Office Starter 2010 is a free version of Word and Excel 2010. It also allows you to create a portable version which can be run off a USB drive.
Office 15 beta is rumoured to be out in January.
How to extract customisation information from an Office 2010 MSP.
How Office may look in the future.

Virtualisation News
A walkthrough of sequencing and deploying in Server App-V.
Server App-V has a nifty commandline for binding processes into the same bubble.
ThinApp 4.7 has been released with integration to the Horizon Application Manager. Learn about ThinApp on your smartphone.

Browser and Web News
Go to google and search for the words “do a barrel roll” or “tilt” (seems to work better in Firefox than IE for me). Oh what fun!
IE10 has the first browser-based implementation of auto-correct.
I like this ad for Google Analytics with Nick Mohammed.

Mobile News
A mobile phone in 1922.

Another day, another coup for ChangeBASE

2011-10-18T14:06:00.001+01:00

So here we are at VMware Europe 2011, Copenhagen and very nice it is too.

The show is busy and we’re looking forward to hearing what VMware has coming down the track in 2012 and beyond and just where the world of virtualisation will take us and how it will sit along side the rapid growth of cloud based applications and services.

But for ChangeBASE it’s another show and yet another development. Today we announce the launch of our VMware ThinApp plug in for AOK VReady-It. This plug-in enables organisations to convert their MSI applications to a virtualised ThinApp application and ensure that it is ready for deployment on the VMware platform.
You can read the release here.

As with all of the ChangeBASE plug-ins for AOK VReady-It, the ThinApp plugin enables;

· Bulk conversion of applications to ThinApp
· Dramatic reduction in the time it takes to manually convert applications to a virtualised platform
· Conversion of legacy applications that may not migrate to new operating systems
· Ability to create a single executable with no dependencies
· Significant savings of time and resource

We’ve got it on stand (Stand 137) so why not pop along to say hello and see AOK VReady-It in action!

Linkbait: October 2011

2011-10-14T18:27:00.000+01:00

My colleague Carl has done it again and delivered some great links to some good reading on our industry and ChangeBase.

Migration news

A powerpoint presentation called “Life after Windows XP” containing some great arguments for upgrading to Windows 7.

Windows 7 has just passed XP as most widely used OS

The Microsoft performance team explain the advantage of 64bit Windows

Converter Technology look at whether it is worth skipping Windows7 and going straight to Windows8. Microsoft say 10 years is enough, just upgrade now will you?

Chris Jackson posted a link to his chat with Emily and Greg.

Packaging News

Symantec have announced that they will discontinue Wise. In my opinion they have never understood the asset that they had. It’s not just a piece of software but the fuel for an entire industry. It is still used by a vast proportion of all packaging teams. Aaaagh I am so angry, upset and disappointed right now.

Can you pass the Windows 7 Deployment exam? I’ll admit that I scraped a pass by 1%

After reporting last month that AppX may succeed, an article on why AppX Just Might Fail.

A Microsoft mindmap download is available on the topic of deployment

A ThinApp guide to the Taskbar, and Start Menu Pinning gives you an insight into their virtualisation process.

The unattend file allows you to change some standard windows folders but not Program Files.

Windows 8 News

The Building Windows 8 Blog is a very well-written guide to the design philosophy behind the new features. Learn about how the start menu has evolved into the start screen.

Translations are being sought for the new charm and app terminologies

Desktop gadgets are being axed, but you never used them anyway

Obituary Corner

Dennis Ritchie, inventor of the C programming language, co-author of the famous book on it, and co-creator of the Unix operating system, has died ;

Visionary Steve Jobs has died, the tributes have been pouring in.

Mobile News

Goldman Sachs report that Microsoft make $444 annually from Android patents.

The new 64Gb iPhone 4S has been launched. Apple say “It’s a good phone”

Everything you’ve Always Wanted to Know about Application Compatibility in Windows Phone ‘Mango’ is longer than you’d imagine

The Samsung Galaxy SII has won every award going and has sold 10 Million

Cloud News

Windows 8 can seamlessly integrate with skydrive

Technology News

Microsoft have slipped to third most valuable tech company behind IBM and Apple

I want a new computer, the best one consumes 10Mw although the old ones look nice.

Our partners Converter Technologies write about broken links in office documents.

Find out what is inside system restore points

Chocolate and fruit themes for your desktop

Browser News

Internet Explorer 9 on Windows 7 Passes 30% Share in the US

IE10 CSS3 support for text shadows

Firefox 7 has shipped, version 8 is now in beta

What is The Internet and How does it Work?

Enjoy and have a listen of the Chris Jackson pod-cast. Chris is always both entertaining and educating.

AOK Browse-It for Firefox Launched!

2011-10-06T21:58:00.000+01:00

They say that you should try to learn something new every day. And I have to say that within my world at ChangeBASE that is usually the case. I’m always astounded at the things I learn, see and experience on my travels and when working with partners and customers.

One thing that has really stood out for me this year has been the increase of multi-browser deployment within organisations. It reinforces the fact that the growth of web applications and use of the internet is rapidly enveloping our daily working lives. It also provisions a more versatile approach to the IT environment which is always a good thing.

Today we launched AOK browse-It for Firefox. Much has been written about Mozilla Firefox and in both my experience and via evidence of the usage analysis, Firefox is the second most popular browser to Internet Explorer holding over26% market share. This is why our development team decided to develop the AOK Browse-It plug-in alongside the IE9 plug-in for our award winning solution.

The AOK Browse-It for Firefox plug-in ensures Firefox compatibility for web applications. It quickly and accurately identifies the six key areas of compatibility including;

Proprietary Internet Explorer calls and functions
Non-standard HTML functions and event calls
Non-compliant CSS functions and calls
DOM model quirks and non supported functions
JavaScript standards compliance
Plug-in manager component and configuration compatibility

So have a look, I believe that the multi-browser environment is here to stay and Firefox plays a major role in that.

Linkbait: September 2011 - Industry News and Views

2011-09-28T09:35:00.001+01:00

My colleague Carl has compiled a list of interesting links and news bulletins that may interest you. I always find these links worth at least a quick skim - so, have a read.

Platform News

It is not just WindowsXP that is due to be unsupported in the near future, Office 2003, Windows Server 2003, Exchange 2003, SCCM 2003 are on their way out too

Control multiple computers with one keyboard and mouse without a KVM with a new Microsoft tool.

Have you ever wondered where the XP default wallpaper was photographed? The story goes that the grapes normally growing in the California valley had a disease that year and grass was growing instead.

Virtualisation News

ThinApp is on a new version, 4.6.2 with all kinds of new improvements and extra compatibility.

Watch SAP GUI being virtualised onto ThinApp

Funky 1970s Microsoft video taking a shot at VMWare.

Lots of new images of prebuilt VMs are available for download

Windows 8 News and Rumours

An incomplete developer preview of Windows 8 and Windows Server 8 has been released at //build/ conference, 500,000 people downloaded it in the 1^st 24 hours, it has already began receiving updates.

The official Windows 8 forums are at http://win8.ms/forums

There were 300+ features that were not shown at the conference.

Hyper-V is included in the workstation release

It doesn’t work in all virtual environments.

It can mount ISO and VHD files

A Microsoft engineering blog dedicated to building (hype about) Windows 8 featuring videos, interviews and stories

Windows 8 boots differently and faster than Windows 7, here’s how it works.

Windows 8 may include phone capabilities.

Many of the new features requiring a touch screen have been tested on older computers.

You can boot off a USB stick, but what happens if you take it out?

It has added security

A summary of some Windows 8 features

The history of Windows Explorer, and copying files with name colisions

16bit apps are still supported on 32bit Windows 8

Internet Buzz

Google+ is now open for anyone to join

AT&T’s accurate predictions of the future from 1993

1970s technology adverts

Browser News

IE 9 and 10 now get 100% on the ACID3 test because the criteria have been lowered.

A third IE10 platform preview heralds the end of browser plugins.

A widely-reported story about Internet Explorer users being stupid was a hoax

Office News

Learn best-practices in Outlook with this free online course of videos.

Amiproject is a very impressive-looking online viewer for MS Project files.

ConverterTechnology’s The 12 Most Common Deployment Hurdles During a Microsoft Office Upgrade

Packaging News

InstallShield 2012 has been released, meh.

All dedicated packagers should see the new Bruce Willis movie called “Setup”

A history of the registry

Windows 8’s MSI is barely changed

AppX has no custom actions

Internet Explorer 9 in the Enterprise

2011-09-26T09:34:00.000+01:00

Just a quick note today. As you have seen, we have busy working on Internet Explorer 9 compatibility issues with the release of our AOK IE 9 Plugins.

As part of a larger series of white papers, webinars and pod-casts on Internet Explorer migrations and adoption, the ChangeBase team has created a good introduction to some of the challenges involved with browser migrations in large organizations, with particular reference to the organizational and technical challenges relating to the migration from IE6 to IE 9.

To help large organizations work through the IE 9 migration process this whitepaper walks through the following migration related challenges;

What problems must be overcome in order to successfully migrate web-based applications?
How do you take an application, designed for yesterday’s desktop environment, and make it work on tomorrow’s platform?
What is the impact of migrating your current websites, browsers and intranet to IE9?

For those interested in reading this whitepaper on Internet Explorer 9, please have a look at the following link on the ChangeBase website; Considerations for Browser Migrations in the Enterprise.

And, speaking of pod-casts, we just finished recording a session with Chris Jackson last Friday on IE9, Windows 8 and Internet Explorer 10. Watch this space to find out more.

Making the leap to IE9

2011-09-15T10:07:00.000+01:00

Some say the summer months are an opportunity to kick back, relax and take in what’s been going on in the world at large. It doesn’t seem to be that way at ChangeBASE though, our development team have been busier than ever and the professional services team are maxed out working with partners and their prospects to ensure the world of application compatibility is doing what it should.

Which in itself is nothing new for a rapidly growing company, but what has been interesting is the work they are doing around Internet Explorer 9 and getting web applications compatible with the browser. On average 20% of the Fortune 1000 and FTSE 500 companies we will be working with over the next 12 months are looking at deploying IE9 as part of their Windows 7 migration. What’s causing them issues is achieving compatibility and that has led us to revisit the AOK plug-in road map and bring forward some of our scheduled development.

Today we’re announcing AOK IE9 Report Group Plug-ins. In total we’ve developed fourteen plug-ins which address the presentation and operational issues surrounding web application compatibility to this browser. You can read the press release in full here, but in essence we’ve addressed the following issues;

IE9 Presentation Compatibility

The AOK IE9 Plug-ins addresses compatibility issues including; MIME Handling Analysis, Asian font, static text issues and CSS3 Declaration Compatibility. For all of these concerns, the AOK IE9 Plug-ins will test the web application against these known issues and report via the AOK Red Amber Green reporting structure all at the click of a button.

IE9 Operational Compatibility

Operational compatibility issues concern the way in which a web application behaves when accessed via the browser. In IE9 there are nine areas which can cause the web application to experience errors. These include compatibility issues around HTML syntax, attributes and properties, iFrames, JavaScript properties, framework and functions, and Deprecated DOM events. Again, in all of these errors the AOK IE9 plug-in will test and report on compatibility issues, illustrating the severity via the AOK Red Amber Green reports at a granular level.

To coincide with the release of the AOK IE9 Plug-in we’ve created a short video to give an overview of some of the challenges organisations are facing when it comes to web application compatibility and specifically IE9. In the video we also demonstrate the plug-ins so you can see for yourself how they work within the AOK Workbench. You can view the video here.

Check it out; it might just be the solution to your IE9 web application compatibility challenge.

September 13th Microsoft Patch Tuesday Application Compatibility Report

2011-09-14T08:15:00.000+01:00

With this September Microsoft Patch Tuesday update, we see again a relatively small set of updates in comparison to the lists of updates released by Microsoft in the previous months. In total there are five Microsoft Security Updates with the rating of Important. This is a minor update from Microsoft and the potential impact for the updates is likely to be moderate.

As part of the Patch Tuesday Security Update analysis performed by the ChangeBASE AOK team, we have seen very little cause for potential compatibility issues.

Given the nature of the changes and updates included in each of these patches, most systems will require a reboot to successfully implement any and all of the patches and updates released in this September Patch Tuesday release cycle.

Sample Results 1: MS11-070 Vulnerability in WINS Could Allow Elevation of Privilege

Sample Results 2: MS11-073 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution

Testing Summary

MS11-070 Vulnerability in WINS Could Allow Elevation of Privilege (2571621)

MS11-071 Vulnerability in Windows Components Could Allow Remote Code Execution (2570947)

MS11-072 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2587505)

MS11-073 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2587634)

MS11-074 Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2451858)

Sample Results 3: AOK Summary Report Sample from a small database

AOK RAG Summary

Security Update Detailed Summary

MS11-070 Vulnerability in WINS Could Allow Elevation of Privilege (2571621)

Description This security update resolves a privately reported vulnerability in the Windows Internet Name Service (WINS). The vulnerability could allow elevation of privilege if a user received a specially crafted WINS replication packet on an affected system running the WINS service. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.

Payload W03a3409.dll, Wins.exe, Winsevnt.dll, Ww03a3409.dll, Wwins.exe, Wwinsevnt.dll

Impact Important - Elevation of Privilege

MS11-071 Vulnerability in Windows Components Could Allow Remote Code Execution (2570947)

Description This security update resolves a publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a legitimate rich text format file (.rtf), text file (.txt), or Word document (.doc) that is located in the same network directory as a specially crafted dynamic link library (DLL) file. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Payload Imjpapi.dll

Impact Important - Remote Code Execution

MS11-072 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2587505)

Description This security update resolves five privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Installing and configuring Office File Validation (OFV) to prevent the opening of suspicious files blocks the attack vectors for exploiting the vulnerabilities described in CVE-2011-1986 and CVE-2011-1987.

Payload Excel.exe

Impact Important - Remote Code Execution

MS11-073 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2587634)

Description This security update resolves two privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Office file or if a user opens a legitimate Office file that is located in the same network directory as a specially crafted library file. An attacker who successfully exploited either of the vulnerabilities could gain the same user rights as the logged on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Payload Ietag.dll, Mso.dll

Impact Important - Remote Code Execution

MS11-074 Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2451858)

Description This security update resolves five privately reported vulnerabilities and one publicly disclosed vulnerability in Microsoft SharePoint and Windows SharePoint Services. The most severe vulnerabilities could allow elevation of privilege if a user clicked on a specially crafted URL or visited a specially crafted Web site. For the most severe vulnerabilities, Internet Explorer 8 and Internet Explorer 9 users browsing to a SharePoint site in the Internet Zone are at a reduced risk because, by default, the XSS Filter in Internet Explorer 8 and Internet Explorer 9 helps to block the attacks in the Internet Zone. The XSS Filter in Internet Explorer 8 and Internet Explorer 9, however, is not enabled by default in the Intranet Zone.

Payload Groove.exe, Groovedocumentsharetool.dll, Grooveutil.dll, Groovewebplatformservices.dll, Groovewebservices.dll

Impact Important - Elevation of Privilege

*All results are based on an AOK Application Compatibility Lab’s test portfolio of over 1,000 applications.

Patch Tuesday: August 2011

2011-08-10T19:11:00.002+01:00

With this August Microsoft Patch Tuesday update, we see a moderate set of updates in comparison to those lists of updates released by Microsoft for the months of June and July. In total there are 13 Microsoft Security Updates with the following rating; 2 rated as Critical, 9 rated as Important and 2 as Moderate by Microsoft. Given the scope and nature of this month’s update, the ChangeBASE team expects to find a small number of issues raised by the AOK Automated Patch Impact Assessment. In particular, Microsoft Security Update M11-060 will require careful testing prior to deployment due to the core operating system DLL’s contained within this update.

Sample Results 1: MS11-060 Vulnerability in VISIO Could Allow Remote Code Execution

Testing Summary

MS11-057	Cumulative Security Update for Internet Explorer (2559049)
MS11-058	Vulnerabilities in DNS Server Could Allow Remote Code Execution (2562485)
MS11-059	Vulnerability in Data Access Components Could Allow Remote Code Execution (2560656)
MS11-060	Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (2560978)
MS11-061	Vulnerability in Remote Desktop Web Access Could Allow Elevation of Privilege (2546250)
MS11-062	Vulnerability in Remote Access Service NDISTAPI Driver Could Allow Elevation of Privilege (2566454)
MS11-063	Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2567680)
MS11-064	Vulnerabilities in TCP/IP Stack Could Allow Denial of Service (2563894)
MS11-065	Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (2570222)
MS11-066	Vulnerability in Microsoft Chart Control Could Allow Information Disclosure (2567943)
MS11-067	Vulnerability in Microsoft Report Viewer Could Allow Information Disclosure (2578230)
MS11-068	Vulnerability in Windows Kernel Could Allow Denial of Service (2556532)
MS11-069	Vulnerability in .NET Framework Could Allow Information Disclosure (2567951)

Security Update Detailed Summary

MS11-057	Cumulative Security Update for Internet Explorer (2559049)
Description	This security update resolves five privately reported vulnerabilities and two publicly disclosed vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Payload
Impact	Critical - Remote Code Execution

MS11-058	Vulnerabilities in DNS Server Could Allow Remote Code Execution (2562485)
Description	This security update resolves two privately reported vulnerabilities in Windows DNS server. The more severe of these vulnerabilities could allow remote code execution if an attacker registers a domain, creates an NAPTR DNS resource record, and then sends a specially crafted NAPTR query to the target DNS server. Servers that do not have the DNS role enabled are not at risk.
Payload	Afd.sys, Dns.exe, Dnsperf.dll, Dnsperf.h, Dnsperf.ini, Mswsock.dll, Tcpip.sys, Tcpip6.sys, W03a3409.dll, Wdnsperf.dll, Wmswsock.dll, Ww03a3409.dll, Update.exe, Update.ver, Updspapi.dll
Impact	Critical - Remote Code Execution

MS11-059	Vulnerability in Data Access Components Could Allow Remote Code Execution (2560656)
Description	This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a legitimate Excel file (such as a .xlsx file) that is located in the same network directory as a specially crafted library file. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Payload
Impact	Important - Remote Code Execution

MS11-060	Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (2560978)
Description	This security update resolves two privately reported vulnerabilities in Microsoft Visio. The vulnerabilities could allow remote code execution if a user opens a specially crafted Visio file. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Payload	Aec.dll, Brtview.dll, Dbshare.dll, Dwgcnv.dll, Dwgdp.dll, Imcommon.dll, Imutil.dll, Ixacs.pdl, Ixdb2.pdl, Ixgenerc.pdl, Ixinfx.pdl, Ixoledb.pdl, Ixoracle.pdl, Ixssrv.pdl, Ixsybase.pdl, Modeleng.dll, Orgchart.dll, Orgchwiz.dll, Ormelems.dll, Ormmodel.mdl, Pdsbase.dll, Sg.dll, Sqlshare.dll, Uml.dll, Umlsys.dll, Visbrgr.dll, Visfilt.dll, Visio.exe, Vislib.dll, Visocx.dll
Impact	Important - Remote Code Execution

MS11-061	Vulnerability in Remote Desktop Web Access Could Allow Elevation of Privilege (2546250)
Description	This security update resolves a privately reported vulnerability in Remote Desktop Web Access. The vulnerability is a cross-site scripting (XSS) vulnerability that could allow elevation of privilege, enabling an attacker to execute arbitrary commands on the site in the context of the target user. The XSS Filter in Internet Explorer 8 and Internet Explorer 9 prevents this attack for its users when browsing to a Remote Desktop Web Access server in the Internet Zone. The XSS Filter in Internet Explorer 8 and Internet Explorer 9 is not enabled by default in the Intranet Zone.
Payload	Config.aspx, Default.aspx, Desktops.aspx, Login.aspx, Logoff.aspx, Rap-help-admin.htm, Rap-help.htm, Tsportalsetup.exe.mui, Tsportalwebpart.resources.dll, Tswa.css
Impact	Important - Elevation of Privilege

MS11-062	Vulnerability in Remote Access Service NDISTAPI Driver Could Allow Elevation of Privilege (2566454)
Description	This security update resolves a privately reported vulnerability in all supported editions of Windows XP and Windows Server 2003. This security update is rated Important for all supported editions of Windows XP and Windows Server 2003. Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are not affected by the vulnerability.
Payload	Ndistapi.sys, Update.exe, Update.ver, Updspapi.dll
Impact	Important - Elevation of Privilege

MS11-063	Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2567680)
Description	This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application designed to send a device event message to a higher-integrity process. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.
Payload	Winsrv.dll, Update.exe, Update.ver, Updspapi.dll
Impact	Important - Elevation of Privilege

MS11-064	Vulnerabilities in TCP/IP Stack Could Allow Denial of Service (2563894)
Description	This security update resolves two privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow denial of service if an attacker sends a sequence of specially crafted Internet Control Message Protocol (ICMP) messages to a target system or sends a specially crafted URL request to a server that is serving Web content and has the URL-based Quality of Service (QoS) feature enabled.
Payload	Tcpipreg.sys, Tcpip.sys
Impact	Important - Denial of Service

MS11-065	Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (2570222)
Description	This security update resolves a privately reported vulnerability in the Remote Desktop Protocol. The vulnerability could allow denial of service if an affected system received a sequence of specially crafted RDP packets. Microsoft has also received reports of limited, targeted attacks attempting to exploit this vulnerability. By default, the Remote Desktop Protocol (RDP) is not enabled on any Windows operating system.
Payload	Rdpwd.sys, Update.exe, Update.ver, Updspapi.dll
Impact	Important - Denial of Service

MS11-066	Vulnerability in Microsoft Chart Control Could Allow Information Disclosure (2567943)
Description	This security update resolves a privately reported vulnerability in ASP.NET Chart controls. The vulnerability could allow information disclosure if an attacker sent a specially crafted GET request to an affected server hosting the Chart controls. Note that this vulnerability would not allow an attacker to execute code or to elevate the attacker's user rights directly, but it could be used to retrieve information that could be used to further compromise the affected system. Only web applications using Microsoft Chart Control are affected by this issue. Default installations of the .NET Framework are not affected.
Payload
Impact	Important - Information Disclosure

MS11-067	Vulnerability in Microsoft Report Viewer Could Allow Information Disclosure (2578230)
Description	This security update resolves a privately reported vulnerability in Microsoft Report Viewer. The vulnerability could allow information disclosure if a user views a specially crafted Web page. In all cases, however, an attacker would have no way to force a user to visit the Web site. Instead, an attacker would have to persuade a user to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes the user to the vulnerable Web site.
Payload
Impact	Important - Information Disclosure

MS11-068	Vulnerability in Windows Kernel Could Allow Denial of Service (2556532)
Description	This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if a user visits a network share (or visits a Web site that points to a network share) containing a specially crafted file. In all cases, however, an attacker would have no way to force a user to visit such a network share or Web site. Instead, an attacker would have to convince a user to do so, typically by getting the user to click a link in an e-mail message or Instant Messenger message.
Payload
Impact	Moderate - Denial of Service

MS11-069	Vulnerability in .NET Framework Could Allow Information Disclosure (2567951)
Description	This security update resolves a privately reported vulnerability in Microsoft .NET Framework. The vulnerability could allow information disclosure if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs). In a Web-based attack scenario, an attacker could host a Web site that contains a Web page that is used to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker's Web site. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions.
Payload
Impact	Moderate - Information Disclosure

*All results are based on an AOK Application Compatibility Lab’s test portfolio of over 1,000 applications.

TechReady Update: Through the minefield of application compatibility

2011-08-03T11:51:00.000+01:00

For those of you who were not able to attend my sessions at the Microsoft TechReady (13) event last week in Seattle, I will forgive you. Seattle is a long way from most places on the planet (by definition) and it was a Microsoft invite-only, staff only, Seattle-only event.

So, I have edited out some of the classified stuff from the presentation and will be able to run through most of the content (hint: look out for IE9 compatibility checks) and will be able to present the slides on a Citrix GotoMeeting webinar on Wednesday, August 17th.

So, why not Join us for a Webinar on August 17

Space is limited.
Reserve your Webinar seat now at:
https://www1.gotomeeting.com/register/443618192

Hope to see you there, and most importantly I would really appreciate any questions and feedback during the session.

Linkbait: August 2011

2011-08-01T08:37:00.000+01:00

Just got back from Microsoft's TechReady event in Seattle. I had a great time and still getting used to the UK time zone. That said, the weather in Seattle was absolutely glorious. Very surprising as I was expecting another wet and cold week on the coast - but no - instead we had glorious sunshine. Truly Seattle at it's best.

As I am still getting myself together is list of interesting news links gathered by my colleague Carl. Enjoy!

Windows News

400,000,000 Windows 7 licences have been sold

Fujitsu have released the first phone powered by Windows 7. It has a battery life of ~2 hours.

Vista SP1 is now an unsupported operating system

Windows 8 feature summary

Expect Windows 8 in April 2012

A look at 24 years of Windows Package design

Upgrading MS-DOS 5 to Windows 7

Two gorgeous Windows 7 themes for you to spice up your desktop

Migration News

XP has less than 1000 days of support remaining

New version released of Microsoft Assessment and Planning Toolkit

Browser News

IE9 continues to be more popular as IE’s use declines

Internet Explorer 10 will support sandboxing imported iframes

No more Google Toolbar for Firefox

Cloud News

Microsoft Cloud Roundtable

Office 365 explained

Windows Server 8 will be cloud-focused

Getting approval from The Cloud

Virtualisation News

Soon we will have a new platform, Microsoft Server Application Virtualisation. The development team have already been working with Microsoft and our new plugin tests should be available very soon.

Financial News

Microsoft post record Q4 earnings of $17.37 billion

As Nokia prepare for using the Windows Phone 7 operating system they have reported their first quarterly loss for 18 months

Apple have posted a record profit

Mobile News

Samsung is estimated to have sold between 18 million and 21 million smartphones globally in the April-June quarter, compared with 16.7 million for Nokia and 20.3 million iPhones.

All Smartphones numbers compared to last year

A third of all Americans now own a Smartphone

Android users love cooking their own ROMs, just one of them has half a million users, but there are more than that number of new Android phones being bought every day

The World Health Organisation has made a surprising conclusion about a link between mobile phones and cancer

How to choose a new phone

Tablet News

Tablets for children

Tablets for £129

iPad2 has limitations

Office News

100,000,000 licences of Office 2010 have been sold

Office 2010 SP1 is out

Office tips screensaver

The office team have been busy making silly videos with office

Skydrive’s adoption of HTML5 allows multiple users to simultaneously edit Word documents

One day, computers will help with the paperwork

Developer’s Corner

It’s not often that someone invents a new sorting algorithm, especially a silly one

How the Windows Directory is the equivalent to the Apple Application Bundle

Web News

Google+, their answer to facebook is a problem looking for a solution

With all those passwords being stolen from Sony, Sega, etc. you may want to check to see if yours is one of them

And, in the Birthday Corner

Happy 20^th Birthday Linux

Happy 20^th Sonic

Excel is 25 years old

IE9 Kicks Malware Butt

2011-07-18T13:38:00.000+01:00

A little while ago, NSS Labs released a report on how the different browsers (IE, Firefox, Chrome etc.) handled malware. And, it appears for the type of malware tested, Microsoft browsers (IE8 good, and IE9 best) kick some malware butt.

NSS Labs report found that IE (8/9) identified and caught over 90% of the malware threats while the other competing browsers Safari, Chrome and Firefox caught roughly 13% of the threats. The fact that these three browsers had similar results is not surprising as they all use the same filtering technology.

Microsoft's IE8 and IE9 use a Smart Filtering technology that scans each URL and executable (EXE) to see if has a digital signature and whether it has been downloaded by other people previously. Though there is a potential for false positives, this system appears to be able to "react" quickly to new threats and block a significant profile of malware threats.

You can read more about the Microsoft Browser Smart filtering technology here: http://blogs.msdn.com/b/ie/archive/2011/05/17/smartscreen-174-application-reputation-in-ie9.aspx

You can read more about how an add-in for Visual Studio fell foul of the Smart Filter rules here: http://www.itwriting.com/blog/4533-this-is-why-people-ignore-security-warnings-ie9-blocks-official-microsoft-update.html

The report is well presented and very accessible and the results clearly demonstrate one thing: the approach Microsoft has taken with IE and IE9 when dealing with malware clearly works as you can see by the following diagram on the response time to block a potential malware executable.

Straight from the source, Microsoft heavily promotes the security features for IE9 with the following key features;

IE8 is the only browser to block XSS attacks “out-of-the-box.”
IE8 introduced the first “out-of-the-box” mechanism to allow sites to prevent ClickJacking attacks.
IE8 introduces new functions which allow sites to build more-secure mashups (toStaticHTML(), XDomainRequest) and supports new standards-based mechanisms (Native JSON support, postMessage()).
Safer default settings (DEP/NX, per-site AX) mean that users are better-protected than ever before. Group Policy controls (for ActiveX management, enforced SmartScreen blocking, etc) allow IT administrators to reduce the number of trust decisions users face when using IE8.

I am looking forward to the industry response to this report. Will we see Google say that NSS Labs is in the pocket of MS? Will they dispute the source URL's or EXE's? Or, will they get their act together and implement a proper protection system - cloud based, collaborative, crowd-sourced or whatever... Something.

You can find the NSS Labs report in its entirety here:
http://www.nsslabs.com/assets/noreg-reports/2011/nss%20labs_q2_2011_browsersem_FINAL.pdf

Microsoft Patch Tuesday July 12th 2011

2011-07-13T15:51:00.000+01:00

With this July Microsoft Patch Tuesday update, we see a moderate set of updates in comparison to those lists of updates released by Microsoft for the months of April, May and June. In total there are 4 Microsoft Security Updates with the following rating; 1 rated as Critical, and 3 rated as Important by Microsoft. Given the scope and nature of this month's update, the ChangeBASE team does not expect to find a significant number of issues raised by the AOK Automated Patch Impact Assessment. The Microsoft Security Update M11-055 will require moderate testing prior to deployment due to the core operating system DLL's contained within this update.
Given the nature of the changes and updates included in each of these patches, most systems will require a reboot to successfully implement any and all of the patches and updates released in this July Patch Tuesday release cycle.
Sample Results for Microsoft Update MS11-055

Below this is a snap-shot of the AOK Summary Results report from a sample AOK database and the potential issues raised with each Microsoft Security Update.

Testing Summary

MS11-053 : Vulnerability in Bluetooth Stack Could Allow Remote Code Execution (2566220)
MS11-054 : Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2555917)
MS11-055 : Vulnerability in Microsoft Visio Could Allow Remote Code Execution (2560847)?
MS11-056 : Vulnerabilities in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2507938)?

Patch Name	Total Issues	Matches Affected	Reboot
Microsoft Security Bulletin MS11-053	<1%	<1%	YES
Microsoft Security Bulletin MS11-054	<1%	<1%	YES
Microsoft Security Bulletin MS11-055	<1%	<1%	YES
Microsoft Security Bulletin MS11-056	<1%	<1%	YES

Legend:

	No Issues Detected
	Potentially fixable application Impact
	Serious Compatibility Issue

Security Update Detailed Summary

MS11-053	Vulnerability in Bluetooth Stack Could Allow Remote Code Execution (2566220)
Description	This security update resolves a privately reported vulnerability in the Windows Bluetooth Stack. The vulnerability could allow remote code execution if an attacker sent a series of specially crafted Bluetooth packets to an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability only affects systems with Bluetooth capability.
Payload	Bthenum.sys, Bthport.sys, Bthusb.sys, Fsquirt.exe
Impact	Critical - Remote Code Execution

MS11-054	Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2555917)
Description	This security update resolves 15 privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow elevation of privilege if an attacker logged on locally and ran a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities.
Payload	Win32k.sys, W32ksign.dll
Impact	Important - Elevation of Privilege

MS11-055	Vulnerability in Microsoft Visio Could Allow Remote Code Execution (2560847)?
Description	This security update resolves a publicly disclosed vulnerability in Microsoft Visio. The vulnerability could allow remote code execution if a user opens a legitimate Visio file that is located in the same network directory as a specially crafted library file. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Payload	Omfc.dll, Omfcu.dll_0001
Impact	Important - Remote Code Execution

MS11-056	Vulnerabilities in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2507938)?
Description	This security update resolves five privately reported vulnerabilities in the Microsoft Windows Client/Server Run-time Subsystem (CSRSS). The vulnerabilities could allow elevation of privilege if an attacker logs on to a user's system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit the vulnerabilities.
Payload	Csrsrv.dll, Winsrv.dll
Impact	Important - Elevation of Privilege

ChangeBase Delivers Microsoft RDS Compatibility Offering

2011-07-04T12:14:00.000+01:00

Microsoft and ChangeBase have teamed up to deliver cutting-edge application compatibility assessment for the Microsoft Remote Data Services Product (RDS).

Now you can assess your application portfolio for compatibility on Windows 7, Server 2008 R2 and Remote Data Services as well check compatibility on virtualization (App-V) and browser platforms (IE8/9). This is great news as I think it's now a key requirement for our customers to be able to report and manage the entire application stack from the;

Hardware level (64-bit)
OS (Windows 7)
Server (Server 2008R2 and RDS)
Virtualization layer (App-V)
Browser level (IE8/9)

You can read about Microsoft's RDS offering with a quick description here;

Remote Desktop Services (RDS) in Windows Server 2008 R2 with SP1 provides the ideal platform for companies to implement a centralized desktop strategy, helping organizations improve flexibility and compliance while improving data security and IT’s ability to manage desktops and applications.

Manlio Vecchiet, Director of Product Management, Windows Server and Virtualization at Microsoft. has this to say about this new AOK/Microsoft offering;

"As customers increasingly look at deploying RDS to meet their needs for session virtualization and VDI, new tools to help facilitate adoption are a welcome addition to the market." "We believe that customers will benefit from tools such as the AOK Tool when addressing RDS application compatibility in the context of a desktop virtualization initiative."

One of my ChangeBase colleagues, Dawn Clifton was truly excited about this new AOK offering and had this to say, "It is always exciting working with the people at Microsoft and it was an absolute pleasure working with the Microsoft RDS team when developing our RDS plugins. Due to the hard work of everyone involved the project ran smoothly and was completed on time. We are extremely excited about the launch of our new RDS assessment program to help clients with their virtualisation and VDI decision making process."

You can read more about Microsoft's RDS offering in detail here: http://www.microsoft.com/windowsserver2008/en/us/rds-product-home.aspx

And you read the ChangeBase Press Release RDS offering here: http://changebase.com/NewsPage.aspx?page=News/news_release_2011_6_30.xml&style=~/Style/PressRelease.xsl

ChangeBase Wins Enterprise Application of the Year 2011

2011-07-01T08:14:00.000+01:00

Well, well, well... What a surprise! And, I can't say that I am not more than a little pleased with this one. ChangeBASE AOK was selected as the winner of the TechWorld's Enterprise application of the year.

You can read about the event and the other categories here;
http://news.techworld.com/networking/3288763/techworld-awards-winners-announced/

Also, Here is a quick quote from Martin Brown our Sales Director;

We faced fierce competition in the category. To be nominated and then to win one of the most prestigious awards of the night is a real success in itself. Although TechWorld presented the award to me - I would like to dedicate the win to the whole ChangeBASE team who have been amazing.

I was personally pretty chuffed as the focus for the award was our Browse-It web compatibility assessment offering which was just put into production earlier this year.

You can read the whole ChangeBase Press release here; http://changebase.com/NewsPage.aspx?page=News/news_release_2011_6_30a.xml&style=~/Style/PressRelease.xsl

And, as my old boss used to say, "Now that the celebrations are over - It's back to work!"

AOK Webinar: Virtualization Update

2011-06-29T10:44:00.001+01:00

Join us for an interactive online session discussing Virtualization and Application Conversion scenarios in the Enterprise!

Thursday June 30, 2011
10:00 AM - 11:00 AM EST
3:00 PM - 4:00 PM BST
Click here to register now

Application readiness is the foremost challenge to any organisation moving from one platform to another. Do you have the team and skillset necessary to meet the demands of an application or complete OS and application migration? Do you build out your team? Do you offshore? Do you outsource? All of these questions mean tough challenges and high cost for IT Management and Project Teams looking to get their application portfolio from a native MSI format to a Virtualised state.

Planning a migration to a virtual environment such as Microsoft App-V, VMware ThinApp, Citrix XenApp or Symantec SWV takes time, resource and budget. Ensuring your application compatibility is a fundamental part of its success. AOK from ChangeBASE is the market leading automated application compatibility and remediation tool used by organisations across the globe to speed up their migration to virtual platforms. Join our Webinar to find out how AOK can help you to effectively plan and deploy your migration project.
Topics to be covered include:

Using AOK Virtualise-It in conjunction with AOK Test-It and AOK Fix-It to discover which applications can be virtualised in seconds.
AOK VReady-It, ChangeBASE's latest product, which automates application virtualisation packaging.

We hope that you can join us!

Kind regards,
The ChangeBASE Team

Windows 7 Update: AOK Webinar

2011-06-28T10:41:00.000+01:00

Join us for a in-depth look at Windows 7 Compatibility Issues

Wednesday June 29,2011
10:00 AM - 11:00 AM EST
3:00 PM - 4:00 PM BST
Click here to register now

Planning a major OS migration such as Windows 7 takes time, resource and budget. Ensuring your application compatibility is a fundamental part of its success. AOK from ChangeBASE is the market leading automated application compatibility and remediation tool used by organisations across the globe to speed up their migration to Windows 7. Join our Webinar to find out how AOK can help you to effectively plan and deploy your migration project.

During this session you will learn how to easy it is to ensure application compatibility and accelerate your Windows 7 migration. We'll be covering the following topics:

The enhanced features and functionality of Windows 7.
How Windows 7 is already helping global organisations achieve competitive advantage.
How you can sample test your application portfolio for Windows 7 in minutes.
How you can automatically remediate 95%+ of application compatibility issues in minutes.
Avoiding unnecessary costs and reducing organisation risk.

Looking forward to your questions on this interactive session.

Internet Explorer: Still King of the Enterprise

2011-06-27T10:03:00.000+01:00

I wrote a little while ago about how Chrome was not as Enterprise "friendly" as Internet Explorer was due to the number and nature of the configuration options supported by latter versions of Internet Explorer (IE). You can read more about how IE allows for great control of the user experience and security settings here:
http://aokcompat.blogspot.com/2011/03/ie-vs-chrome-drawing-enterprise.html

Well, it appears that the other player in the market (I am being a little unfair here) has introduced their own "failure plan" for the Enterprise; Rapid updates from Mozilla. Firefox is now planning Firefox 7 in six weeks and the Firefox 8 six weeks after that... With a planned follow-up of a major update every six weeks after that. Whoa! You can read the Twitter update here: http://twitter.com/#!/asadotzler/status/83411876855291905

While consumers generally don't mind updating their applications every few weeks or months (Hey, it seems like every time I turn on my iPad, have at least 6 updates) the Enterprise release cycle is much slower. Think years instead of months.

Some organizations only allow a build update every 6-months with a major revision every 18 months. With Mozilla now planning a new update/release every 6 weeks, I just can't see how enterprise testing teams much less the deployment teams could catch-up.

Even some of the Mozilla team share this thinking as Mike Kaply comments;

As person involved in the corporate deployment of Firefox, I think it’s a really bad idea. Companies simply can’t turn around major browser updates in six weeks (and each one of these is a major update). With security releases, there was a reasonable expectation that web applications wouldn’t break as a result of changes. With these releases, there is no such expectation. So a full test cycle needs to be run with every release. By the time this cycle is completed and the browser is piloted and deployed, another version of Firefox would already be released so they’d already be behind. And in the mean time, all of their browsers will be insecure, because all security updates are rolled into the major versions.

You can read his whole post here: http://mike.kaply.com/2011/06/21/firefox-rapid-release-process/

Mike get's the Enterprise browser space - and, you can tell from some of the comments from other Mozilla developers on his posting, that he is more "alone" that I had hoped.

You can read more here:
http://mike.kaply.com/2011/06/23/understanding-the-corporate-impact/#comment-10494

Linkbait: June 2011

2011-06-20T20:45:00.000+01:00

More linkbait for those who need a little guidance on what to read on the web... Or more colourfully positioned;

More AOK in the News or about News about AOK... Or, News that if you are interested in AOK, then you will be interested in...

If that helps....

Windows News

Milestone 3 of Windows 8 has been leaked

Windows 8 has a new install program format, AppX. It looks like the followup to ClickOnce and one click deployment, neither of which have had an impact on the enterprise desktop.

Windows 8 will have a taskbar that spreads across multiple monitors, and will have support for limiting 3G data.

Windows 8 Server edition comes with a new version of Hyper-V

We can reveal that the version number of Windows 8 will be 6.2, which reveals that it is intended to be fairly compatible with Vista (6.0) and Windows 7 (6.1).

A revealing interview with Steven Sinofsky by a rather aggressive WSJ columnist Walt Mossberg

The full 30 minute recording of the Windows 8 tablet demo

Windows Thin PC (the one for VDI with built in virtualisation, my top-tip for one-to-watch) has reached RTM and will be released on July 1^st.

Aerial Photographs Windows Desktop Theme, and a special theme for teenage girls … Justin Beiber

Office News

Microsoft have revealed that “business customers are deploying Office 2010 five times faster than they deployed Office 2007.”

Cloud News

Apple have launched iCloud, their version of SkyDrive. You will be able to sync 5Gb of music and data to their servers, kept here, unless you’re running XP. Unfortunately it doesn’t come with a perfectly designed box. The music you store doesn’t even need to have been purchased from iTunes.

A little cartoon about The Cloud

Internet Explorer

The conference video “What developers think of Internet Explorer”, now in watchable quality.

Mobile News

Microsoft have published a guide to help Android developers move to Windows Phone

Windows Phone’s market share continues to plummet.

After last month’s rumour that Microsoft may buy Nokia, Samsung are rumoured to be considering the purchase too, while poaching their engineers.

HTC’s sales figures for May were $1.42 billion, doubling last year’s figure

Technology News

We are mentioned in The Register in an article about patch management (thanks ML)

Have fun!

Microsoft Patch Tuesday: June 2011

2011-06-16T13:46:00.000+01:00

With this June Microsoft Patch Tuesday update, we see a very large set of updates in comparison to those lists of updates released by Microsoft for the months of March, April and May. In total there are 16 Microsoft Security Updates with the following rating; 9 rated as Critical, and 7 rated as Important by Microsoft. Given the scope and nature of this month's update, the ChangeBase team expects to find a significant number of issues raised by the AOK Automated Patch Impact Assessment. In particular, Microsoft Security Update M11-045 will require careful testing prior to deployment due to the core operating system DLL's contained within this update.

Given the nature of the changes and updates included in each of these patches, most systems will require a reboot to successfully implement any and all of the patches and updates released in this June Patch Tuesday release cycle.
Sample Results: MS11-045 Vulnerability in OLE Automation Could Allow Remote Code Execution

Below this is a snap-shot of the AOK Summary Results report from a sample AOK database and the potential issues raised with each Microsoft Security Update.

Testing Summary

MS11-037 : Vulnerability in MHTML Could Allow Information Disclosure (2544893)
MS11-038 : Vulnerability in OLE Automation Could Allow Remote Code Execution (2476490)
MS11-039 : Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2514842)
MS11-040 : Vulnerability in Threat Management Gateway Firewall Client Could Allow Remote Code Execution (2520426)
MS11-041 : Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2525694)
MS11-042 : Vulnerabilities in Distributed File System Could Allow Remote Code Execution (2535512)
MS11-043 : Vulnerability in SMB Client Could Allow Remote Code Execution (2536276)
MS11-044 : Vulnerability in .NET Framework Could Allow Remote Code Execution (2538814)
MS11-045 : Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2537146)
MS11-046 : Vulnerability in Ancillary Function Driver Could Allow Elevation of Privilege (2503665)
MS11-047 : Vulnerability in Hyper-V Could Allow Denial of Service (2525835)
MS11-048 : Vulnerability in SMB Server Could Allow Denial of Service (2536275)
MS11-049 : Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure (2543893)
MS11-050 : Cumulative Security Update for Internet Explorer (2530548)
MS11-051 : Vulnerability in Active Directory Certificate Services Web Enrollment Could Allow Elevation of Privilege (2518295)
MS11-052 : Vulnerability in Vector Markup Language Could Allow Remote Code Execution (2544521)

Patch Name	Total Issues	Matches Affected	Reboot
Microsoft Security Bulletin MS11-037	<1%	<1%	YES
Microsoft Security Bulletin MS11-038	5%	5%	YES
Microsoft Security Bulletin MS11-039	<1%	<1%	YES
Microsoft Security Bulletin MS11-040	<1%	<1%	YES
Microsoft Security Bulletin MS11-041	<1%	<1%	YES
Microsoft Security Bulletin MS11-042	<1%	<1%	YES
Microsoft Security Bulletin MS11-043	<1%	<1%	YES
Microsoft Security Bulletin MS11-044	<1%	<1%	YES
Microsoft Security Bulletin MS11-045	<1%	<1%	YES
Microsoft Security Bulletin MS11-046	<1%	<1%	YES
Microsoft Security Bulletin MS11-047	<1%	<1%	YES
Microsoft Security Bulletin MS11-048	<1%	<1%	YES
Microsoft Security Bulletin MS11-049	<1%	<1%	YES
Microsoft Security Bulletin MS11-050	<1%	<1%	YES
Microsoft Security Bulletin MS11-051	<1%	<1%	YES
Microsoft Security Bulletin MS11-052	<1%	<1%	YES

Legend:

	No Issues Detected
	Potentially fixable application Impact
	Serious Compatibility Issue

Security Update Detailed Summary

MS11-037	Vulnerability in MHTML Could Allow Information Disclosure (2544893)
Description	This security update resolves a publicly disclosed vulnerability in the MHTML protocol handler in Microsoft Windows. The vulnerability could allow information disclosure if a user opens a specially crafted URL from an attacker's Web site. An attacker would have to convince the user to visit the Web site, typically by getting them to follow a link in an e-mail message or Instant Messenger message.
Payload	Inetcomm.dll
Impact	Important - Information Disclosure

MS11-038	Vulnerability in OLE Automation Could Allow Remote Code Execution (2476490)
Description	This security update resolves a privately reported vulnerability in Microsoft Windows Object Linking and Embedding (OLE) Automation. The vulnerability could allow remote code execution if a user visits a Web site containing a specially crafted Windows Metafile (WMF) image. In all cases, however, an attacker would have no way to force users to visit such a Web site. Instead, an attacker would have to convince users to visit a malicious Web site, typically by getting them to click a link in an e-mail message or Instant Messenger request.
Payload	Oleaut32.dll
Impact	Critical - Remote Code Execution

MS11-039	Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2514842)
Description	This security update resolves a privately reported vulnerability in Microsoft .NET Framework and Microsoft Silverlight. The vulnerability could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs) or Silverlight applications. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a Web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions.
Payload
Impact	Critical - Remote Code Execution

MS11-040	Vulnerability in Threat Management Gateway Firewall Client Could Allow Remote Code Execution (2520426)
Description	This security update resolves a privately reported vulnerability in the Microsoft Forefront Threat Management Gateway (TMG) 2010 Client, formerly named the Microsoft Forefront Threat Management Gateway Firewall Client. The vulnerability could allow remote code execution if an attacker leveraged a client computer to make specific requests on a system where the TMG firewall client is used.
Payload	Fwcmgmt.exe, Fwcwsp.dll, Fwcwsp64.dll
Impact	Critical - Remote Code Execution

MS11-041	Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2525694)
Description	This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user visits a network share (or visits a web site that points to a network share) containing a specially crafted OpenType font (OTF). In all cases, however, an attacker would have no way to force a user to visit such a web site or network share. Instead, an attacker would have to convince a user to visit the web site or network share, typically by getting them to click a link in an e-mail message or Instant Messenger message.
Payload	Win32k.sys
Impact	Critical - Remote Code Execution

MS11-042	Vulnerabilities in Distributed File System Could Allow Remote Code Execution (2535512)
Description	This security update resolves two privately reported vulnerabilities in the Microsoft Distributed File System (DFS). The more severe of these vulnerabilities could allow remote code execution when an attacker sends a specially crafted DFS response to a client-initiated DFS request. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.
Payload	Mup.sys
Impact	Critical - Remote Code Execution

MS11-043	Vulnerability in SMB Client Could Allow Remote Code Execution (2536276)
Description	This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sent a specially crafted SMB response to a client-initiated SMB request. To exploit the vulnerability, an attacker must convince the user to initiate an SMB connection to a specially crafted SMB server.
Payload	Mrxsmb.sys
Impact	Critical - Remote Code Execution

MS11-044	Vulnerability in .NET Framework Could Allow Remote Code Execution (2538814)
Description	This security update resolves a publicly disclosed vulnerability in Microsoft .NET Framework. The vulnerability could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs). Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a Web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions.
Payload
Impact	Critical - Remote Code Execution

MS11-045	Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2537146)
Description	This security update resolves eight privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Installing and configuring Office File Validation (OFV) to prevent the opening of suspicious files blocks the attack vectors for exploiting the vulnerabilities described in CVE-2011-1272, CVE-2011-1273, and CVE-2011-1279. Microsoft Excel 2010 is only affected by CVE-2011-1273 described in this bulletin. The automated Microsoft Fix it solution, "Disable Edit in Protected View for Excel 2010," available in Microsoft Knowledge Base Article 2501584, blocks the attack vectors for exploiting CVE-2011-1273.
Payload	Excel.exe
Impact	Important - Remote Code Execution

MS11-046	Vulnerability in Ancillary Function Driver Could Allow Elevation of Privilege (2503665)
Description	This security update resolves a publicly disclosed vulnerability in the Microsoft Windows Ancillary Function Driver (AFD). The vulnerability could allow elevation of privilege if an attacker logs on to a user's system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit the vulnerability.
Payload	Afd.sys
Impact	Important - Elevation of Privilege

MS11-047	Vulnerability in Hyper-V Could Allow Denial of Service (2525835)
Description	This security update resolves a privately reported vulnerability in Windows Server 2008 Hyper-V and Windows Server 2008 R2 Hyper-V. The vulnerability could allow denial of service if a specially crafted packet is sent to the VMBus by an authenticated user in one of the guest virtual machines hosted by the Hyper-V server. An attacker must have valid logon credentials and be able to send specially crafted content from a guest virtual machine to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.
Payload	Hvax64.exe, Hvboot.sys, Hvix64.exe, Virtualization.events.xml, Blank.vfd, Vid.dll, Vmbuspipe.dll, Vmbusvdev.dll, Vmguest.iso, Vmprox.dll, Vmwpctrl.dll, Windowsvirtualization.mof, Windowsvirtualizationuninstall.mof, Isoparser.sys, Passthruparser.sys, Storvsp.sys, Vhdparser.sys, S3cap.sys, Storflt.sys, Vmbus.sys, Vmbuscoinstaller.dll, Winhv.sys, Vmsntfy.dll, Vmswitch.sys
Impact	Important - Denial of Service

MS11-048	Vulnerability in SMB Server Could Allow Denial of Service (2536275)
Description	This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if an attacker created a specially crafted SMB packet and sent the packet to an affected system. Firewall best practices and standard default firewall configurations can help protect networks from attacks originating outside the enterprise perimeter that would attempt to exploit this vulnerability.
Payload	Srvnet.sys, Srv2.sys
Impact	Important - Denial of Service

MS11-049	Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure (2543893)
Description	This security update resolves a privately reported vulnerability in Microsoft XML Editor. The vulnerability could allow information disclosure if a user opened a specially crafted Web Service Discovery (.disco) file with one of the affected software listed in this bulletin. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce information that could be used to try to further compromise the affected system.
Payload	Fl_microsoft_xmleditor_dll_91889_ _ _ _ _x86.3643236f_fc70_11d3_a536_0090278a1bb8
Impact	Important - Information Disclosure

MS11-050	Cumulative Security Update for Internet Explorer (2530548)
Description	This security update resolves eleven privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Payload	Browseui.dll, Html.iec, Ieencode.dll, Iepeers.dll, Mshtml.dll, Mshtmled.dll, Mstime.dll, Shdocvw.dll, Tdc.ocx, Urlmon.dll, Wininet.dll
Impact	Critical - Remote Code Execution

MS11-051	Vulnerability in Active Directory Certificate Services Web Enrollment Could Allow Elevation of Privilege (2518295)
Description	This security update resolves a privately reported vulnerability in Active Directory Certificate Services Web Enrollment. The vulnerability is a cross-site scripting (XSS) vulnerability that could allow elevation of privilege, enabling an attacker to execute arbitrary commands on the site in the context of the target user. An attacker who successfully exploited this vulnerability would need to send a specially crafted link and convince a user to click the link. In all cases, however, an attacker would have no way to force a user to visit the Web site. Instead, an attacker would have to persuade a user to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes the user to the vulnerable Web site.
Payload	Certckpn.asp, Certrqbi.asp, Certrqma.asp, Certrqxt.asp, Certrsis.asp, Certrspn.asp, Checkcertweb.dll
Impact	Important - Elevation of Privilege

MS11-052	Vulnerability in Vector Markup Language Could Allow Remote Code Execution (2544521)
Description	This security update resolves a privately reported vulnerability in the Microsoft implementation of Vector Markup Language (VML). This security update is rated Critical for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on Windows clients; and Moderate for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on Windows servers. Internet Explorer 9 is not affected by the vulnerability.
Payload	Vgx.dll
Impact	Critical - Remote Code Execution

*All results are based on an AOK Application Compatibility Lab’s test portfolio of over 1,000 applications.

Microsoft Patch Tuesday - June Preview

2011-06-13T08:13:00.001+01:00

Well, it may be June here in the UK, but judging by the recent weather you would not have guessed it... Loads of rain and yesterday it was just plain cold. That said, April and early May was great - so, we shouldn't complain.

And with the heavy June showers, we have a similarly weighted Patch Tuesday from Microsoft. Sixteen updates will be released tomorrow (roughly 18:00 GMT) with the following profile;

Nine Critical Updates
Seven Important Updates

As usual, all of the patches rated as Critical relate to "Remote Code Execution" vulnerabilities. This is now a pretty common issue with products as this security vulnerability is generally related to late binding DLL loading issues. Given that a significant chunk of these issues can be resolved by "hard" specifying the correct directory location - I wonder if this issue will be resolved with the "Next Version of Windows"?

Another slightly amusing extract from this update is that one of the affected pieces of software a Critical Update is Microsoft's Microsoft Forefront Threat Management Gateway. In this case, whether you find this amusing or not, depends on whether you work for Microsoft or not.

Here is a list of some of the Microsoft Products that will be affected by the June Patch Tuesday update;

Microsoft Windows
Microsoft .NET Framework
Microsoft Silverlight
Microsoft Forefront Threat Management Gateway
Internet Explorer
Microsoft Office
Microsoft SQL Server
Microsoft Visual Studio

Note: Microsoft will only list the Microsoft products that may be affected. For other applications, you will have to wait until the results of our AOK Patch Assessment published tomorrow evening.

You can read more about this coming June Security Update here: http://www.microsoft.com/technet/security/Bulletin/MS11-jun.mspx

Citrix Synergy 2011 - Citrix TV Round-up

2011-06-10T22:22:00.000+01:00

Citrix Synergy held a few weeks ago in San Francisco was a great event. And, we were fortunate enough to be able to participate in some of the selected Citrix TV sessions that were held throughout the event.

It looks like all the remastering and conversion process has been completed, as two of our videos have been posted on the Citrix TV website.

You can find the Citrix TV link here: http://www.citrix.com/tv/

If you are interested in the Citrix interview, you can have a look here:

http://www.citrix.com/tv/#videos/4233

Probably the most interesting of all the sessions was the live demo of AOK.

In the demo, we ran through the simple, easy to use UI (only 3 buttons: Load-It, Run-It, Fix-It). We loaded a sample application, ran through the compatibility results for Windows 7 and then automatically resolved all of the reported issues.

http://www.citrix.com/tv/#videos/4130

After that, we ran through our automated App-V sequencing process where showed how you can bulk convert application packages in fully streamable App-V packages. Great fun!

AOK Lite: We have a winner!

2011-06-09T19:45:00.000+01:00

As you probably know by now, we have been providing a limited, time trialled version of our AOK Workbench product called AOK Lite for download for a little while now. Well, we had a little contest to see who could come up with the most constructive feedback on the download, installation and configuration process for AOK Lite.

The latest version of AOK Lite contains a number of additions and enhancements compared to the first release. The newly released AOKLite v2.0 not only contains Windows 7 checks but also a number of other report groups, such as AOK Virtualise-It which tests an applications' compatibility and potential to be virtualised with, for example, Microsoft Application Virtualization or Citrix XenApp™ and XenDeskto©.

And who is the lucky winner of the AOK Lite contest? Mithun Raj that's who!

Mithun Raj, who works as a consultant for Microland on the topic of Windows 7 migration, is heavily involved with the assessment and remediation of application compatibility and is extremely impressed with ChangeBASE's AOK software; "After using AOK Lite I don't feel like using any tool other than ChangeBASE AOK for application compatibility. It's so simple and easy to use and best of all, it can fix issues on its own."

Nice comments - but, he also added some really constructive notes on how we could improve our AOK Lite offering -

So, thank you Mithun for your help here.

I wonder what version 3 will bring? Hmmm...

Forrester Webinar - IE and Windows 7 Covered by AOK

2011-06-07T17:17:00.002+01:00

Over the last few years, I've been privileged to work alongside some of the most respected analysts in the world. One of them is Ben Gray of Forrester.

Ben has always been very supportive of ChangeBASE and forthcoming with his view on our product development and roadmap. For his guidance and interest I am grateful.

Recently Ben participated in a webinar alongside my colleague Sophie Tidman and a key US partner, Converter Technology. During the session, Ben discussed the issues and challenges organisations are facing as they move to Windows 7 and highlighted some of the primary issues they are feeding back to their Forrester reps. Sophie illustrated how AOK addresses these issues and Converter proved the importance of using an experienced partner to deliver the project.

We recorded the session and have posted it on tour website. If you're interested in what Forrester has to say on the subject of Windows 7 and IE8 migration, then check it out here (http://www.changebase.com/)