Tuesday 27 April 2010

Application Compatibility for the Masses: AOK4SMB

Yesterday was a great day for ChangeBASE.

We launched an exclusive initiative with Microsoft to service the application compatibility requirements of organisations with up to 250 PCs.
AOK4SMB is a free online application compatibility tool for the SMB market. Organisations can upload a single MSI file, test and report for compatibility and where applicable AOK4SMB will offer a fix (if available) or highlight where the issues are in the application.

For SMB’s, being able to embrace the latest technology developments can be key to the ongoing growth of their business but they don’t always have the internal resource or skills to enable them to do so. Application compatibility can be a complex and specialised area and an OS migration can be a daunting task.

Sandrine Skinner, director of SMB product management for the Windows and windows Live Division at Microsoft explained;

“We recognise small and midsize business customers have a unique and diverse set of needs and they don’t have time to think about technology for technology’s sake. Customers tell us they need an easy way to make sure their applications will work with Windows 7 Professional. We continue to act on this feedback, and we’re excited to be working with ChangeBASE to make it even easier for customers to run their applications, so they can focus on what matters most — their business. This is one more tool available so they can easily migrate to Windows 7 Professional with no disruption to their business.”

For ChangeBASE this is an opportunity for us to take the benefits of our AOK solution to a new market.

And, just a little cheekily, I had to capture a screen-grab of the of the AOK Information on the Microsoft Press page so my Mum could see.





So, yes, you could say that yesterday was a great day.

Thursday 22 April 2010

Windows 7: Six months on and the winner is 64-bit computing

Today marks the six month anniversary of the launch of Windows 7, one of the most anticipated operating system releases to date. With the promise of easier, faster and more secure computing for all, the question is “has the new operating system lived up to the high expectations?”

In our experience the answer is undoubtedly yes – Windows 7 has brought a multitude of benefits and rejuvenation to the enterprise. For the majority of organisations Windows 7 is their first major OS migration in five years - having been working with old desktops and/or servers, deciding to skip Vista entirely and stay with XP or earlier operating systems. Windows 7 has had a completely unprecedented start in its first six months and from the work we’ve been doing has been well received by IT professionals and users alike.

We are seeing two big drivers behind the uptake-levels of Windows 7; The first is the ease and speed with which even large-scale migrations can be rolled-out. The second is ability to future proof the management of the application estate once the migration has been completed. Both of these factors have certainly been key in leading to the higher than expected adoption figures in the first six months.

We have also seen that Windows 7 is driving the wide-scale take-up of 64-bit computing. Many of our customers are worried that  they will have application compatibility problems with an upgrade to a 64-bit environment. However after analysing their application estate they realise these issues can be automatically addressed which means they can opt for the more powerful 64-bit option. This is a win / win situation for both the enterprise and Microsoft.

A second trend we’re seeing is significant compatibility challenges still exist with applications three years beyond their initial release date. However, they can be easily fixed and migrated to Windows 7. This issue can often slow down any wide-scale IT upgrades for organisations of all sizes, but the good news is that application compatibility is no longer the show stopper it used to be. With the right planning and tools in place issues can be quickly addressed and problems automatically resolved. Through adopting sensible migration processes we are seeing enterprises save a huge amount of man-hours and in some cases millions of pounds or more in costs.

Looking back on the research ChangeBASE conducted with senior IT decision-makers ahead of the Windows 7 launch in October 2009, the results showed that more than 65 per cent of organisations hoped to migrate to Windows 7 within 12 months. However, based on our experience since then that number has risen and is more like 80%, with over 50% choosing the 64-bit route.

This was a bit of a surprise for us - but, given the nature of the PC hardware and software ecosystem today, 64-bit OS migrations should be soon become the norm.

Monday 19 April 2010

Microsoft Patch Tuesday - April 2010


With this April Microsoft Patch Tuesday Security Update, we see a particularly heavy series of Microsoft Security updates with 11 Security Patches. This month we see five updates rated as Critical, five as Important and one patch rated as Moderate.
Our sample of over 2,000 applications are analysed for application level conflicts with Microsoft Security Updates and potential dependencies, or down-level conflicts.
Based on the results of our AOK Application Compatibility Lab only one patch appears to have the potential for a moderate impact on a standard corporate or enterprise application portfolio; MS10-028: Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution. The other two patches; MS010-022 and MS010-023 should be prioritized as well as they produced a marginal impact on our test application database. We have included a brief snap-shot of some of the results from our AOK Software that demonstrates some of the potential impacts on the application package with the following snap-shot image.

MS10-028: Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution.



Testing Summary
  • MS10-019 : "Vulnerabilities in Windows Could Allow Remote Code Execution (981210)"
  • MS10-020 : "Vulnerabilities in SMB Client Could Allow Remote Code Execution (980232)"
  • MS10-021 : "Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (979683)"
  • MS10-022 : "Vulnerability in VBScript Could Allow Remote Code Execution (981169)"
  • MS10-023 : "Vulnerability in Microsoft Office Publisher Could Allow Remote Code Execution (981160)"
  • MS10-024 : "Vulnerabilities in Microsoft Exchange and Windows SMTP Service Could Allow Denial of Service (981832)"
  • MS10-025 : "Vulnerability in Microsoft Windows Media Services Could Allow Remote Code Execution (980858)"
  • MS10-026 : "Vulnerability in Microsoft MPEG Layer-3 Codecs Could Allow Remote Code Execution (977816)"
  • MS10-027 : "Vulnerability in Windows Media Player Could Allow Remote Code Execution (979402)"
  • MS10-028 : "Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (980094)"
  • MS10-029 : "Vulnerabilities in Windows ISATAP Component Could Allow Spoofing (978338)"


Patch NameTotal
Issues
Matches
Affected
RebootRatingRAG
Microsoft Security Bulletin MS10-019<1%<1%YESMarginal impact and negligible testing profileGreen
Microsoft Security Bulletin MS10-020<1%<1%YESMarginal impact and negligible testing profileGreen
Microsoft Security Bulletin MS10-021<1%<1%YESMarginal impact and negligible testing profileGreen
Microsoft Security Bulletin MS10-0222%2%YESMarginal impact and negligible testing profileYellow
Microsoft Security Bulletin MS10-0231%1%YESMarginal impact and negligible testing profileYellow
Microsoft Security Bulletin MS10-024<1%<1%YESMarginal impact and negligible testing profileGreen
Microsoft Security Bulletin MS10-025<1%<1%YESMarginal impact and negligible testing profileGreen
Microsoft Security Bulletin MS10-026<1%<1%YESMarginal impact and negligible testing profileGreen
Microsoft Security Bulletin MS10-027<1%<1%YESMarginal impact and negligible testing profileGreen
Microsoft Security Bulletin MS10-0284%6%YESMarginal impact and negligible testing profileYellow
Microsoft Security Bulletin MS10-029<1%<1%YESMarginal impact and negligible testing profileGreen

Legend:
No IssueNo Issues Detected
FixablePotentially fixable application Impact
SeriousSerious Compatibility Issue

Security Update Detailed Summary
MS10-019Vulnerability in Windows Movie Maker Could Allow Remote Code Execution
DescriptionThis security update resolves two privately reported vulnerabilities in Windows Authenticode Verification that could allow remote code execution. An attacker who successfully exploited either vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
PayloadWintrust.dll, cabview.dll
ImpactCritical – Remote Code Execution

MS10-020Vulnerabilities in Windows Could Allow Remote Code Execution
DescriptionThis security update resolves one publicly disclosed and several privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if an attacker sent a specially crafted SMB response to a client-initiated SMB request. To exploit these vulnerabilities, an attacker must convince the user to initiate an SMB connection to a specially crafted SMB server.
PayloadMrxsmb.sys, Rdbss.sys, Sp3res.dll
ImpactCritical – Remote Code Execution

MS10-021Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege
DescriptionThis security update resolves several privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow elevation of privilege if an attacker logged on locally and ran a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities. The vulnerabilities could not be exploited remotely or by anonymous users.
PayloadMup.sys, Ntkrnlmp.exe, Ntkrnlpa.exe, Ntkrpamp.exe, Ntoskrnl.exe, Mpsyschk.dll
ImpactImportant – Elevation of Privilege

MS10-022Vulnerability in VBScript Could Allow Remote Code Execution
DescriptionThis security update resolves a publicly disclosed vulnerability in VBScript on Microsoft Windows that could allow remote code execution. This security update is rated Important for Microsoft Windows 2000, Windows XP, and Windows Server 2003. On Windows Server 2008, Windows Vista, Windows 7, and Windows Server 2008 R2, the vulnerable code is not exploitable; however, as the code is present, this update is provided as a defence-in-depth measure and has no severity rating. The vulnerability could allow remote code execution if a malicious Web site displayed a specially crafted dialog box on a Web page and a user pressed the F1 key, causing the Windows Help System to be started with a Windows Help File provided by the attacker. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system.
PayloadVbscript.dll
ImpactImportant – Remote Code Execution

MS10-023Vulnerability in Microsoft Office Publisher Could Allow Remote Code Execution
DescriptionThis security update resolves a privately reported vulnerability in Microsoft Office Publisher that could allow remote code execution if a user opens a specially crafted Publisher file. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
PayloadMorph9.dll,Mspub.exe, Prtf9.dll, Ptxt9.dll, Pubconv.dll, Pubtrap.dll
ImpactImportant – Remote Code Execution

MS10-024Vulnerabilities in Microsoft Exchange and Windows SMTP Service Could Allow Denial of Service
DescriptionThis security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in Microsoft Exchange and Windows SMTP Service. The more severe of these vulnerabilities could allow denial of service if an attacker sent a specially crafted DNS response to a computer running the SMTP service. By default, the SMTP component is not installed on Windows Server 2003, Windows Server 2003 x64 Edition, or Windows XP Professional x64 Edition.
PayloadSmtpsvc.dll
ImpactImportant – Denial of Service

MS10-025Vulnerability in Microsoft Windows Media Services Could Allow Remote Code Execution
DescriptionThis security update resolves a privately reported vulnerability in Windows Media Services running on Microsoft Windows 2000 Server. The vulnerability could allow remote code execution if an attacker sent a specially crafted transport information packet to a Microsoft Windows 2000 Server system running Windows Media Services. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate from outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed. On Microsoft Windows 2000 Server, Windows Media Services is an optional component and is not installed by default.
PayloadNsum.exe
ImpactCritical – Remote Code Execution

MS10-026Vulnerability in Microsoft MPEG Layer-3 Codecs Could Allow Remote Code Execution
DescriptionThis security update resolves a privately reported vulnerability in Microsoft MPEG Layer-3 audio codecs. The vulnerability could allow remote code execution if a user opened a specially crafted AVI file containing an MPEG Layer-3 audio stream. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
PayloadL3codecx.ax, L3codeca.acm
ImpactCritical – Remote Code Execution

MS10-027Vulnerability in Windows Media Player Could Allow Remote Code Execution
DescriptionThis security update resolves a privately reported vulnerability in Windows Media Player. The vulnerability could allow remote code execution if Windows Media Player opened specially crafted media content hosted on a malicious Web site. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
PayloadWmp.dll
ImpactCritical – Remote Code Execution

MS10-028Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution
DescriptionThis security update resolves two privately reported vulnerabilities in Microsoft Office Visio. The vulnerabilities could allow remote code execution if a user opens a specially crafted Visio file. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
PayloadAec.dll, Bstorm.dll, Dbengr.dll, Drilldwn.dll, Dwgcnv.dll, Dwgdp.dll, Facility.dll, Gantt.dll, Hvac.dll, Orgchart.dll, Orgchwiz.dll, Pe.dll, Sg.dll, Timesoln.dll, Uml.dll, Visbrgr.dll, Viscolor.dll, Visdlgu.dll, Visfilt.dll, Visgrf.dll, Visio.exe, Vislib.dll, Visshe.dll, Vissupp.dll, Visutils.dll, Visweb.dll, Xfunc.dll
ImpactImportant – Remote Code Execution

MS10-029Vulnerabilities in Windows ISATAP Component Could Allow Spoofing
DescriptionThis security update resolves one privately reported vulnerability in Microsoft Windows. This security update is rated Moderate for Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. Windows 7 and Windows Server 2008 R2 are not vulnerable because these operating systems include the feature deployed by this security update. This vulnerability could allow an attacker to spoof an IPv4 address so that it may bypass filtering devices that rely on the source IPv4 address. The security update addresses the vulnerability by changing the manner in which the Windows TCP/IP stack checks the source IPv6 address in a tunneled ISATAP packet.
Payload6to4svc.dll, Tcpip6.sys, 6to4svc.dll, Tcpip6.sys, 6to4svc.dll, Tcpip6.sys, 6to4svc.dll, Tcpip6.sys
ImpactModerate – Spoofing


*All results are based on an AOK Application Compatibility Lab’s test portfolio of over 1,000 applications.