Monday 15 December 2014

Microsoft problem patch, breaks future patching of certificates

In addition to the normal Patch Tuesday series of security of updates from Microsoft, we also saw an additional security bulletin released that addressed a vulnerability in the Windows Root certificate Program in Windows

The initial security bulleting released in the form of a Microsoft Knowledge base article KB3004394 attempted to resolve a polling issue with the certificate update process, detailed by Microsoft here;
"The Windows Root Certificate Program enables trusted root certificates to be distributed automatically in Windows. Usually, a client computer polls root certificate updates one time a week. After you apply this update, the client computer can receive urgent root certificate updates within 24 hours." 
To get more information on this process, you can read about the polling process in the Microsoft KB article found here KB931125 

Unfortunately, this update to the certificate polling process has broken the polling update process. Microsoft has now revoked the KB article KB3004394 with the following information:
"this update is causing additional problem on computers that are running Windows 7 Service Pack 1 (SP1) and Windows Server 2008 R2 SP1. This includes the inability to install future updates. The KB 3004394 update does not cause any known problems on the other systems for which it is released. We recommend that you install the update on the other systems."

An update is now available to remove the Microsoft update KB3004394 from Windows 7 SP1-based and Windows Server 2008 R2 SP1-based computers which you can find here KB3024777

So, just to be clear. If you installed KB3004394, you need to install KB3024777. Or you will not receive updates to your certificates via the automated Microsoft update service.

Microsoft Desktop Optimization Pack 2014 R2 Released

Another post on the latest release of the Microsoft Desktop Optmization pack. This is R2 or the first update, or second release of the 2014 edition. You can download this pack from the Microsoft site here

This incremental update includes additions to the Application Virtualization (App-V) 5.0 with Service Pack 3, and an updated User Experience Virtualization (UE-V) 2.1 tool.

You can find out more about the enhancements and changes to App-V SP3 in this Microsoft TechNet article found here. Microsoft has detailed some of the enhancements in App-V Sp2 and SP3 including;
  • App-V now has a number of enhancements to application publishing/refresh and launch performance. These include new capabilities that leverage existing user profile management technology (like MDOP’s UE-V) during application publish and launch.
  • Support of parallel deployment and execution of application upgrades. Improvements to App-V, allowing you to simplify the test and execution of your upgraded virtualized applications while retaining user access to the original virtualized application running on the same device.
  • Improvements to existing capabilities including: enhancements to the package conversion engine and sequencer, improving package conversion rates; and, support for a VFS write mode sequencer setting 
This release also updates Microsoft's User Experience management technology UE-V 2.1 which includes;  

  • Support for Windows credentials roaming: Microsoft has added support for synchronization of Windows Credentials between devices. If enabled, this allows users to retain their Windows Credentials between their devices.
  • Backup and Restore of settings: UE now supports the assignment of UE-V to backup profiles
  • Support for external settings storage, including OneDrive for Business
  • Extensions to existing Office 2013 settings
You can read more about the latest version of Microsoft UE-V 2.1 here

Wednesday 10 December 2014

Patch Tuesday for December 2014

I have posted my latest update on my Computer World column: Patch Tuesday Debugged.

December is an interesting month with enough Microsoft updates, Adobe critical patches and Google upgrades to keep you going throughout the Christmas break.

You can find the full story here:

I will post another preview of Microsoft Patch Tuesday next month (January) so, please watch this space.

Friday 5 December 2014

Patch Tuesday Preview for December 2014

Microsoft has released its preview document for the December Patch Tuesday bulletin release, which can be found here

For the month of December we are looking out for at  least seven patches for the month. When I say at least, it's possible that we are going to see some additional updates as part of Microsoft's Out of Band patch release process. 

These non-Patch Tuesday updates are called out-of-band (OOB) patches and may be released anytime through the month. There are quite a few requirements before Microsoft will release an OOB update, some of which include;
  • Is this particular vulnerability serious enough to require the release of a patch out of the normal Patch Tuesday cycle?
  • How widespread and immediate is the attack? 
  • Is the next patch release cycle near enough to warrant waiting a few days or a week?
  • Will the rushed development and release of a quick patch likely disturb program functionality, perhaps producing more trouble than it resolves?
  • Is the threat stable, or is it evolving (or likely to evolve) day by day?

For this month, we are also expecting the final release of the delayed Microsoft Exchange update MS14-075. Over the past few months, we have seen a number of updates that have been either delayed (MS14-68) or have been recalled. This may be the start of a new pattern or process for Microsoft.

The seven updates for December include three critical updates, with the remaining four updates rated as important by Microsoft. We saw a number of Adobe updates last month, and so, unless we see a critical update to Adobe Flash, which would most likely be related to the coming Internet Explorer update, we are not likely to see either an Adobe or a Chrome update for December.

Monday 1 December 2014

Spoon or Dock?

We have been hearing about Docker and its rapid adoption by some large cloud service vendors. Docker is fast gaining adoption as an application virtualisation layer that focuses on the development environment rather system engineers like VMWare.

Speaking at the web bazaar's Reinvent conference in Las Vegas, Vogels was joined on stage by Ben Golub, CEO of Docker – which is supported by the new container service.

“Developers are largely stuck in the dark ages,” said Golub, arguing that programmers too often tie their applications too closely to infrastructure.

Docker CEO Brian Golub on stage at Amazon Reinvent

You can find out more about Docker on its Wiki page found here. Reading from main entry, it details that Docker is an application level virtualisation technology that relies on the Linux kernel. This Wiki entry explains that;
"Docker is an open-source project that automates the deployment of applications inside software containers, by providing an additional layer of abstraction and automation of operating system–level virtualization on Linux.[2] Docker uses resource isolation features of the Linux kernel such as cgroups and kernel namespaces to allow independent "containers" to run within a single Linux instance, avoiding the overhead of starting virtual machines."
That said, Docker is a Linux based system and it will be a while before Docker provides support for  Microsoft desktop or server platform.

If you need a cloud based "container" development platform for your Windows systems, you should have a look at Spoon. Spoon is a Seattle based company that has been around for years and was initially famous (infamous??) for virtualizing Microsoft's Internet Explorer.

In fact Spoon has provided a handy "Differences from Docker" that some of the significant differences between Spoon and Docker which include;

  • Platform
  • Layering
  • Streaming
  • Variable Isolation
  • Networking
  • Toolchain
  • Configuration
  • Support

Infoworld has provided some helpful differences between Spoon and Docker, which can be found here

It will be interesting to see how far Docker goes, and see if it can match the current levels of media hype.