Cloud Computing for All
| ARCast.TV – Cloud Computing is for Small Companies Too
Cloud Computing is often presented as an esoteric technology that is only interesting to large companies. In point of fact, small- and medium-sized companies will find the economics and technology opportunities very compelling. Shy Cohen and Michael Stiefel discuss why this is so, and why small- and medium-sized companies should look for opportunities in the cloud computing area.
Tags: ARCast, Architects, Architecture, Cloud Architecture, Cloud Computing, Cloud Patterns, Cloud Services, Windows Azure, Thought Leadership Raw Link: http://channel9.msdn.com/shows/ARCast.TV/ARCastTV-Cloud-Computing-is-for-Small-Companies-Too
Sharing on News Aggregators and Social Networks You can share the episode using the Sharing Tools on Channel 9. Share on FriendFeed, Del.icio.us, Digg, Twitter, Facebook, and DotNetShoutout.
|
WordPress on Windows Azure
Yesterday was a big day for Automattic and Microsoft folks. Matt Mullenweg demonstrated WordPress hosted on Azure during Ray Ozzie’s keynote. I was pleasantly surprised to see support for MySQL. Very cool imho. This will give WordPress users/hosters access to Azure. I think Matt stated 
that he saw “Pigs” out of his office windows 
. Additionally, icanhazcheezburger (lolcats, failblog etc.), the largest WordPress site, announced that their new property “Oddly Specific” is now hosted on Azure.
New from icanhazcheezburger – Oddly Specific hosted on Azure
Right from PDC here’s some news – icanhazcheezburger now hosts a new site called “Oddly Specific” hosted on Azure!
November Security Bulletins
Microsoft is releasing the following six new security bulletins for newly discovered vulnerabilities:
Bulletin ID: MS09-063
Bulletin Title: Vulnerability in Web Services on Devices API Could Allow Remote Code Execution (973565)
Max Severity: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Microsoft Windows Vista and Windows Server 2008
——————————–
Bulletin ID: MS09-064
Bulletin Title: Vulnerability in License Logging Server Could Allow Remote Code Execution (974783)
Max Severity: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Microsoft Windows 2000 Server
——————————–
Bulletin ID: MS09-065
Bulletin Title: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (969947)
Max Severity: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008
——————————–
Bulletin ID: MS09-066
Bulletin Title: Vulnerability in Active Directory Could Allow Denial of Service (973309)
Max Severity: Important
Vulnerability Impact: Denial of Service
Restart Requirement: Requires restart
Affected Software: Microsoft Windows 2000 Server, Windows XP, Windows Server 2003, and Windows Server 2008
——————————–
Bulletin ID: MS09-067
Bulletin Title: Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (972652)
Max Severity: Important
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Office Excel 2002, Excel 2003, Excel 2007, Office 2004 for Mac, Office 2008 for Mac, Open XML File Format converter for Mac, Excel Viewer, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats
——————————–
Bulletin ID: MS09-068
Bulletin Title: Vulnerability in Microsoft Office Word Could Allow Remote Code Execution (976307)
Max Severity: Important
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Office Word 2002, Word 2003, Office 2004 for Mac, Office 2008 for Mac, Open XML File Format converter for Mac, Office Word Viewer, and Office Word Viewer 2003
——————————–
Note: The list of affected software in the summary table is an abstract. To see the full list of affected components please visit the bulletin summary Web page at the link below and navigate to the “Affected Software” section.
Summaries for new bulletin(s) may be found at http://www.microsoft.com/technet/security/bulletin/MS09-nov.mspx.
=================================
Malicious Software Removal Tool
=================================
Microsoft is releasing an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Server Update Services (WSUS), Windows Update (WU), and the Download Center. NOTE: This tool will NOT be distributed using Software Update Services (SUS). Information on the Microsoft Windows Malicious Software Removal Tool is available at http://support.microsoft.com/?kbid=890830.
=================================
High Priority Non-Security Updates
=================================
High priority non-security updates Microsoft releases to be available on Microsoft Update (MU), Windows Update (WU), or Windows Server Update Services (WSUS) will be detailed in the KB article found at http://support.microsoft.com/?id=894199.
=================================
Security Bulletin Major Revisions
=================================
Microsoft has revised Security Bulletin MS09-045 – Vulnerability in JScript Scripting Engine Could Allow Remote Code Execution (971961) – on November 10, 2009.
Overview of changes: Microsoft rereleased this bulletin to add JScript 5.7 on Microsoft Windows 2000 Service Pack 4 as an affected product. Customers who have already installed this update do not need to take any action.
Full Details: http://www.microsoft.com/technet/security/bulletin/MS09-045.mspx
________________________________________
Microsoft has revised Security Bulletin MS09-051 – Vulnerabilities in Windows Media Runtime Could Allow Remote Code Execution (975682) – on November 10, 2009.
Overview of changes: Microsoft rereleased this bulletin to reoffer the update for Audio Compression Manager on Microsoft Windows 2000 Service Pack 4 to fix a detection issue. This is a detection change only; there were no changes to the binaries. Customers who have successfully updated their systems do not need to reinstall this update.
Full Details: http://www.microsoft.com/technet/security/bulletin/MS09-051.mspx
=================================
Public Bulletin Release Webcast
=================================
Microsoft will host a webcast to address customer questions on these bulletins:
Title: Information about Microsoft November Security Bulletins (Level 200)
Date: Wednesday, November 11, 2009, 11:00 A.M. Pacific Time (U.S. and Canada)
URL: http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=1032407490
=================================
New Bulletin Technical Details
=================================
In the following tables of affected and non-affected software, software editions that are not listed are past their support lifecycle. To determine the support lifecycle for your product and edition, visit the Microsoft Support Lifecycle Web site at http://support.microsoft.com/lifecycle/.
Bulletin Identifier: Microsoft Security Bulletin MS09-063
———————-
Bulletin Title: Vulnerability in Web Services on Devices API Could Allow Remote Code Execution (973565)
———————-
Executive Summary: This security update resolves a privately reported vulnerability in the Web Services on Devices Application Programming Interface (WSDAPI) on the Windows operating system. The vulnerability could allow remote code execution if an affected Windows system receives a specially crafted packet. The security update addresses the vulnerability by correcting the processing of headers in WSD messages.
———————-
Severity Ratings and Affected Software: This security update is rated Critical for all supported editions of Windows Vista and Windows Server 2008.
———————-
CVEs and Exploitability Index: CVE-2009-2512 – Web Services on Devices API Memory Corruption Vulnerability
EI = 2 (Inconsistent exploit code likely). Notes: The scenario allows for a possible, limited denial of service attack.
———————-
Attack Vectors: Maliciously crafted network packets
———————-
Mitigating Factors: The vulnerable service is only exposed to incoming connections from the local subnet.
———————-
Restart Requirement: You must restart your system after you apply this security update.
———————-
Removal Information: WUSA.exe does not support uninstall of updates. To uninstall an update installed by WUSA, click Control Panel, and then click Security. Under Windows Update, click View installed updates and select from the list of updates.
———————-
Bulletins Replaced by This Update: None
———————-
Full Details: http://www.microsoft.com/technet/security/bulletin/MS09-063.mspx
=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=
~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~
Bulletin Identifier: Microsoft Security Bulletin MS09-064
———————-
Bulletin Title: Vulnerability in License Logging Server Could Allow Remote Code Execution (974783)
———————-
Executive Summary: This security update resolves a privately reported vulnerability in Microsoft Windows 2000. The vulnerability could allow remote code execution if an attacker sent a specially crafted network message to a computer running the License Logging Server. An attacker who successfully exploited this vulnerability could take complete control of the system. The security update addresses the vulnerability by changing the way the License Logging service validates a specific field inside the RPC packet.
———————-
Severity Ratings and Affected Software: This security update is rated Critical for Microsoft Windows 2000.
———————-
CVEs and Exploitability Index: CVE-2009-2523 – License Logging Server Heap Overflow Vulnerability
EI = 2 (Inconsistent exploit code likely)
———————-
Attack Vectors: Sending a specially crafted RPC packet.
———————-
Mitigating Factors: Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter.
———————-
Restart Requirement: You must restart your system after you apply this security update.
———————-
Removal Information: Use Add or Remove Programs tool in Control Panel or the Spuninst.exe utility.
———————-
Bulletins Replaced by This Update: None
———————-
Full Details: http://www.microsoft.com/technet/security/bulletin/MS09-064.mspx
=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=
~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~
Bulletin Identifier: Microsoft Security Bulletin MS09-065
———————-
Bulletin Title: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (969947)
———————-
Executive Summary: This security update resolves several privately reported vulnerabilities in the Windows kernel. The most severe of the vulnerabilities could allow remote code execution if a user viewed content rendered in a specially crafted Embedded OpenType (EOT) font. In a Web-based attack scenario, an attacker would have to host a Web site that contains specially crafted embedded fonts that are used to attempt to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content could contain specially crafted content that could exploit this vulnerability. The security update addresses the vulnerabilities by correcting the method used for validating the argument passed to the system call, validating input passed from user mode through the kernel component of GDI, and correcting the manner in which Windows kernel-mode drivers parse font code.
———————-
Severity Ratings and Affected Software: This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, and Windows Server 2003, and Important for all supported editions of Windows Vista and Windows Server 2008.
———————-
CVEs and Exploitability Index:
• CVE-2009-1127 – Win32k NULL Pointer Dereferencing Vulnerability, EI = 2 (Inconsistent exploit code likely)
• CVE-2009-2513 – Win32k Insufficient Data Validation Vulnerability, EI = 1 (Consistent exploit code likely)
• CVE-2009-2514 – Win32k EOT Parsing Vulnerability, EI = 1 (Consistent exploit code likely)
———————-
Attack Vectors:
• CVE-2009-1127 and CVE-2009-2513: A logon attempt with a legitimate username.
• CVE-2009-2514: A maliciously crafted Office document, Web page, or e-mail attachment.
———————-
Mitigating Factors:
• CVE-2009-1127 and CVE-2009-2513: An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities.
• CVE-2009-2514: An attacker would have no way to force users to visit a specially crafted Web site. Cannot be exploited automatically through e-mail because a user must open an attachment that is sent in an e-mail message.
———————-
Restart Requirement: You must restart your system after you apply this security update.
———————-
Removal Information:
• Windows 2000, Windows XP, and Windows Server 2003: Use Add or Remove Programs tool in Control Panel or the Spuninst.exe utility.
• Windows Vista and Windows Server 2008: WUSA.exe does not support uninstall of updates. To uninstall an update installed by WUSA, click Control Panel, and then click Security. Under Windows Update, click View installed updates and select from the list of updates.
———————-
Bulletins Replaced by This Update: MS09-025
———————-
Full Details: http://www.microsoft.com/technet/security/bulletin/MS09-065.mspx
=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=
~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~
Bulletin Identifier: Microsoft Security Bulletin MS09-066
———————-
Bulletin Title: Vulnerability in Active Directory Could Allow Denial of Service (973309)
———————-
Executive Summary: This security update resolves a privately reported vulnerability in Active Directory directory service, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS). The vulnerability could allow denial of service if stack space was exhausted during execution of certain types of LDAP or LDAPS requests. The security update addresses the vulnerability by changing the way Active Directory, ADAM, and AD LDS process malformed LDAP or LDAPS requests.
———————-
Severity Ratings and Affected Software: This security update is rated Important for Active Directory, ADAM, and AD LDS on all supported editions of Microsoft Windows 2000 Server, Windows XP, Windows Server 2003, and Windows Server 2008.
———————-
CVEs and Exploitability Index: CVE-2009-1928 – LSASS Recursive Stack Overflow Vulnerability
EI = 3 (Functioning exploit code unlikely). Notes: The condition for denial of service exists.
———————-
Attack Vectors: Maliciously crafted network packets
———————-
Mitigating Factors:
• This vulnerability only affects domain controllers and systems configured to run ADAM or AD LDS.
Restart Requirement
You must restart your system after you apply this security update.
———————-
Removal Information:
• Windows 2000 Server, Windows XP, and Windows Server 2003: Use Add or Remove Programs tool in Control Panel or the Spuninst.exe utility.
• Windows Server 2008: WUSA.exe does not support uninstall of updates. To uninstall an update installed by WUSA, click Control Panel, and then click Security. Under Windows Update, click View installed updates and select from the list of updates.
———————-
Bulletins Replaced by This Update:
• Windows 2000 Server, Windows XP, and Windows Server 2003: MS09-018
• Windows Server 2008: MS08-035
———————-
Full Details: http://www.microsoft.com/technet/security/bulletin/MS09-066.mspx
=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=
~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~
Bulletin Identifier: Microsoft Security Bulletin MS09-067
———————-
Bulletin Title: Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (972652)
———————-
Executive Summary: This security update resolves several privately reported vulnerabilities in Microsoft Office Excel. The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. The update addresses the vulnerabilities by modifying the way that Excel opens and parses Excel files, and by modifying the way that Excel handles malformed records.
———————-
Severity Ratings and Affected Software: This security update is rated Important for all supported editions of Microsoft Office Excel 2002, Microsoft Office Excel 2003, Microsoft Office Excel 2007, Microsoft Office 2004 for Mac, and Microsoft Office 2008 for Mac; Open XML File Format Converter for Mac; and all supported versions of Microsoft Office Excel Viewer and Microsoft Office Compatibility Pack.
———————-
CVEs and Exploitability Index:
• CVE-2009-3127 – Excel Cache Memory Corruption Vulnerability, EI = 2
• CVE-2009-3128 – Excel SxView Memory Corruption Vulnerability, EI = 2
• CVE-2009-3129 – Excel Featheader Record Memory Corruption Vulnerability, EI = 1
• CVE-2009-3130 – Excel Document Parsing Heap Overflow Vulnerability, EI = 1
• CVE-2009-3131 – Excel Formula Parsing Memory Corruption Vulnerability, EI = 1
• CVE-2009-3132 – Excel Index Parsing Vulnerability, EI = 2
• CVE-2009-3133 – Excel Document Parsing Memory Corruption Vulnerability, EI = 2
• CVE-2009-3134 – Excel Field Sanitization Vulnerability, EI = 2
o EI = 1: Consistent exploit code likely
o EI = 2: Inconsistent exploit code likely
———————-
Attack Vectors:
• A maliciously crafted Excel spreadsheet
• A maliciously crafted e-mail attachment
• A maliciously crafted Web page
———————-
Mitigating Factors:
• An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• Cannot be exploited automatically through e-mail because a user must open an attachment that is sent in an e-mail message.
———————-
Restart Requirement: Varies depending on which update is installed. See the “Security Update Deployment” section of the bulletin at the link below for more details.
———————-
Removal Information: Varies depending on which update is installed. See the “Security Update Deployment” section of the bulletin at the link below for more details.
———————-
Bulletins Replaced by This Update: MS09-021
———————-
Full Details: http://www.microsoft.com/technet/security/bulletin/MS09-067.mspx
=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=
~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~
Bulletin Identifier: Microsoft Security Bulletin MS09-068
———————-
Bulletin Title: Vulnerability in Microsoft Office Word Could Allow Remote Code Execution (976307)
———————-
Executive Summary: This security update resolves a privately reported vulnerability that could allow remote code execution if a user opens a specially crafted Word file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. The security update addresses the vulnerability by modifying the way that Microsoft Office Word opens specially crafted Word files.
———————-
Severity Ratings and Affected Software: This security update is rated Important for all supported editions of Microsoft Office Word 2002 and Microsoft Office Word 2003, Microsoft Office 2004 for Mac, Microsoft Office 2008 for Mac, Open XML File Format Converter for Mac, and all supported versions of Microsoft Office Word Viewer.
———————-
CVEs and Exploitability Index:
CVE-2009-3135 – Microsoft Office Word File Information Memory Corruption Vulnerability
EI = 1 (Consistent exploit code likely)
———————-
Attack Vectors:
• A maliciously crafted Word document
• A maliciously crafted e-mail attachment
• A maliciously crafted Web page
———————-
Mitigating Factors:
• Users would have to be persuaded to visit a malicious Web site.
• Exploitation only gains the same user rights as the logged on account. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• Cannot be exploited automatically through e-mail because a user must open an attachment that is sent in an e-mail message.
———————-
Restart Requirement: Varies depending on which update is installed. See the “Security Update Deployment” section of the bulletin at the link below for more details.
———————-
Removal Information: Varies depending on which update is installed. See the “Security Update Deployment” section of the bulletin at the link below for more details.
———————-
Bulletins Replaced by This Update: MS09-027
———————-
Full Details: http://www.microsoft.com/technet/security/bulletin/MS09-068.mspx
SharePoint and Office Developer Training Now Available on Channel 9
Today, Channel 9 launched two new training courses for SharePoint 2010 and Office 2010 created by developers for developers. Channel 9 has always been about giving direct access to the engineers and future technologies from Microsoft, and now we’re extending this successful formula to bring you training that will allow developers to get started on learning about emerging technologies at their own pace. Today you’ll find extensive instructor recordings from top MVPs on how to develop against both SharePoint and office 2010. We’ll also be publishing more content at the beginning of December that will include hands-on labs, source code, and much more! All of this free for you to consume or download at your own pace.
SharePoint 2010 Developer Training
See how SharePoint 2010 has evolved into a first-class developer platform. Also, learn how SharePoint 2010 provides the business collaboration platform for developers to rapidly build solutions using familiar tools such as Visual Studio 2010 and SharePoint Designer 2010 through this self-paced course.
Office 2010 Developer Training
Discover how Office 2010 Beta is a broadly extensible platform for building information worker productivity solutions and see how developing for Office with Visual Studio 2010 makes this easy. See online presentations with demos that will help you get started developing solutions from Add-ins to full featured Office Business Applications (OBAs) using Visual Studio 2010 with Office 2010 and SharePoint 2010 as the core platform.
We hope you enjoy this initial set of training videos and will check back with Channel 9 in the near future as we build the learning center out to support SharePoint and Office 2010 development.
Microsoft SQL Server Driver for PHP Team Blog : SQL Server Driver for PHP 1.1 is now available
In case you missed it, the SQL Server Driver for PHP 1.1 is now available for download with support for SQL Azure as well. The download is available via the MSDN download site. The source code for the driver is posted on the CodePlex site.
Microsoft SQL Server Driver for PHP Team Blog : SQL Server Driver for PHP 1.1 is now available
Download Here: http://bit.ly/f9tSV
Happy Halloween! Carve Your Pumpkin in the Cloud
Check out this cool pumpkin carving app. This was created by Archetype a Microsoft Partner. http://bit.ly/1glQa2
Eclipse Tools for Microsoft Silverlight
The Eclipse tools for Silverlight project, aka eclipse4SL, is an eclipse plug-in that enables Eclipse developers to use the Eclipse IDE to create applications that run on the Microsoft Silverlight runtime platform. It also enables collaboration on Silverlight projects between Eclipse (Java) developers, .NET developers, and web designers on both the Windows and MAC operating systems.
Windows Azure Tools for Eclipse
This was noted at ZendCon last week. Here’s the official link for download.
PHP on Windows Contest
In partnership with Marco Tabini and Associates (MTA) (php|architect; CodeWorks; php|tek), we are excited to announce the launch of The Great PHP on Windows contest. Do you have what it takes to win? Of course you do 
.
You are encouraged to leverage existing open-source libraries and applications, including blogs engines, forums, photo galleries and other platform/components as part of your submission.
For complete details visit http://phparch.com/win
The Quick Summary:
- Write a new application designed to run in PHP on Windows using IIS—or make a significant contribution to an existing open-source project along the same lines
- The best application, selected jointly by a panel of experts and by our readers, will win a grand prize
which includes a 52″ Digital HD home entertainment system, as well as an all-expenses paid trip to php|tek 2010 in Chicago. Runner-up prizes include 2 XBox 360 Ultimate and subscriptions to php|architect. - Not familiar with Windows? No worries—we have partnered with Applied Innovations to give you absolutely free hosting on a pre-configured virtual machine for the duration of the contest.
- Registration and submissions for the contest will be accepted October 19th, 2009 through February 28th, 2010 and with judging and public voting will occur March 1st – 31st.
- For the duration of the contest, Applied Innovations will provide free web hosting to all participants (shared) and a free VM to the first 60 participants who register.
- Contest is open to all U.S. residents excluding MTA, Applied Innovations, and Microsoft employees and affiliated individuals. (MTA is the official sponsor with AppliedI and Microsoft as promotion entities.)
The contest is open to residents of the United States only—but you can still win by voting, no matter where you are.
Good Luck!
