Microsoft Security Update April 2009

Microsoft news and product information from and product team blogs

Update on Conficker.D We’ve received a lot of questions from customers about April 1, 2009 and the latest Conficker variant discovered earlier this month, Worm:Win32/Conficker.D (also known as Conficker.C or Downadup.C by some other companies). I wanted to let you know that we’ve put some new information up about Conficker.D today from our work with our partners in the Conficker Working Group. See also this post on the Microsoft Malware Protection Center: Information about Worm:Win32/Conficker.D
MS09-008: DNS and WINS Server Security Update in More Detail After releasing security update MS09-008, we received a number of questions on the WPAD issue (CVE-2009-0093) addressed in the update. There are claims that this update is ineffective. Let me be clear that this update will protect you and it should be deployed as soon as possible.

How Microsoft does IT
Improving Sustainability and Utilization of SQL Server at Microsoft With more than 4,700 Microsoft SQL Server instances in operation, Microsoft Information Technology (MS IT) sought to reduce operational and capital expenses through server consolidation and multi-tenancy. The SQL Utility service facilitates this effort. The SQL Utility service and related server consolidation efforts contribute to environmental sustainability, more efficient utilization, and improved quality of service.
Securing Business Workflows and Networks for Partners In designing the corporate extranet, Microsoft took advantage of its own technologies to provide a level of information and access that facilitates vital partner relationships and collaboration without jeopardizing security.
Best Practices for Deploying Virtual Machines using Hyper-V Virtualization Technology Microsoft IT virtually deploys more than 80% of new IT servers using Windows Server 2008 Hyper-V. To ensure optimal performance, Microsoft IT has developed configuration best practices, based on the application workloads or services being provided by the virtual machines.

Windows Desktop and Server – 7/2008 / Vista / 2003 / XP
DS Restore Mode Password Maintenance There comes a day in nearly every administrator’s life where they will need to boot a domain controller into DS Restore Mode. Whether it’s to perform an authoritative restore or fix database issues, you will need the local administrator password. Too often, we work with customers that have not been maintaining this password and do not have a way to get in to their DC’s.
Clustering Webcasts for Windows Server 2008 R2 and Cluster Beginners We have some upcoming webcasts covering both introductory material and R2 features. If you’re new to clustering and want to learn more, our beginners webcasts will give you a solid foundation. If you want to know more about Failover Clustering in Windows Server 2008 R2 (code name ―indows Server 7‖, check out our Feature Roadmap and Cluster Shared Volumes (CSV) presentations. Our multi-site clustering webcast will discuss disaster recovery options through a configuration often called ―tretched clustering‖or ―eographically distributed clustering.
Stopping the Windows Authenticating Firewall Service and the boot time policy Lately, I have been seeing a number of issues/concerns from people where they manually stop the Firewall service and lose connectivity to the machine. They always seem surprised when I explain that it is by design.
Improving TS Gateway availability using NLB TS Gateway is a Windows Server 2008 role which provides secure access to corporate desktops and applications for Internet users. Mobile workforces rely heavily on TS Gateway for remote access needs. To ensure 100% availability there are three methods we recommend which can help achieve this goal for TS Gateway
Migrating a Windows Server 2003 TS License Server This article is designed to help those who want to migrate their Windows Server 2003 TS License Server from one machine to another. We recommend that you read through the instructions once before beginning the migration.
Understanding DFSR Debug Logging (Part 1: Logging Levels, Log Format, GUID’s) Today begins a 21-part series on using the DFSR debug logs to further your understanding of Distributed File System Replication. While there are specific troubleshooting scenarios that will be covered, the most important part of understanding any products logging is making sure you are comfortable with it before you have errors. That way you have some point of reference if things go wrong.
How do I find out what changes are going on in my Active Directory? In order to find the cause for the problems, you should find what has changed in the AD database recently.

Reminder: End of Life for Service Pack 1 in Windows Server 2003 Coming Soon Support for computers running Windows Server 2003 Service Pack 1 ends on April 14th, 2009. After that point there will be no hotfixes, security updates, or support for computers that do not have SP2 installed. If you don’t have SP2 on your deployment radar, you are rapidly running out of time.
How to Properly Disable Offline Files in Windows Vista Today’s posting covers how to correctly disable Offline Files in Windows Vista. I recently had a case where the customer was experiencing undesirable behavior with a file share only when the file server was accessed from their Windows Vista machines.
Windows 7: Netbooks and Windows 7 My name is Craig Marcho and I am a Support Engineer with the Performance team in Texas. Today’s post is going to be something a little different. We’re going to take a look at my recent experiences with Windows 7 and a netbook laptop.
Beta to RC Changes – Turning Windows Features On or Off ―urning Windows Features On or Off‖has a long history in Windows, going back to the earliest days of the 32-bit code base. We’ve received a lot of suggestions about features that you would like to turn on or off using your own criteria for choice. For Windows 7 we’ve engineered a more significant list of features and worked to balance that list in light of the needs of the broad Windows platform as well.
Windows 7 Virtual Roundtable Q&A: Part One In our recent Springboard Series Virtual Roundtable—Windows 7: To the Beta and Beyond—with Mark Russinovich, we fielded numerous questions on the Windows 7 Beta release that the panel was unable to address, given time limitations. As promised, we have collected these questions and will be providing these answers in this and subsequent blog postings.
Designing Aero Snap In this post we’d like to have a closer look at the Aero Snap feature that many of you have already been able to experience in our PDC builds, and of course the Beta. We’ll briefly describe the feature itself, but mostly we’d like to invite you to take a behind-the-scenes peek at our design process so far, and share our iterations, challenges and considerations.
Touching Windows 7 Windows Touch is designed to enhance how you interact with a PC. For those of us that have been living and breathing touch for the last two years we’re excited to be able to deliver the capability to people using Windows 7. In this blog we’re going to talk about what we’ve done to make Windows touchable.
IE: Internet Explorer 8 Final Available Now IE8 makes what real people do on the web every day faster, easier, and safer. Anyone running Windows Vista, Windows XP, and Windows Server can get 32- and 64-bit versions now from (Windows 7 users will receive an updated IE8 as part of the next Windows 7 milestone.)
Group Policy Settings Reference for Windows Internet Explorer 8 RTM is available for download The final version of the spreadsheet, containing a detailed break out of group policy settings, is now available for download, here. Microsoft also released some RC1-related ADM templates before the release of IE8. This was to assist with a known problem. PLEASE DO NOT USE THE BETA ADM TEMPLATES! You can get the RTM templates by simply installing release version of IE8!
Site Compatibility and IE8 Reports of broken sites are an important part of the feedback the IE team receives from the community. When we receive a report of a broken site, we take it and identify the core issue causing the problem. A number of these issues end up being side effects of changes we deliberately made in IE8, but even these are useful. They help us identify which IE8 changes have the broadest compatibility impact. In this post I’ll share some of these issues with you so you can quickly identify problems affecting your site when migrating from IE7 to IE8.
RTM Platform Changes When we announced the IE8 Release Candidate, the call to action for site owners, software developers, designers, and administrators was to test with the Release Candidate build and make any changes necessary to create the best possible customer experience with IE8. I’d like to communicate the critical platform changes we’ve made in these areas.
Accelerator Spotlight Accelerators are a robust and customizable way of bringing you closer to the services you use most. We’ve said a lot about the technology behind Accelerators and how to build on it, but I thought it might be nice to step back for a minute and look at some of the things people have already built. So for the rest of this post, I’ll be throwing a few interesting Accelerators into the spotlight.
Released build of Internet Explorer 8 blocks Dowd/Sotirov ASLR+DEP .NET bypass IE8 created a new URLAction that regulates loading of the .NET MIME filter. By default, the URLAction prevents it from loading in the Internet and Restricted Sites Zones. The .NET MIME filter is allowed to load by default in the Intranet Zone.
Virtualization Technologies Beware of Integrated eSATA ports For you demo warriors out there who try to get the maximum performance for your Hyper-V based demos, eSATA has been your path to maximum performance. If you only use a single drive attached to an eSATA port, you can quit reading, but if you are like me and want the best performance possible, you have probably invested in a 2.5‖or 3.5‖external portable cabinet that can take two or more drives.
A Fist Full of Virtual Hard Disks There have been a bunch of new evaluation virtual hard disks coming out in the last week or two.
App-V: How App-V Uses Your System Drive! Today, our topic will be files and folders. As you probably already noticed, there is another drive (often named as Q), which is not accessible from user environment, in client machines Today we will cover the files and folders which are available by end users.
Creating “Video Recipes” for Sequencing Documentation – Part 1: Introduction This series of articles is going to show you how to use screen recording software to create a “video recipe” to document the steps followed for sequencing an application.

Hyper-V: Hyper-V Terminology: Update
Mouse Integration for SuSE on Hyper-V now available Those of you out there using Linux on Hyper-V will be happy to hear that you can now get mouse drivers for Linux virtual machines that provide integrated mouse support. You can go here: to download the drivers and get going.
Hyper-V Snapshot FAQ There have been a lot of questions about how Hyper-V virtual machine snapshots work, and what considerations you need to take when using them.
Updated: Hyper-V Planning and Deployment Guide The Hyper-V Planning and Deployment guide is available online (here) and is constantly being updated with more and more information.
Antivirus and Hyper-V (or: Why can’t I start my virtual machine?) A little while ago our support team put together this KB article in response to a problem that a lot of people have been reporting. Basically, what is happening is that users are having problems starting virtual machines after they install antivirus software in the management operating system.
Virtualization Review’s hypervisor test The other day, Virtualization Review published a comparative performance test of three hypervisors: VMware ESX 3.5, Windows Server 2008 Hyper-V and Citrix XenServer. You can see it here.
HP whitepapers on NIC Teaming for Hyper-V HP has published 2 white papers describing their NIC teaming support for Hyper-V.

SQL Server

  • Useful links for upgrading to SQL Server 2008 There is plenty of material available to help you upgrade to SQL Server 2008. This blog is intended as a short list for the most useful guidance that I have found. And you may have different experiences upgrading from SQL Server 2000 and SQL Server 2005 so please take the time to do proper preparation work and advanced studying. And test your upgrades before you do it for real in production.
  • Analysis Services Partition Size The SQL Server 2008 Analysis Services Performance Guide has been updated principally to address features available in the latest release. But there was one important change related to partition size driven by changes in hardware.
  • SQL Server 2008’s Oracle destination fast load option may fail if certain Oracle system views are missing SQL Server 2008’s latest feature pack, that can be found here, contains a new Oracle connector by Attunity that supports Oracle versions and higher. When you use this connector in SSIS 2008 to send data into Oracle, you may not be able to use fast load if some Oracle system views are missing.
  • How to fix your SQL Server 2008 Setup before you run setup (Part II)…. Last year you might have read my post where I showed you how to patch setup for RTM for SQL Server 2008 before you launch setup. This processing involved installing a Cumulative Update to apply fixes for the SQL Server 2008 Setup Support Files. Well, we will now be expanding this capability with SQL Server 2008 Service Pack 1 to be able to fix other areas of setup with a new method. This feature, called slipstream setup, actually provides much more.
  • How It Works: SQL Server – VDI (VSS) Backup Resources Last week I worked on an interesting case. The issue was a NT Backup against a single volume containing 500 SQL Server databases. It is rare to have so many databases on a single volume but it is possible and we had a case on this very issue.
  • Enforce Windows Password Policy on SQL Server Logins If users choose to use SQL login to connect to SQL Server rather than using NT authenticating, it is worth to remind that SQL server does provide the option of enforcing window password policy on SQL logins.
  • What’s Next for SQL Data Services…At the Professional Developer Conference 2008 Microsoft kicked off a major wave of innovation with the announcement of the Azure Services Platform. A key piece of that technology wave is SQL Data Services (SDS).

Exchange Server

  • Announcing the release of Exchange Server Remote Connectivity Analyzer Have you ever installed an Exchange server and wanted to verify your Internet facing services were setup and configured properly? Things like Exchange ActiveSync, AutoDiscover, Outlook Anywhere (RPC/HTTP), and inbound email. I’d like to introduce you to the Exchange Remote Connectivity Analyzer (ExRCA) tool which can be accessed at
  • OST Sizing Guidance Changes With the release of Outlook 2007 SP1 February 2009 cumulative update, we are updating our Mailbox Storage Sizing Guidance to reflect the improved performance and responsiveness when utilizing Cached Exchange Mode with respect to mailbox/OST sizes.
  • Update Roll-up 7 for Exchange Server 2007 Service Pack 1 has been released. We have released Update Roll-up 7 for Exchange Server 2007 Service Pack 1 (KB 960384) to the download center. The release of the roll-up via Microsoft Update will happen on March 24.
  • Encapsulate This! We’re going to talk about Address Encapsulation today and a change in Service Pack 1, Rollup 7, what we are doing with it, why, and how to cope.

System Center

  • Microsoft Support Model Changing for System Center Products Beginning on Monday, March 30, 2009, support for Microsoft’s Premier customers on System Center products will move from a live phone queue to callback. So why move to a callback model? The primary reason we made the decision to move to a callback model is because of the success we’ve already seen by doing this with the other System Center products. A callback model allows us to get a customer to the support engineer who is best able to resolve that particular issue as quickly as possible, instead of simply the engineer who happens to be the first one available.
  • CM: Configuration Manager 2007 Service Pack 2 beta coming May 2009
  • OM: Using SiteName when deploying gateways to help manage alerts When deploying the Operations Manager gateway role you can tag the gateway with a Site name. Any alerts coming from an agent reporting to this gateway will now have it’s “Site” property populated with the site name you configured when deploying the gateway. This can be really handy for building specific alert views and sending notifications.
  • System Center Ops Manager management pack for Hyper-V
  • System Center Operations Manager 2007 R2 (Release Candidate) Ready for Download Operations Manager 2007 R2 introduces key new and enhanced functionality – find out more here.
  • DPM: New SQL Server protection information for DPM 2007 SP1 Two new pieces of information to keep you informed on what is going on with SQL Server database protection and System Center Data Protection Manager 2007 SP1.
  • SCVMM: SCVMM 2008 R2 Beta now available Hot on the heals of the Windows Server 2008 R2 beta – you can now download the SCVMM 2008 R2 beta.
  • SCVMM and VMware ESX management.

Office SharePoint Technologies

  • Uber Packages of February Cumulative Update are Ready You may have been waiting anxiously for the uber packages because of your scheduled patch time window. Yeah, we heard from you. Now here they are.

Microsoft Office System
OCS: CWA 2007 R2 and Normalization Rules This post addresses inconsistencies with how Communicator Web Access 2007 R2 (CWA) implements normalization rules in relation to OC and other OCS clients.
New BPA rules uploaded covering OCS 2007 and OCS 2007 R2 Today we released new Best Practice Analyzer rules for OCS 2007 and OCS 2007 R2.
Microsoft Forefront Security for Office Communications Server (FSOCS) RTM Now Available! FSOCS provides fast and effective protection against IM-based malware for OCS 2007 and OCS 2007 R2 environments by including multiple scanning engines from industry-leading security partners. FSOCS also helps reduce corporate liability by blocking instant messages containing inappropriate content.
Access: Accessing external data using the IN clause Microsoft Access SQL supports two uses of the IN keyword. The most commonly used case is as part of the WHERE clause of a SQL statement to provide a list of values used as criteria.
How to discover what Access files are in your org The Office migration planner has some really good tools for understanding what is in your organization
Data bars in an Access query Mike Alexander (Excel MVP) recently sent the author a very cool trick that he hadn’t seen before. He uses some simple hackery and trickery to get data bars in a query. This is the first installment of a long series about how Access can be used to create cool dashboards
Excel: Analyzing Data: Functions or PivotTables When trying to analyze/aggregate data in a table, how do we decide whether to use functions versus PivotTables?
Excel VBA Performance Coding Best Practices In this post I’m going to share with you the most important performance tips I know about. There are tons of sites, pages, and people who are experts as well on this subject, have performed their own tests, and shared their results and ideas.
Outlook: Frequently Asked Questions about the February CU In this post, we wanted to formally address some of the top questions, comments, and concerns regarding the recent release of the February Cumulative Update. As always, please keep your comments coming.
Word: How to Freeze Part of Your Word Document I’m a big fan of Excel’s ability to freeze rows and columns. Now what if I have a similar situation in Word? Say that I have a figure on page one and need to write about it on page three. Do I need to scroll up and down over and over?

Forefront Security
Using Multiple Engines for Fast, Effective Protection of IM Environments Forefront Security for Office Communications Server integrates multiple antimalware engines from Microsoft and industry-leading partners to provide comprehensive protection against the latest threats. People often ask us what the big deal is about using multiple engines in our Forefront products. Well, multiple engines provide many advantages.
Forefront Team Blog This blog provides information about what’s happening with the entire Microsoft Forefront Family of products, including Forefront Client Security, Forefront Security for Exchange Server, Forefront Security for SharePoint, Internet Security & Acceleration (ISA) Server, Intelligent Application Gateway (IAG).
Other Information
Laptop Hunters: Real People Find Windows PCs A Better Fit For Their Lives Today we’re introducing the next chapter in the ongoing Windows Brand Campaign – an exciting new series of ads called Laptop Hunters. These new ads trace real people as they go on a hunt for a new laptop.
Microsoft Commerce Server 2009 is Now Available on MSDN!
Microsoft Developer Information
Why the new SDL threat modeling approach works Adam Shostack here. I recently posted an article on my non-MS blog talking about some of the thinking which went into our threat modeling re-design. (It made sense as part of a series of posts there.) I wanted to tie the ideas in it to the SDL a little more strongly. The SDL is all about bringing together two sets of people who haven’t talked very much. Those communities are software developers and security engineers. Their failure to talk has hurt both communities.
Building Security In Maturity Model The Building Security In Maturity Model (BSIMM) was released to the web late last week. The model enumerates best practices in building software that’s resistant to attack, as applied by nine real-world software development organizations.
Parallel Scalability Isn’t Child’s Play In a recent blog entry , Dr. Neil Gunther, a colleague from the Computer Measurement Group (CMG), warned about unrealistic expectations being raised with regard to the performance of parallel programs on current multi-core hardware.
SuperPreview Technology Hi, I’m a Program Manager for SuperPreview and wanted to blog a bit about how the technology of SuperPreview works. My goal is to help our users better understand the capabilities of SuperPreview and some of its limitations.
The Silverlight Toolkit Adds Visual Basic Samples The Silverlight Toolkit March 2009 release is enhanced with Visual Basic source code. Please follow the links to view these samples for both Silverlight 2 and Silverlight 3.
Upcoming Azure Services Platform Webcasts Upcoming Azure Services Platform Webcasts.
Windows Azure “How Do I” Videos The first 9 of 40 Azure Services Platform “How Do I” videos have been released! Windows Azure is well represented with 5 videos.
Monthly Reminders of Good Information Sources:
Security Page – Links to Key Information
HotFix & Security Bulletin Search See also the Contact Us: Hotfix Request Web Submission Form
Tackle Common Tasks With These How To Resources
Microsoft’s Support Lifecycle policy provides consistent and predictable guidelines for product support availability at the time of product release.
Microsoft Premier Online The Microsoft Premier Online (MPO) site is a secure Web site for the exclusive use of Premier Support customers. Note some of the links below may only be available to Premier Support customers. If you currently have Premier Support and don’t have access to MPO, please let your TAM know. Your TAM can get you access to the site.
Microsoft Services Operations Consulting Premier support includes access to proactive services that can help you maximize your productive use and the availability of Microsoft technologies within your IT environment. Many services can be delivered within existing Premier support agreements. Premier support includes access to proactive services that can help you maximize your productive use and the availability of Microsoft technologies within your IT environment. Many services can be delivered within existing Premier support agreements. Each month we’ll feature some of those services in this section.
IT Operations Management – (IT Service Management offerings: MOF/ITIL enabled)
SQL Server Design and Migration Review:
This review offers the customer Microsoft best practices and technical guidance for designing a SQL Server system and covers various SQL Server design topics such as schemas, modeling, indexes and table design that are outlined in a formal report upon engagement closure. SQL Server design reviews typically focus on a pre-production application and system.
SQL Server Performance and Scalability Review:
The goal of this review is to help a customer ensure that their SQL Server environment is performing optimally. This includes a customized analysis of system bottlenecks and database design and identifying potential SQL Server performance issues. Guidance on key settings including memory and database configuration to help prevent performance and scalability problems is also provided. All recommendations are outlined in a formal report upon engagement closure.
SQL Server Operations Analysis and Improvement for Availability:
This two to six week engagement begins with a review of the customer’s current business goals pertaining to SQL Server followed by an assessment of current pain points to determine the focus areas for improvement. A SQL Server Consultant then collaborates with the customer’s team to help identify opportunity for improvement in terms of their processes, procedures, operational practices, people and tools as they relate to SQL Server availability. The goal of this service is to provide recommendations and activities for process-based improvement in your environment through a series of in depth interviews and analysis of existing operational data and documentation.
SQL Server Disaster Recovery Review:
The purpose of this review is to help customers to develop a solutions and processes to recover a SQL Server system based on Microsoft best practices. This service provides a comprehensive review of all aspects of a critical SQL Server from various technologies to systematic planning and preparation as they relate to disaster recovery. Recommendations are outlined in a formal report upon engagement closure.
SQL Server High Availability Review:
This offering begins with a review of the customer’s current business goals pertaining to SQL Server availability, including adherence to the Windows Catalog (formerly the Hardware Compatibility List (HCL)), 64-bit technologies, clustering, & if appropriate other technologies such as replication & database mirroring, followed by an assessment of current pain points to determine the focus areas for improvement. A SQL Server Consultant collaborates with the customer’s team to help identify opportunity for improvement in terms of their processes, procedures, operational practices, people, and tools as they relate to SQL Server high availability.
SQL Server Consolidation Assessment (4 weeks):
The intent of the Assessment service is to help your customer evaluate their SQL Server environment for the viability of a server consolidation solution. Data is collected and analyzed and used to document the current SQL Server environment and help determine the scope, business case, and drivers for proceeding with a SQL Server consolidation solution. Assessment information, data, and documentation can be re-used in later phases of the SQL consolidation process.
SQL Server Consolidation Planning (3 weeks):
SQL Server consolidation often involves three simultaneous and significant activities; SQL Server upgrades and migrations, SQL Server standardization, and SQL Server consolidation. It takes sufficient planning to achieve a smooth SQL Server consolidation; the more complex the database environment, the more comprehensive the planning activities. The intent of the Consolidation Planning component is to cover these essential planning activities.
SQL Server Consolidation Strategy & Design (3 weeks):
The intent of the Consolidation Strategy & Design service component is to guide your customer in the design of the consolidated SQL environment. Our consultant will work with your customer to determine the benefits and risks for server consolidation, instance consolidation, and position consolidation technology options (virtualization).
SQL Server Consolidation Build & Deployment (2 weeks):
The intent of the Consolidation Build & Deployment service is for the consultant to help support a pilot deployment to test the proposed SQL Server consolidated design. It should cover the installation of the tools, scripts, and products to be used during build and deployment, the creation of the standard SQL Server builds and the standard processes to operate them.
SQL Server Consolidation Operational Review (2 weeks):
The intent of the Consolidation Operational Review is to conduct a review of a SQL Server consolidated production environment. Operating a consolidated environment effectively starts during the consolidation project and continues through deployment. Through interviews and data collection, this engagement will provide an assessment of key operational processes.
Support WebCasts
List of Upcoming WebCasts:
List of Previous WebCasts for on demand viewing:

See the Top Ten List of the most popular webcasts.

Recent Security Bulletins (Security Bulletin Archives):

  • Microsoft Security Bulletin Summary for March 2009
  • Microsoft Security Bulletin Summary for February, 2009
  • Microsoft Security Bulletin Summary for January 2009

Last 5 Published or Updated Security Advisories:

Microsoft Security Advisory (953839) Update Rollup for ActiveX Kill Bits Published or Last Updated: 3/11/2009

  • Microsoft Security Advisory (968272) Vulnerability in Microsoft Office Excel Could Allow Remote Code Execution Published or Last Updated: 3/5/2009
  • Microsoft Security Advisory (967940) Update for Windows Autorun Published or Last Updated: 2/24/2009
  • Microsoft Security Advisory (961040) Vulnerability in SQL Server Could Allow Remote Code Execution Published or Last Updated: 2/10/2009
  • Microsoft Security Advisory (960715) Update Rollup for ActiveX Kill Bits Published or Last Updated: 2/10/2009

For the entire list of published Security Advisories, visit the Security Advisory Archive Web site.

For the latest information and resources, see 0/5 (1)

Please rate this

Posted in: News

Leave a Comment (0) ↓