Patch Tuesday over at Computer World

August 19, 2013, 1:38 pm

≫ Next: DELL Software Group Marketing Update for September

≪ Previous: Microsoft Patch Tuesday: August 2013

As you probably have seen over the past few years, I have been posting the ChangeBASE Patch Tuesday reports and testing summaries for Microsoft's Patch Tuesday. These sample reports are a pretty good overview of the Microsoft Patch Tuesday release and you get the patch description and file payloads of each update in a nice, easy to read format.

I am now doing a little blogging for ComputerWorld at the Patch Tuesday blog home under the Security section. I have a few posts over there now, and the latest description of the August Patch Tuesday's release is up and ready for general consumption.

You can find the Patch Tuesday debugged link here: http://blogs.computerworld.com/windows/22658/history-touch-critical-and-important

Enjoy!

↧

DELL Software Group Marketing Update for September

September 2, 2013, 2:21 am

≫ Next: September Patch Tuesday 2013 - Preview

≪ Previous: Patch Tuesday over at Computer World

Summer is over (cant't believe it) and it's back to work. So, I thought I would post a quick update on the upcoming webinars for the ESM part of the DELL Software group.

Note: After all events, recordings and presentation decks are posted under the Webcasts section of the Resource Center on KACE.com.

Upcoming Webinars

Wednesday, September 4 at 11 am PT

Managing Configurations in the User Environment without Scripts

Still using login scripts to configure user environments? In this webcast, discover the power of automation when delivering applications, controlling configurations across desktops, virtual desktops, and remote sessions and much more.

Thursday, Sept. 12 at 10 am PT

Agile Service Desk: Keeping Pace or Getting Out Paced by New Technology?

Join us for a quick look at the state of the service desk, and explore new requirements and tradeoffs in choosing and using a service desk solution. You will also discover practical ways to ensure an effective service desk in 2013 and beyond.

Thursday, Sept. 19 at 10 am PT

Eliminating Administrative Rights: Balancing Desktop Security and User Productivity

Administrator privileges are Windows’ necessary evil. You no longer have to struggle with all-or-nothing administrative privileges. Join Greg Shields of Concentrated Technology and Systems Management Expert Robert Crosley from Dell to examine techniques and tools that can deliver both security and enhanced end user productivity, organization-wide.

Thursday, Sept. 26 at 11 am PT

Desktop Virtualization: Your Optimal Strategy for Healthcare IT

Join Craig Mathias of Farpoint Group and Matt Law of Dell Endpoint Systems Management for this fast-paced and informative webcast, where you will discover how desktop virtualization offers an optimal strategy for addressing the mission-critical demands of IT in healthcare. Register here.

New Resources

New! Dell KACE Family Overview Datasheet

Available on KACE.com.

New! Dell KACE K1000 Management Appliance Datasheet

Available on KACE.com.

↧

September Patch Tuesday 2013 - Preview

September 10, 2013, 3:57 am

≫ Next: Microsoft Patch Tuesday - September 2013

≪ Previous: DELL Software Group Marketing Update for September

It's September and while the sun is still shining (here in the UK) there is as chill in the air. And, for most of us, it's back to school (or work) and in the case of Microsoft's September Patch Tuesday release, there is a lot of work to do.

This month the Microsoft Advance notification guide details 14 patches, four of which are rated as Critical and the remaining 10 are rated as Important.

All of the Critical patches deal with Remote Code Execution (RCE's) vulnerabilities and the remaining 10 patches deal with Information Disclosure and Denial of Service issues.

I have created a handy little chart of these patches, which you can view here;

Bulletin	Severity	Impact	Platform
1	Critical	Remote Code Execution	Share Point
2	Critical	Remote Code Execution	Outlook
3	Critical	Remote Code Execution	Internet Explorer
4	Critical	Remote Code Execution	XP/Server 2003
5	Important	Remote Code Execution	XP/Vista/Server 2008
6	Important	Remote Code Execution	Word 2003/2007/2010
7	Important	Remote Code Execution	Excel 2003/2007/2010/2013
8	Important	Remote Code Execution	Access 2007/2010/2013
9	Important	Elevation of Privilege	Office 2010/Pinyin IME
10	Important	Elevation of Privilege	XP/Vista/7/8/RT/2003/2008/2010/
11	Important	Elevation of Privilege	Windows 7/Server 2008
12	Important	Information Disclosure	Front Page 2003 SP3
13	Important	Denial of Service	XP/Vista/7/8/RT/2003/2008/2012/
14	Important	Denial of Service	XP/Vista/7/8/RT/2003/2008/2012/

Looking at these Microsoft Patches, I would tend to most worried about the application level updates. It looks like Outlook and Excel are going to be updated. These patches will require some serious testing prior to deployment.

You can find out more from the Microsoft Advance Notification page for September 2013 here: https://technet.microsoft.com/en-us/security/bulletin/ms13-sep

↧

Microsoft Patch Tuesday - September 2013

September 11, 2013, 10:35 am

≫ Next: Microsoft Zero-Day IE flaw with a complex fix

≪ Previous: September Patch Tuesday 2013 - Preview

Application Compatibility Update with Dell Software's ChangeBASE

With this September Microsoft Patch Tuesday update, we see a set of 13 updates; 4 of which are marked as “Critical” and 9 rated as “Important”.

The Patch Tuesday Security Update analysis was performed by the Dell ChangeBASE Patch Impact team and identified a small percentage of applications from the thousands of applications included in testing for this release which showed amber issues.

Of the thirteen patches, 3 "require a restart to load correctly", and 10 "may require a restart", so the usual advice is that it is probably best to assume all require a restart to be installed correctly.

Sample Results

Here are two sample results showing amber warnings generated as a result of patch MS13-069.

Here is a sample summary report:

Testing Summary

MS13-067	Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (KB2834052)
MS13-068	Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (KB2756473)
MS13-069	Cumulative Security Update for Internet Explorer (KB2870699)
MS13-070	Vulnerability in OLE Could Allow Remote Code Execution (KB2876217)
MS13-071	Vulnerability in Windows Theme File Could Allow Remote Code Execution (KB2864063)
MS13-072	Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (KB2845537)
MS13-073	Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (KB2858300)
MS13-074	Vulnerabilities in Microsoft Access Could Allow Remote Code Execution (KB2848637)
MS13-075	Vulnerability in Microsoft Office IME (Chinese) Could Allow Elevation of Privilege (KB2878687)
MS13-076	Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation of Privilege (KB2876315)
MS13-077	Vulnerability in Windows Service Control Manager Could Allow Elevation of Privilege (KB2872339)
MS13-078	Vulnerability in FrontPage Could Allow Information Disclosure (KB2825621)
MS13-079	Vulnerability in Active Directory Could Allow Denial of Service (KB2853587)

Security Update Detailed Summary

MS13-067	Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (KB2834052)
Description	This security update resolves one publicly disclosed vulnerability and nine privately reported vulnerabilities in Microsoft Office Server software. The most severe vulnerability could allow remote code execution in the context of the W3WP service account if an attacker sends specially crafted content to the affected server.
Payload	Cfgupddl.sql, Configdb.sql, Configup.sql, Dwdcw20.dll, Fldedit.asx, Fldnew.asx, Listedit.asx, Microsoft_sharepoint_dsp_oledb.dll, Microsoft_sharepoint_dsp_soappt.dll, Microsoft_sharepoint_dsp_sts.dll, Microsoft_sharepoint_dsp_xmlurl.dll, Microsoft_web_design_server.dll, Mssph.dll_0001.x86, Mssrch.dll_0001.x86, Offprsx.dll, Onetutil.dll, Owssvr.dll_0001, Qstedit.asx, Qstnew.asx, Searchom.dll_0003.x86, Searchom.dll_0005.x86, Sigcfg.cer, Sigcfg.dll, Sigcfg.sql, Sigsdb.cer.x86, Sigsdb.dll.x86, Sigsdb.sql.x86, Sigstore.cer, Sigstore.dll, Sigstore.sql, Store.sql, Storeup.sql, Stoupddl.sql, Sts.workflows.dll, Stsadm.exe, Stsap.dll, Stsapa.dll, Stslib.dll_0001, Stsom.dll, Stsom.dll_0001, Stssoap.dll, Stswel.dll, Stswfacb.dll, Stswfact.dll, Svrsetup.exe, Timezone.xml, Tquery.dll_0002.x86, Wsdisco.asx, Wss.search.sql.x86, Wss.search.up.sql.x86, Wssadmin.exe_0001, Wssadmop.dll_0001, Wsssetup.dll, Wswsdl.asx, Xmlfiltr.dll.x86
Impact	Critical - Remote Code Execution

MS13-068	Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (KB2756473)
Description	This security update resolves a privately reported vulnerability in Microsoft Outlook. The vulnerability could allow remote code execution if a user opens or previews a specially crafted email message using an affected edition of Microsoft Outlook. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Payload	Cnfnot32.exe_0004, Contab32.dll, Dlgsetp.dll, Emsmdb32.dll_0005, Envelope.dll, Exsec32.dll_0001, Impmail.dll, Mapiph.dll, Mimedir.dll, Mspst32.dll_0004, Olmapi32.dll, Omsmain.dll, Omsxp32.dll , Outlmime.dll, Outlook.exe, Outlph.dll, Outlvbs.dll_0001, Pstprx32.dll, Recall.dll, Rm.dll, Rtfhtml.dll, Scanpst.exe_0002, Scnpst32.dll, Scnpst64.dll
Impact	Critical - Remote Code Execution

MS13-069	Cumulative Security Update for Internet Explorer (KB2870699)
Description	This security update resolves ten privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the most severe of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Payload	Browseui.dll, Html.iec, Ieencode.dll, Iepeers.dll, Mshtml.dll, Mshtmled.dll, Mstime.dll, Shdocvw.dll, Tdc.ocx, Url.dll, Urlmon.dll, Vgx.dll, Wininet.dll
Impact	Critical - Remote Code Execution

MS13-070	Vulnerability in OLE Could Allow Remote Code Execution (KB2876217)
Description	This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a file that contains a specially crafted OLE object. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Payload	Ole32.dll, Wole32.dll
Impact	Critical - Remote Code Execution

MS13-071	Vulnerability in Windows Theme File Could Allow Remote Code Execution (KB2864063)
Description	This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user applies a specially crafted Windows theme on their system. In all cases, a user cannot be forced to open the file or apply the theme; for an attack to be successful, a user must be convinced to do so.
Payload	Themeui.dll
Impact	Important - Remote Code Execution

MS13-072	Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (KB2845537)
Description	This security update resolves 13 privately reported vulnerabilities in Microsoft Office. The most severe vulnerabilities could allow remote code execution if a specially crafted file is opened in an affected version of Microsoft Office software. An attacker who successfully exploited the most severe vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Payload	Winword.exe, Wordicon.exe, Wordcnv.dll, Wwlib.dll
Impact	Important - Remote Code Execution

MS13-073	Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (KB2858300)
Description	This security update resolves three privately reported vulnerabilities in Microsoft Office. The most severe vulnerabilities could allow remote code execution if a user opens a specially crafted Office file with an affected version of Microsoft Excel or other affected Microsoft Office software. An attacker who successfully exploited the most severe vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Payload	Excel.exe
Impact	Important - Remote Code Execution

MS13-074	Vulnerabilities in Microsoft Access Could Allow Remote Code Execution (KB2848637)
Description	This security update resolves three privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Access file with an affected version of Microsoft Access. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Payload	Acacedao.dll, Acecore.dll, Acedao.dll, Aceerr.dll, Acees.dll, Aceexch.dll, Aceexcl.dll, Aceodbc.dll, Aceodexl.dll, Aceodtxt.dll, Aceoledb.dll, Acetxt.dll, Acewdat.dll
Impact	Important - Remote Code Execution

MS13-075	Vulnerability in Microsoft Office IME (Chinese) Could Allow Elevation of Privilege (KB2878687)
Description	This security update resolves a privately reported vulnerability in Microsoft Office IME (Chinese). The vulnerability could allow elevation of privilege if a logged on attacker launches Internet Explorer from the toolbar in Microsoft Pinyin IME for Simplified Chinese. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights. Only implementations of Microsoft Pinyin IME 2010 are affected by this vulnerability. Other versions of Simplified Chinese IME and other implementations of IME are not affected.
Payload	Imecfm.dll, Imecfmp.dll, Imecfmui.exe, Imecmnt.exe, Imefiles.dll, Imeklmg.exe, Imespbld.exe, Imetip.dll, Imewdbld.exe, Imjp14k.dll, Imjpapi.dll, Imjpcac.dll, Imjpcmld.dll, Imjpcmmp.dll, Imjpcus.dll, Imjpdapi.dll, Imjpdct.exe, Imjpdctp.dll, Imjpdus.exe, Imjplmp.dll, Imjppred.dll, Imjpskey.dll, Imjpskf.dll, Imjptip.dll, Imjpuexc.exe, Imjputyc.dll, Imecfm.dll, Imecfmp.dll, Imecfmui.exe, Imefiles.dll, Imeklmg.exe, Imespbld.exe, Imetip.dll, Imewdbld.exe, Imccphr.exe, Imecfm.dll, Imecfmp.dll, Imecfmui.exe, Imecmnt.exe, Imefiles.dll, Imeklmg.exe, Imespbld.exe, Imetip.dll, Imewdbld.exe, Imsccfg.dll, Imsccore.dll, Imsctip.dll, Imscui.dll, Imccphr.exe, Imecfm.dll, Imecfmp.dll, Imecfmui.exe, Imefiles.dll, Imeklmg.exe, Imespbld.exe, Imetip.dll, Imewdbld.exe, Imtccfg.dll, Imtccore.dll, Imtcprop.exe, Imtctip.dll, Imtcui.dll
Impact	Important - Elevation of Privilege

MS13-076	Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation of Privilege (KB2876315)
Description	This security update resolves seven privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs onto the system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities.
Payload	Win32k.sys
Impact	Important - Elevation of Privilege

MS13-077	Vulnerability in Windows Service Control Manager Could Allow Elevation of Privilege (KB2872339)
Description	This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker convinces an authenticated user to execute a specially crafted application. To exploit this vulnerability, an attacker either must have valid logon credentials and be able to log on locally or must convince a user to run the attacker's specially crafted application.
Payload	Conhost.exe, Kernel32.dll, Kernelbase.dll, Api-ms-win-core-console-l1-1-0.dll, Api-ms-win-core-datetime-l1-1-0.dll, Api-ms-win-core-debug-l1-1-0.dll, Api-ms-win-core-delayload-l1-1-0.dll, Api-ms-win-core-errorhandling-l1-1-0.dll, Api-ms-win-core-fibers-l1-1-0.dll, Api-ms-win-core-file-l1-1-0.dll, Api-ms-win-core-handle-l1-1-0.dll, Api-ms-win-core-heap-l1-1-0.dll, Api-ms-win-core-interlocked-l1-1-0.dll, Api-ms-win-core-io-l1-1-0.dll, Api-ms-win-core-libraryloader-l1-1-0.dll, Api-ms-win-core-localization-l1-1-0.dll, Api-ms-win-core-localregistry-l1-1-0.dll, Api-ms-win-core-memory-l1-1-0.dll, Api-ms-win-core-misc-l1-1-0.dll, Api-ms-win-core-namedpipe-l1-1-0.dll, Api-ms-win-core-processenvironment-l1-1-0.dll, Api-ms-win-core-processthreads-l1-1-0.dll, Api-ms-win-core-profile-l1-1-0.dll, Api-ms-win-core-rtlsupport-l1-1-0.dll, Api-ms-win-core-string-l1-1-0.dll, Api-ms-win-core-synch-l1-1-0.dll, Api-ms-win-core-sysinfo-l1-1-0.dll, Api-ms-win-core-threadpool-l1-1-0.dll, Api-ms-win-core-util-l1-1-0.dll, Api-ms-win-core-xstate-l1-1-0.dll, Api-ms-win-security-base-l1-1-0.dll, Api-ms-win-core-console-l1-1-0.dll, Api-ms-win-core-datetime-l1-1-0.dll, Api-ms-win-core-debug-l1-1-0.dll, Api-ms-win-core-delayload-l1-1-0.dll, Api-ms-win-core-errorhandling-l1-1-0.dll, Api-ms-win-core-fibers-l1-1-0.dll, Api-ms-win-core-file-l1-1-0.dll, Api-ms-win-core-handle-l1-1-0.dll, Api-ms-win-core-heap-l1-1-0.dll, Api-ms-win-core-interlocked-l1-1-0.dll, Api-ms-win-core-io-l1-1-0.dll, Api-ms-win-core-libraryloader-l1-1-0.dll, Api-ms-win-core-localization-l1-1-0.dll, Api-ms-win-core-localregistry-l1-1-0.dll, Api-ms-win-core-memory-l1-1-0.dll, Api-ms-win-core-misc-l1-1-0.dll, Api-ms-win-core-namedpipe-l1-1-0.dll, Api-ms-win-core-processenvironment-l1-1-0.dll, Api-ms-win-core-processthreads-l1-1-0.dll, Api-ms-win-core-profile-l1-1-0.dll, Api-ms-win-core-rtlsupport-l1-1-0.dll, Api-ms-win-core-string-l1-1-0.dll, Api-ms-win-core-synch-l1-1-0.dll, Api-ms-win-core-sysinfo-l1-1-0.dll, Api-ms-win-core-threadpool-l1-1-0.dll, Api-ms-win-core-util-l1-1-0.dll, Api-ms-win-core-xstate-l1-1-0.dll, Api-ms-win-security-base-l1-1-0.dll, Winsrv.dll
Impact	Important - Elevation of Privilege

MS13-078	Vulnerability in FrontPage Could Allow Information Disclosure (KB2825621)
Description	This security update resolves a privately reported vulnerability in Microsoft FrontPage. The vulnerability could allow information disclosure if a user opens a specially crafted FrontPage document. The vulnerability cannot be exploited automatically; for an attack to be successful a user must be convinced to open the specially crafted document.
Payload	Fpwec.dll, Frontpg.exe
Impact	Important - Information Disclosure

MS13-079	Vulnerability in Active Directory Could Allow Denial of Service (KB2853587)
Description	This security update resolves a privately reported vulnerability in Active Directory. The vulnerability could allow denial of service if an attacker sends a specially crafted query to the Lightweight Directory Access Protocol (LDAP) service.
Payload	Ntdsatq.dll
Impact	Important - Denial of Service

* All results are based on the ChangeBASE Application Compatibility Lab’s test portfolio of over 3,000 applications

↧

Microsoft Zero-Day IE flaw with a complex fix

September 19, 2013, 1:59 am

≫ Next: Join our joint Gartner and Dell Software Webinar

≪ Previous: Microsoft Patch Tuesday - September 2013

I would have normally waited until my monthly Patch Tuesday update to discuss Microsoft security vulnerabilities and updates. However, when I read about the latest Microsoft Zer-day exploit and security flaw and then saw that the BBC thought it was sufficiently important to report on, well I had to post something.

The Remote Code Execution vulnerability exploited in this attack effects all versions of Internet Explorer (both 32 and 64-bit) bar the latest version (11). The CVE description for this issue incudes;

"Use-after-free vulnerability in the SetMouseCapture implementation in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code via crafted JavaScript strings, as demonstrated by use of an ms-help: URL that triggers loading of hxds.dll."

This means that a specially crafted web page that includes some nasty JavaScript code could allow an attacker to execute code on the users machines. This code could include spyware (watches your keystrokes), malware (leaves a trojan behind) and could directly affect (copy/delete) files and data on the affected machine.

There is already fix posted by the TechNet and IE Team, which you can read about in the IE TechNet blog located here: http://blogs.technet.com/b/srd/archive/2013/09/17/cve-2013-3893-fix-it-workaround-available.aspx

This attack is a little annoying (besides the potential damage it cold allow) as I thought that IE employed security tactics to prevent these kind of attacks. Reading the IE blog posting, the vulnerability is described as;

The purpose of this DLL in the context of this exploit is to bypass ASLR by providing executable code at known addresses in memory, so that a hardcoded ROP (Return Oriented Programming) chain can be used to mark the pages containing shellcode (in the form of Javascript strings) as executable.

ASLR is a programming and security technique designed to prevent these kinds of attacks by effectively randomly assinging addresses to memory locations. This is very much like removing door-numbers from within an office building - it makes finding anything or anyone very difficult.

It looks like the primary components of IE use ASLR and thus benefit from its protection. However, it looks like the sub-components used by IE did not - and, therefore allowing a way in for attackers.

Sort of like, having super secure and vetted full-time employees and then using 3rd-party contractors with similar security access and privileges.

I wonder if Microsoft will call these types of dependency attacks the "Snowden Way In".

References:

ASLR
http://en.wikipedia.org/wiki/Address_space_layout_randomization

http://technet.microsoft.com/en-us/security/advisory/2887505

CVE Vulnerability Entry CVE 2013-3893
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3893

↧

Join our joint Gartner and Dell Software Webinar

September 20, 2013, 12:32 am

≫ Next: DELL ESM Marketing News for September 23

≪ Previous: Microsoft Zero-Day IE flaw with a complex fix

Join our joint Gartner and Dell Software Webinar - Click Here to Register
Date: 26th September
Time: 8:00 PST / 11:00 EST / 16:00 GMT / 17:00 CET

It’s all about the data – migrations and beyond

Join Gartner expert Mike Silver’s and Ann Maya, senior ChangeBASE product manager, Dell Software, to hear about solutions that customers are using to move forward beyond migration.

You know that Windows XP is reaching its end of life next April. Yet, many organisations are still on XP, opening up the real possibility of having to pay considerably for extended support. So why the delay?

Application compatibility is one of the major obstacles for enterprise Windows 7/8 migrations but there are also concerns about ongoing application management.

With customers’ requirements to better manage the move towards supporting BYOD, the need to integrate systems for better data mining, the desire for solutions that can be hosted in the cloud and “self-service” application delivery solutions – the landscape for application management and application readiness is constantly changing. The focus is veering from pure migration efforts to ongoing application lifecycle management.

Attend this Dell Software webcast featuring Gartner expert Mike Silver to discover:

Why organizations have been slow to move off XP
What we can learn from organizations that have migrated successfully
Top considerations for ongoing application lifecycle management beyond migration
The importance of an optimized workflow management process

Register Now!

↧

DELL ESM Marketing News for September 23

September 22, 2013, 11:22 pm

≫ Next: Don’t’ forget to join our Gartner webinar today!

≪ Previous: Join our joint Gartner and Dell Software Webinar

I thought I would mention a few of the live and recorded on-line demos that will be happening over the next few weeks. In addition, I have added some new "In the News" links to some of the DELL happenings.

LIVE DEMOS

Multiple Dates, Next one: Wednesday, Sept 25 at 9 am PT

vWorkspace Live Weekly Demo

Deliver huge scalability and speed improvements with Hyper-V Catalyst components for virtual desktops, use Desktop Clouds to provide power and simplicity for SMBs and enterprises, and monitor user experience from a “single pane of glass” for both VDI and TS/RDSH. See vWorkspace 8.0 in action. Register here .

Thursday, Sept. 26 at 11 am PT

Desktop Virtualization: Your Optimal Strategy for Healthcare IT

Multiple Dates, Next one: Tuesday, Oct 1 at 11 am PT

Enable BYOD with easy scanning for VDI and RDSH users

Support your BYOD initiatives by making it as easy for your BYOD users to use document scanners and other image acquisition devices as it is for physical desktop users with Dell RemoteScan.

Multiple Dates, Next one: Wednesday, Oct 2 at 11 am PT

Managing Configurations in the User Environment without Scripts

On-Demand Webinars

Agile Service Desk: Keeping Pace or Getting Out Paced by New Technology?

View the recording here.

New! Dell KACE Jumpstart Datasheet

JumpStart training has always been an integral part of helping customers gain near-immediate return for their investment in KACE Appliances. This updated data sheet articulates clearly the benefits of the JumpStart program and the available options for both initial and ongoing learning opportunities, from basic to in-depth, customized to client needs. The data sheet is posted on the Resource Center on KACE.com .

DELL ESM in the News

Dell Software's endpoint systems management allowed Louisiana-based customer Green Clinic to save 20 hours per week in service requests and reduce EMR deployment costs by $20,000. - Becker's Hospital Review , iHealthBeat ,Healthcare Technology Online , CIO Insight
Dell Software customers want consolidated end-to-end solutions from fewer suppliers, which led Dell to a strategy calling further integration of assets including Dell KACE. - Channelnomics
Dell Inc. announced its software business has reached the $1.5 billion revenue mark and has upcoming changes to its PartnerDirect channel program involving Dell KACE among others. - Channelnomics
Dell Latitude 7000 Ultrabook features Intel vPro with extensions specific to Dell, along with tools that work with Microsoft System Center and Dell KACE. - ChipChick
Dell recently launched vWorkspace 8, which brings a multitude of features to the table, the most notable of which include tighter integration into Hyper-V and full support for Windows Server 2012 and Windows 8. -SearchVirtualDesktop
Dell's new PartnerDirect program introduces a new set of “competencies” for software partners through Dell KACE, SonicWALL and other divisions of the software company. - Channelnomics, MSPMentor

↧

Don’t’ forget to join our Gartner webinar today!

September 26, 2013, 8:07 am

≫ Next: Packaging Event 2013: Management Briefing

≪ Previous: DELL ESM Marketing News for September 23

Don’t’ forget to join our Gartner webinar today!

Don't forget to join Ann Maya, Senior Product Manager for ChangeBASE here at Dell Software and Michael Silver, Vice President and Research Director at Gartner for our joint webinar - It’s all about the data – migrations and beyond

Date: 26th September

Time: 8:00 PST / 11:00 EST / 16:00 GMT / 17:00 CET

Attend this webcast to discover:

Why organizations have been slow to move off XP
What we can learn from organizations that have migrated successfully
How to keep up with the frequency of technology changes
Top considerations for ongoing application lifecycle management beyond migration
The importance of an optimized workflow management process

Register Now!

↧

Packaging Event 2013: Management Briefing

September 30, 2013, 1:34 am

≫ Next: Online Webinars from DELL Software Group

≪ Previous: Don’t’ forget to join our Gartner webinar today!

Packaging Event 2013

The Management Summary Sessions (MSS)

Be our guest during the Management Summary Sessions at Packaging Event 2013 in the Media Plaza, Jaarbeurs Utrecht.

On Thursday October 3 between 15.45 and 18.00, the management summary sessions will take place at a private section of the event and can be attended by invitation-only. These sessions will provide a high-level overview and excellent Sr. management network opportunities with trend setting industry organizations around packaging, application virtualisation, application management, (cloud) migrations, MDM and deployment.

While other sessions at the event are fairly technical / product specific, these sessions are designed for CEO/CTO/IT managers who benefit from a high-level understanding how solutions in the industry can help your organizations work more efficient, save time, improve quality and save costs.

During three 30-minute sessions, sr. management from key industry organizations Dell Software, Flexera Software and Raynet will share their company vision, product roadmap & solutions and how these can help your organization.

The following speakers will present their view and future direction of respective technologies:

Flexera Software - Jim Ryan
Chief Operating Officer

Raynet - Ragip Aydin
Managing Director

Dell Software - Gregory Lambert
Sr. Technical Evangelist

You can attend the MMS without registering for the whole event.

↧

Online Webinars from DELL Software Group

October 7, 2013, 4:19 am

≫ Next: Microsoft Patch Tuesday: October 2013

≪ Previous: Packaging Event 2013: Management Briefing

Loads going on at the moment - and, you will see that the DELL Software Group (DSG) has some great online web sessions and demos dealing with Identity and Access Management (IAM) and of course Windows migrations.

Hare some of the sessions scheduled for the next few weeks;

Online Webinars:

Addressing the Multi Device Reality: Unified Endpoint Management

Did you know that 87% of business device users rely on a PC and at least one mobile device to get their jobs done? Or that one out of eight mobile devices will be lost or stolen? This webinar will discuss the realities of multi-device proliferation and the need for such core considerations as data loss protection and BYOD policies. There will also be demonstrations of the latest release of the Dell KACE K3000 Mobile Management Appliance.

Webcast: Understanding the 7 Building Blocks of IAM
This webinar aims to help customers and prospects to understand the relationship between these core components of identity and access management (IAM) in order to make their organization more compliant, productive and secure. Security expert Randy Franklin Smith teaches about the most effective IAM strategies he’s observed over the years. Then Dell Software’s Jason Remillard discusses advances in IAM technology, and how risk analysis needs to be built into decisions and processes. View this webcast on demand.

Dell Endpoint Systems Management – Live Demo in your language

Dell Endpoint Systems Management offers comprehensive systems management tools through Dell KACE System Management Appliances and Dell User Workspace Management software: Dell Desktop Authority and Dell vWorkspace. Both empower IT organizations and enhance user productivity.

Windows Migration with Dell Software

This seminar is held in collaboration with Microsoft and will show how Dell Software can improve the accuracy and efficiency of applications while reducing the risks and costs associated with migration.

Rome – 3 October
Milan – 7 October

Information Management Roadshows

Showcasing Information Management’s end to end solutions for data management, integration and analysis, these roadshows will feature Toad, SharePlex and the new Toad BI Suite.

Brussels – 9 October
Copenhagen – 1 October
Oslo – 15 October
Solna – 16 October
Cologne – 16 October
Munich – 17 October

Governance and Auditing: Responding to Compliance Issues

At this breakfast seminar we will discuss how to achieve compliance and IT governance with the help of Dell Software

Boulogne – 18 October

Migration Seminar

Learn more about Dell Software migration solutions and how to ensure a ZeroIMPACT migration, consolidation or restructuring.Paris – 18 October

Exchange Migration Technology Breakfast

At this breakfast seminar, our product specialists will discuss how Dell Software & Dell Services can help to ensure a smooth and successful Exchange migration.

Madrid – 23 October

↧

Microsoft Patch Tuesday: October 2013

October 10, 2013, 3:32 am

≫ Next: DELL Webcast: How automation rescues a stalled migration to Windows 7/8

≪ Previous: Online Webinars from DELL Software Group

Executive Summary

With this October Microsoft Patch Tuesday update, we see a set of 8 updates; 4 of which are marked as “Critical” and 4 rated as “Important”.

Of the eight patches, 3 "require a restart to load correctly", and 4 "may require a restart", leaving only one which claims it doesn't need a restart - so the usual advice is that it is probably best to assume all require a restart to be installed correctly.

Sample Results

Here are two sample results showing amber warnings generated as a result of patches MS13-080 and MS13-083.

Here is a Sample Summary report:

Testing Summary

Security Update Detailed Summary

MS13-080	Cumulative Security Update for Internet Explorer (KB2879017)
Description	This security update resolves one publicly disclosed vulnerability and nine privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the most severe of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Payload	Browseui.dll, Html.iec, Ieencode.dll, Iepeers.dll, Mshtml.dll, Mshtmled.dll, Mstime.dll, Shdocvw.dll, Tdc.ocx, Url.dll, Urlmon.dll, Vgx.dll, Wininet.dll
Impact	Critical - Remote Code Execution

MS13-081	Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (KB2870008)
Description	This security update resolves seven privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow remote code execution if a user views shared content that embeds OpenType or TrueType font files. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system.
Payload	Atmfd.dll
Impact	Critical - Remote Code Execution

MS13-082	Vulnerabilities in .NET Framework Could Allow Remote Code Execution (KB2878890)
Description	This security update resolves two privately reported vulnerabilities and one publicly disclosed vulnerability in Microsoft .NET Framework. The most severe of the vulnerabilities could allow remote code execution if a user visits a website containing a specially crafted OpenType font (OTF) file using a browser capable of instantiating XBAP applications.
Payload	No specific file payload
Impact	Critical - Remote Code Execution

MS13-083	Vulnerability in Windows Common Control Library Could Allow Remote Code Execution (KB2864058)
Description	This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends a specially crafted web request to an ASP.NET web application running on an affected system. An attacker could exploit this vulnerability without authentication to run arbitrary code.
Payload	Comctl32.dll, Controls.man, Wcomctl32.dll
Impact	Critical - Remote Code Execution

MS13-084	Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (KB2885089)
Description	This security update resolves two privately reported vulnerabilities in Microsoft Office server software. The most severe vulnerability could allow remote code execution if a user opens a specially crafted Office file in an affected version of Microsoft SharePoint Server, Microsoft Office Services, or Web Apps.
Payload	Svrsetup.exe, Wsssetup.dll, Bform.js_1025, Form.js_1025, Rgnlstng.xml_1025, Bform.js_1026, Form.js_1026, Rgnlstng.xml_1026, Bform.js_1027, Form.js_1027, Rgnlstng.xml_1027, Bform.js_1029, Form.js_1029, Rgnlstng.xml_1029, Rgnlstng.xml_1106, Bform.js_1030, Form.js_1030, Rgnlstng.xml_1030, Stsomr.dll_1030, Bform.js_1031, Form.js_1031, Rgnlstng.xml_1031, Bform.js_1032, Form.js_1032, Rgnlstng.xml_1032, Bform.js_1033, Form.js_1033, Rgnlstng.xml_1033, Bform.js_3082, Form.js_3082, Rgnlstng.xml_3082, Bform.js_1061, Form.js_1061, Rgnlstng.xml_1061, Bform.js_1035, Form.js_1035, Rgnlstng.xml_1035, Bform.js_1036, Form.js_1036, Rgnlstng.xml_1036, Avreport.htm_2108, Bpstd.asx_2108, Calendar.css_2108, Core.css_2108, Core.rsx_2108, Datepick.css_2108, Error.htm_2108, Filedlg.htm_0011_2108, Fontdlg.htm_2108, Help.css_2108, Iframe.htm_2108, Instable.htm_2108, Irmrept.htm_2108, Isswfresources_llcc.resx_2108, Menu.css_2108, Mssmsg.dll_0001.x86.2108, Owsnocr.css_2108, Rgnlstng.xml_2108, Selcolor.htm_2108, Spadminlcid.rsx_2108, Spmsg.dll_2108, Spstd1.asx_0001_2108, Spstd2.asx_0001_2108, Spstd3.asx_2108, Spstd4.asx_2108, Spstd5.asx_2108, Spstd6.asx_2108, Spstd7.asx_2108, Spstd8.asx_2108, Spthemes.xml_2108, Stsomr.dll_2108, Workflowactions_intl_resources.dll_2108, Workflows_intl_resources.dll_2108, Wsetupui.dll_2108, Wss.intl.res.dll.x86.2108, Wss.search.oob.sql.x86.2108, Wss.srchadm.rsx.x86.2108, Wsslcid.rsx_2108, _basicpg.htm_2108, _wppage.htm_2108, Bform.js_1037, Form.js_1037, Rgnlstng.xml_1037, Bform.js_1081, Form.js_1081, Rgnlstng.xml_1081, Bform.js_1050, Form.js_1050, Rgnlstng.xml_1050, Bform.js_1038, Form.js_1038, Rgnlstng.xml_1038, Stsomr.dll_1038, Bform.js_1040, Form.js_1040, Rgnlstng.xml_1040, Bform.js_1041, Form.js_1041, Rgnlstng.xml_1041, Bform.js_1087, Form.js_1087, Rgnlstng.xml_1087, Bform.js_1042, Form.js_1042, Rgnlstng.xml_1042, Bform.js_1063, Form.js_1063, Rgnlstng.xml_1063, Bform.js_1062, Form.js_1062, Rgnlstng.xml_1062, Rgnlstng.xml_1071, Rgnlstng.xml_1086, Bform.js_1044, Form.js_1044, Rgnlstng.xml_1044, Bform.js_1043, Form.js_1043, Rgnlstng.xml_1043, Bform.js_1045, Form.js_1045, Rgnlstng.xml_1045, Bform.js_1046, Form.js_1046, Rgnlstng.xml_1046, Stsomr.dll_1046, Bform.js_2070, Form.js_2070, Rgnlstng.xml_2070, Bform.js_1048, Form.js_1048, Rgnlstng.xml_1048, Bform.js_1049, Form.js_1049, Rgnlstng.xml_1049, Bform.js_1051, Form.js_1051, Rgnlstng.xml_1051, Bform.js_1060, Form.js_1060, Rgnlstng.xml_1060, Bform.js_2074, Form.js_2074, Rgnlstng.xml_2074, Bform.js_1053, Form.js_1053, Rgnlstng.xml_1053, Bform.js_1054, Form.js_1054, Rgnlstng.xml_1054, Bform.js_1055, Form.js_1055, Rgnlstng.xml_1055, Stsomr.dll_1055, Bform.js_1058, Form.js_1058, Rgnlstng.xml_1058, Bform.js_1066, Form.js_1066, Rgnlstng.xml_1066, Bform.js_2052, Form.js_2052, Rgnlstng.xml_2052, Bform.js_1028, Form.js_1028, Rgnlstng.xml_1028
Impact	Important - Remote Code Execution

MS13-085	Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (KB2885080)
Description	This security update resolves two privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Office file with an affected version of Microsoft Excel or other affected Microsoft Office software. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Payload	Excel.exe
Impact	Important - Remote Code Execution

MS13-086	Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (KB2885084)
Description	This security update resolves two privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a specially crafted file is opened in an affected version of Microsoft Word or other affected Microsoft Office software. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Payload	Winword.exe, Wwlib.dll
Impact	Important - Remote Code Execution

MS13-087	Vulnerability in Silverlight Could Allow Information Disclosure (KB2890788)
Description	This security update resolves a privately reported vulnerability in Microsoft Silverlight. The vulnerability could allow information disclosure if an attacker hosts a website that contains a specially crafted Silverlight application that could exploit this vulnerability and then convinces a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. Such websites could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit a website. Instead, an attacker would have to convince users to visit a website, typically by getting them to click a link in an email message or in an Instant Messenger message that takes them to the attacker's website. It could also be possible to display specially crafted web content by using banner advertisements or by using other methods to deliver web content to affected systems.
Payload	Silverlight_developer_x64.exe, Silverlight_x64.exe
Impact	Important - Information Disclosure

* All results are based on the ChangeBASE Application Compatibility Lab’s test portfolio of over 3,000 applications

↧

DELL Webcast: How automation rescues a stalled migration to Windows 7/8

October 21, 2013, 11:30 am

≫ Next: What's new in Dell Software Group

≪ Previous: Microsoft Patch Tuesday: October 2013

IT environments need to continuously change to keep pace with updated applications and new technology; meaning, business partners (like you) are constantly under pressure to deliver cost-effective solutions.
In this webcast, you’ll learn how to better manage each customer’s application estate for a successful migration from WindowsÒ XP to Windows 7/8, and still meet your SLAs by reducing costs and improving efficiency.

Join us for this live 60-minute webcast, where you’ll see how DellÒ Software solutions can help you:

Meet your SLAs and reduce post-deployment failures.
Speed up testing, fixing and converting of applications by 50 percent through automation.
Easily convert legacy applications into Standard Windows Installers (MSIs) in minutes.
Identify which applications can be virtualized within seconds.
Get point-in-time information through Dashboard views.

Plus, learn about the exciting new re-architected version of ChangeBASE (v6.0).

Register Now >>

↧

What's new in Dell Software Group

November 3, 2013, 11:32 pm

≫ Next: ChangeBASE Version 6.0 Released!

≪ Previous: DELL Webcast: How automation rescues a stalled migration to Windows 7/8

It's November already and the weather has turned cold/wet/dark/nasty here in the UK.

All the better to stay in side and watch DELL software webinars and demo's, eh? Here is a list of some of DELL's online live and recorded sessions for the next few weeks.

Online and Live Webinar Events

Tuesday, Nov. 12 at 8 am PT
Introducing new Dell vWorkspace 8.0 MR1
Join PM Michel Roth as he discusses and demonstrates some of the key new features and benefits enabled in new vWorkspace 8.0 MR1, including support for Microsoft Windows Server 2012 R2 and Windows 8.1, Microsoft App-V 5.0 and Lync 2013, Linux VDI and Improved monitoring, diagnostics and reporting.
Register here.

Wednesday, Nov. 13 at 10 am PT
Simple, Effective Patch Management: From Dilemma to Done Deed
Join Dell experts and a Dell KACE customer to learn more about how the right tools and infrastructure can greatly simplify the patch management process, benefitting both IT administrators and end users.
Register here.

Thursday, Nov 14 at 10 am PT
Reduce Costs and Help the Environment through Desktop Power Management
Discover how to successfully implement power management within your organization and how to effectively quantify and track the potential cost savings. You’ll also learn what to look for in a tool to help.
Register here.

Thursday, Nov 21 at 10 am PT
Extending Physical Document Management to the Mobile Workspace
Learn how Dell’s RemoteScan and vWorkspace enable access to scanners/image acquisition devices physically attached to PCs or thin clients by your mobile workforce, fixing issues encountered when making the jump from physical to virtual desktops. Register here.

Technology Demos

Multiple Dates, Next one: Tuesday, Oct 29 at 11 am PT
Enable BYOD with Easy Scanning for VDI and RDSH Users
Support your BYOD initiatives by making it as easy for your BYOD users to use document scanners and other image acquisition devices as it is for physical desktop users with Dell RemoteScan.
Register here.

Multiple Dates, Next one: Wednesday, Oct 30 at 11 am PT
Managing Configurations in the User Environment without Scripts
Still using login scripts to configure user environments? In this webcast, discover the power of automation when delivering applications, controlling configurations across desktops, virtual desktops, and remote sessions and much more.
Register here.

Multiple Dates, Next one: Wednesday, Nov 6 at 11 am PT
Solving Three Problems by Eliminating User Administrative Rights
It’s time we eliminated the role of Administrator from our Windows servers and desktops. Yet simply killing off Administrator doesn’t solve the problem. In this webcast, we will show you how to increase productivity through policy based elevation of user privileges, minimise security issues caused by unauthorized access and manage user privileges by giving them access to what they need.
Register here.

Multiple Dates, Next one: Wednesday, Nov 6 at 9 am PT
vWorkspace Live Weekly Demo
Deliver huge scalability and speed improvements with Hyper-V Catalyst components for virtual desktops, use Desktop Clouds to provide power and simplicity for SMBs and enterprises, and monitor user experience from a “single pane of glass” for both VDI and TS/RDSH. See vWorkspace 8.0 in action.
Register here.

Webinar Recordings

Best Practices for Migrating from Windows XP and Protecting PCs not Migrated Before XP Support Expires
Hear from industry expert Robert Young from IDC as he shows you how your peers are coping with migrating away from XP, provides you with some best practices and automated tools for migration, and shows you how to protect systems remaining on Windows XP.
View the recording here.

↧

ChangeBASE Version 6.0 Released!

November 7, 2013, 11:46 pm

≫ Next: What's new for DELL Software

≪ Previous: What's new in Dell Software Group

ChangeBASE Version 6.0 is here!

I am very excited to be able to announce the release of ChangeBASE 6.0!

ChangeBASE has always been able to automate the testing, remediation, packaging and virtualization of applications as part of a Windows migration - cutting the time and cost of migrations in half, but now we have completely re-architectedChangeBASE (v6.0) to meet market demand for

Scalability
Better integration with other systems
Even more automation
Sdded flexibility and customizability

ChangeBASE 6.0 enables more streamlined end-to-end application lifecycle management processes and helps speed applications to end users. Application compatibility is a constant challenge for organizations. It doesn’t just affect organizations doing a Windows migration; the IT environment is constantly changing so therefore application readiness is an on-going challenge that needs to be addressed continually. ChangeBASE can help you overcome these challenges.

New Features of ChangeBASE 6.0

Integration: the new API model allows organisation to integrate ChangeBASE with existing systems. This allows you to collect data from different systems such as SCCM or Asset Manager, link data to your applications such as license count, usage and install count so you no longer need to manually access different systems and try to match the data.
Dashboard: the new role-centric dashboard is designed to be customizable. You can drag and drop “widgets” onto the dashboard to show the view(s) of application information that is relevant to your role i.e. Manager gets a high level view of overall project. Application packagers get detailed application compatibility view
Reports: We’ve expanded the reporting capability to allow complete customization via our new “ChangeBASE Report Designer”. Users can add their own company logos and present the information that is useful to them in the web based reports.
Faster Performance: Server based processing means faster performance. Compatibility assessment will occur at the same time as application import with the checks run against the pre-defined target platforms e.g. Windows 7, 64-bit with App-V.
Application Grouping: To facilitate ease of managing large application estates we have added the ability to assign applications to groups and sub-groups, product groups/families, application dependencies and SCCM dependencies.
Role Management: We have added the ability to create Active Directory (AD) users and assign to roles.
Internationalization: ChangeBASE 6.0 will handle all language sets including double-byte code set (DBCS) languages such as Japanese.

Download your free trial now!

↧

What's new for DELL Software

November 26, 2013, 10:35 am

≫ Next: December Patch Tuesday Update

≪ Previous: ChangeBASE Version 6.0 Released!

Webcast Schedule

November is a busy month before the Christmas shut-down, have a look at these live and recorded on line demonstration sessions…

Tech Demos

Multiple Dates, Next one: Tuesday, Nov 26 at 11 am PT

Enable BYOD with easy scanning for VDI and RDSH users
Support your BYOD initiatives by making as easy for your BYOD users to use document scanners and other image acquisition devices as it is for physical desktop users with Dell RemoteScan.
Register here.

Multiple Dates, Next one: Wednesday, Dec 4 at 11 am PT

Solving Three Problems by Eliminating User Administrative Rights
It’s time we eliminated the role of Administrator from our Windows servers and desktops. Yet simply killing off Administrator doesn’t solve the problem. In this webcast, we will show you how to increase productivity through policy based elevation of user privileges, minimise security issues caused by unauthorized access and manage user privileges by giving them access to what they need.
Register here.

Multiple Dates, Next one: Wednesday, Dec 4 at 9 am PT

vWorkspace Live Weekly Demo
Deliver huge scalability and speed improvements with Hyper-V Catalyst components for virtual desktops, use Desktop Clouds to provide power and simplicity for SMBs and enterprises, and monitor user experience from a “single pane of glass” for both VDI and TS/RDSH. See vWorkspace 8.0 in action.
Register here.

Multiple Dates, Next one: Wednesday, Jan 8 at 11 am PT
Managing Configurations in the User Environment without Scripts
Still using login scripts to configure user environments? In this webcast, discover the power of automation when delivering applications, controlling configurations across desktops, virtual desktops, and remote sessions and much more.
Register here.

On-Demand Recordings

Simple, Effective Patch Management: From Dilemma to Done Deed
Join Dell experts as they provide critical tips for effective patch management, and hear from a customer about how they use the Dell KACE appliance to simplify their process. Discover how the right tools and infrastructure can greatly simplify any organisation’s process, benefitting both IT administrators and end users alike.
View the recording.

Reduce Costs and Help the Environment through Desktop Power Management
Discover how to successfully implement power management within your organization and how to effectively quantify and track the potential cost savings. You’ll also learn what to look for in a tool to help.
View the recording.

Extending Physical Document Management to the Mobile Workspace
Learn how Dell’s RemoteScan and vWorkspace enable access to scanners/image acquisition devices physically attached to PC’s or thin clients by your mobile workforce, fixing issues encountered when making the jump from physical to virtual desktops.
View the recording.

↧

December Patch Tuesday Update

December 12, 2013, 7:56 am

≫ Next: Marketing Update for DELL Quest Software

≪ Previous: What's new for DELL Software

Application Compatibility Update with Dell Software's ChangeBASE

Executive Summary
With this December Microsoft Patch Tuesday update, there are 11 updates; 5 of which are marked as “Critical” and 6 rated as “Important”.

The Patch Tuesday Security Update analysis was performed by the Dell ChangeBASE Patch Impact team and identified a small percentage of applications from the thousands of applications included in testing for this release which showed amber issues.

Of the eleven patches, 4 "require a restart to load correctly", and 5 "may require a restart", and 2 indicate they "do not need a re-start" so until we see all patches in the "do not require a restart" our advice is that it is probably best to assume all require a restart to be installed correctly.

Sample Results
Here are two sample results showing amber warnings generated as a result of patches MS-096 & MS-099.

Here is a Sample Summary report

Testing Summary

MS13-096	Vulnerability in Microsoft Graphics Component Could allow Remote Code Execution(KB2908005)
MS13-097	Cumulative Security Update for Internet Explorer (KB2898785)
MS13-098	Vulnerability in Windows Could Allow Remote Code Execution (KB2893294)
MS13-099	Vulnerability in Microsoft Scripting Runtime Object Library Could Allow Remote Code Execution (KB2909158)
MS13-100	Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution(KB2904244)
MS13-101	Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege(KB2880430)
MS13-102	Vulnerability in LRPC Client Could Allow Elevation of Privilege (KB2898715)
MS13-103	Vulnerability in ASP.NET SignalR Could Allow Elevation of Privilege (KB2905244)
MS13-104	Vulnerability in Microsoft Office Could Allow Information Disclosure (KB2909976)
MS13-105	Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution(KB2915705)
MS13-106	Vulnerability in a Microsoft Office Shared Component Could Allow Security Feature Bypass (KB2905238)

Security Update Detailed Summary

MS13-096	Vulnerability in Microsoft Graphics Component Could allow Remote Code Execution(KB2908005)
Description	This security update resolves a publicly disclosed vulnerability in Microsoft Windows, Microsoft Office, and Microsoft Lync. The vulnerability could allow remote code execution if a user views content that contains specially crafted TIFF files.
Payload	Gdiplus.dll
Impact	Critical - Remote Code Execution

MS13-097	Cumulative Security Update for Internet Explorer (KB2898785)
Description	This security update resolves seven privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the most severe of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Payload	Browseui.dll, Html.iec, Ieencode.dll, Iepeers.dll, Mshtml.dll, Mshtmled.dll, Mstime.dll, Shdocvw.dll, Tdc.ocx, Url.dll, Urlmon.dll, Vgx.dll, Wininet.dll
Impact	Critical - Remote Code Execution

MS13-098	Vulnerability in Windows Could Allow Remote Code Execution (KB2893294)
Description	This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user or application runs or installs a specially crafted, signed portable executable (PE) file on an affected system.
Payload	Imagehlp.dll
Impact	Critical - Remote Code Execution

MS13-099	Vulnerability in Microsoft Scripting Runtime Object Library Could Allow Remote Code Execution (KB2909158)
Description	This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker convinces a user to visit a specially crafted website or a website that hosts specially crafted content. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Payload	Cscript.exe, Dispex.dll, Scrobj.dll, Scrrun.dll, Wscript.exe, Wshcon.dll, Wshom.ocx
Impact	Critical - Remote Code Execution

MS13-100	Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (KB2904244)
Description	This security update resolves multiple privately reported vulnerabilities in Microsoft Office server software. These vulnerabilities could allow remote code execution if an authenticated attacker sends specially crafted page content to a SharePoint server. An attacker who successfully exploited these vulnerabilities could run arbitrary code in the security context of the W3WP service account on the target SharePoint site.
Payload	No specific file payload
Impact	Important - Remote Code Execution

MS13-101	Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (KB2880430)
Description	This security update resolves five privately reported vulnerabilities in Microsoft Windows. The more severe of these vulnerabilities could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.
Payload	Win32k.sys
Impact	Important - Elevation of Privilege

MS13-102	Vulnerability in LRPC Client Could Allow Elevation of Privilege (KB2898715)
Description	This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker spoofs an LRPC server and sends a specially crafted LPC port message to any LRPC client. An attacker who successfully exploited the vulnerability could then install programs; view, change, or delete data; or create new accounts with full administrator rights. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.
Payload	Rpcrt4.dll, W03a3409.dll, Wrpcrt4.dll, Ww03a3409.dll
Impact	Important - Elevation of Privilege

MS13-103	Vulnerability in ASP.NET SignalR Could Allow Elevation of Privilege (KB2905244)
Description	This security update resolves a privately reported vulnerability in ASP.NET SignalR. The vulnerability could allow elevation of privilege if an attacker reflects specially crafted JavaScript back to the browser of a targeted user.
Payload	Microsoft.AspNet.SignalR.Core.dll
Impact	Important - Elevation of Privilege

MS13-104	Vulnerability in Microsoft Office Could Allow Information Disclosure (KB2909976)
Description	This security update resolves one privately reported vulnerability in Microsoft Office that could allow information disclosure if a user attempts to open an Office file hosted on a malicious website. An attacker who successfully exploited this vulnerability could ascertain access tokens used to authenticate the current user on a targeted SharePoint or other Microsoft Office server site.
Payload	Mso.dll.x86, Msores.dll, Msosqm.exe, Office.dll, Msointl.dll.x86.1025, Msointl.rest.idx_dll.x86.1025, Msointl.dll.idx_dll.x86.1026, Msointl.dll.x86.1026, Msointl.rest.idx_dll.x86.1026, Msointl.dll.idx_dll.x86.1027, Msointl.dll.x86.1027, Msointl.rest.idx_dll.x86.1027, Msointl.dll.idx_dll.x86.1029, Msointl.dll.x86.1029, Msointl.rest.idx_dll.x86.1029, Msointl.dll.idx_dll.x86.1030, Msointl.dll.x86.1030, Msointl.rest.idx_dll.x86.1030, Msointl.dll.x86.1031, Msointl.rest.idx_dll.x86.1031, Msointl.dll.idx_dll.x86.1032, Msointl.dll.x86.1032, Msointl.rest.idx_dll.x86.1032, Msointl.dll.x86.1033, Msointl.rest.idx_dll.x86.1033, Msointl.dll.x86.3082, Msointl.rest.idx_dll.x86.3082, Msointl.dll.idx_dll.x86.1061, Msointl.dll.x86.1061, Msointl.rest.idx_dll.x86.1061, Msointl.dll.idx_dll.x86.1069, Msointl.dll.x86.1069, Msointl.rest.idx_dll.x86.1069, Msointl.dll.idx_dll.x86.1035, Msointl.dll.x86.1035, Msointl.rest.idx_dll.x86.1035, Msointl.dll.x86.1036, Msointl.rest.idx_dll.x86.1036, Msointl.dll.idx_dll.x86.1110, Msointl.dll.x86.1110, Msointl.rest.idx_dll.x86.1110, Msointl.dll.idx_dll.x86.1095, Msointl.dll.x86.1095, Msointl.rest.idx_dll.x86.1095, Msointl.dll.x86.1037, Msointl.rest.idx_dll.x86.1037, Msointl.dll.idx_dll.x86.1081, Msointl.dll.x86.1081, Msointl.rest.idx_dll.x86.1081, Msointl.dll.idx_dll.x86.1050, Msointl.dll.x86.1050, Msointl.rest.idx_dll.x86.1050, Msointl.dll.idx_dll.x86.1038, Msointl.dll.x86.1038, Msointl.rest.idx_dll.x86.1038, Msointl.dll.idx_dll.x86.1057, Msointl.dll.x86.1057, Msointl.rest.idx_dll.x86.1057, Msointl.dll.x86.1040, Msointl.rest.idx_dll.x86.1040, Msointl.dll.x86.1041, Msointl.rest.idx_dll.x86.1041, Msointl.dll.idx_dll.x86.1087, Msointl.dll.x86.1087, Msointl.rest.idx_dll.x86.1087, Msointl.dll.idx_dll.x86.1099, Msointl.dll.x86.1099, Msointl.rest.idx_dll.x86.1099, Msointl.dll.x86.1042, Msointl.rest.idx_dll.x86.1042, Msointl.dll.idx_dll.x86.1063, Msointl.dll.x86.1063, Msointl.rest.idx_dll.x86.1063, Msointl.dll.idx_dll.x86.1062, Msointl.dll.x86.1062, Msointl.rest.idx_dll.x86.1062, Msointl.dll.idx_dll.x86.1086, Msointl.dll.x86.1086, Msointl.rest.idx_dll.x86.1086, Msointl.dll.idx_dll.x86.1044, Msointl.dll.x86.1044, Msointl.rest.idx_dll.x86.1044, Msointl.dll.x86.1043, Msointl.rest.idx_dll.x86.1043, Msointl.dll.idx_dll.x86.1045, Msointl.dll.x86.1045, Msointl.rest.idx_dll.x86.1045, Msointl.dll.x86.1046, Msointl.rest.idx_dll.x86.1046, Msointl.dll.idx_dll.x86.2070, Msointl.dll.x86.2070, Msointl.rest.idx_dll.x86.2070, Msointl.dll.idx_dll.x86.1048, Msointl.dll.x86.1048, Msointl.rest.idx_dll.x86.1048, Msointl.dll.x86.1049, Msointl.rest.idx_dll.x86.1049, Msointl.dll.idx_dll.x86.1051, Msointl.dll.x86.1051, Msointl.rest.idx_dll.x86.1051, Msointl.dll.idx_dll.x86.1060, Msointl.dll.x86.1060, Msointl.rest.idx_dll.x86.1060, Msointl.dll.idx_dll.x86.2074, Msointl.dll.x86.2074, Msointl.rest.idx_dll.x86.2074, Msointl.dll.idx_dll.x86.1053, Msointl.dll.x86.1053, Msointl.rest.idx_dll.x86.1053, Msointl.dll.idx_dll.x86.1054, Msointl.dll.x86.1054, Msointl.rest.idx_dll.x86.1054, Msointl.dll.idx_dll.x86.1055, Msointl.dll.x86.1055, Msointl.rest.idx_dll.x86.1055, Msointl.dll.idx_dll.x86.1058, Msointl.dll.x86.1058, Msointl.rest.idx_dll.x86.1058, Msointl.dll.idx_dll.x86.1066, Msointl.dll.x86.1066, Msointl.rest.idx_dll.x86.1066, Msointl.dll.x86.2052, Msointl.rest.idx_dll.x86.2052, Msointl.dll.x86.1028, Msointl.rest.idx_dll.x86.1028
Impact	Important - Information Disclosure

MS13-105	Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (KB2915705)
Description	This security update resolves three publicly disclosed vulnerabilities and one privately reported vulnerability in Microsoft Exchange Server. The most severe of these vulnerabilities exist in the WebReady Document Viewing and Data Loss Prevention features of Microsoft Exchange Server. These vulnerabilities could allow remote code execution in the security context of the LocalService account if an attacker sends an email message containing a specially crafted file to a user on an affected Exchange server. The LocalService account has minimum privileges on the local system and presents anonymous credentials on the network.
Payload	No specific file payload
Impact	Critical - Remote Code Execution

MS13-106	Vulnerability in a Microsoft Office Shared Component Could Allow Security Feature (KB2905238)
Description	This security update resolves one publicly disclosed vulnerability in a Microsoft Office shared component that is currently being exploited. The vulnerability could allow security feature bypass if a user views a specially crafted webpage in a web browser capable of instantiating COM components, such as Internet Explorer. In a web-browsing attack scenario, an attacker who successfully exploited this vulnerability could bypass the Address Space Layout Randomization (ASLR) security feature, which helps protect users from a broad class of vulnerabilities. The security feature bypass by itself does not allow arbitrary code execution. However, an attacker could use this ASLR bypass vulnerability in conjunction with another vulnerability, such as a remote code execution vulnerability that could take advantage of the ASLR bypass to run arbitrary code.
Payload	No specific file payload
Impact	Important - Security Feature Bypass

* All results are based on the ChangeBASE Application Compatibility Lab's test portfolio of over 3000 applications.

↧

Marketing Update for DELL Quest Software

July 12, 2013, 2:13 am

≫ Next: Patch Tuesday Update: November 2014

≪ Previous: December Patch Tuesday Update

Loads going on this month - Check out some of our live and on-demand events...

Live Events

July 10 at 11 am PT
Managing Configurations in the User Environment without Scripts
Still using login scripts to configure user environments? If so, it’s time to reconsider – login scripts are cumbersome, inaccurate and time consuming. In this webcast, discover the power of automation when delivering applications, controlling configurations across desktops, virtual desktops, and remote sessions and much more.

Register here .

July 11 at 11 am PT
Bring IT Together: Dell KACE + Desktop Authority Enabling Flexible User Privileges without Sacrificing Security In this webcast, you’ll see how—used together—Dell KACE and Desktop Authority Management Suite answer complex user management challenges in an easy-to-use and affordable way.

Register here .

July 17 at 8 am PT
Unleash the full potential of your financial applications—with desktop virtualization
Join Craig Mathias of Farpoint Group to find out what desktop virtualization can do in financial applications and what applications deployment strategies can minimize cost with no compromise to visibility and control. Register here .

July 18 at 10 am PT
Addressing the Multi-Device Reality: Unified Endpoint Management
Join guest speaker, EMA lead analyst Steve Brasen, author of the recent report Unified Endpoint Management, as he discusses the realities of multi-device proliferation and the need for such core considerations as data loss protection for mobile devices and BYOD policies. New features of the KACE K3000 v1.1 Mobile Management Appliance release will be demonstrated.

Register here .

July 18 at 11 am PT
Creating (and Maintaining!) Consistent Windows Desktops: Are these 15 User Settings in Your Desktop Management?
Today’s PC user expects personalization in his or her Windows desktop. However, some user settings will always need IT configuration. The challenge in desktop management lies in finding the right balance between user and IT control. Join the experts for this informative webcast and learn how controlling 15 user settings can benefit your organization today.

Register here.

July 25 at 10 am PT
From Out of Time to Under Control: 3 Steps to Automating Windows Migrations and Application Compatibility Windows migration doesn't need to be a complex and time consuming task – automation tools and best practices can dramatically simplify system deployments. Find out what time traps are waiting, how to avoid them and how to automate your windows migration process.

Register here .

July 27 at 11 am PT
Solving Desktop Challenges in Healthcare
Today, healthcare IT professionals are forced to do more with less while staying in compliance with the Health Insurance Portability and Accessibility Act (HIPAA). To deal with the many challenges of managing your IT environment, join us for our live webcast and learn how you can enforce HIPAA compliance while ensuring confidentiality and integrity of all your health data.

Register here .

On-Demand

Software License Audit: Breeze it and Beat it with Dell KACE
Learn about new capabilities of the Dell KACE K1000 Management Appliance that will allow you to track and optimize the utilization of purchased licenses, avoid liability for under-license violations, and proactively monitor and enforce organization-wide compliance.

↧

Patch Tuesday Update: November 2014

November 13, 2014, 1:00 pm

≫ Next: Microsoft Security Intelligence Report Version 17 - Now Released

≪ Previous: Marketing Update for DELL Quest Software

Just a quick post on the massive November Patch Tuesday update from Microsoft. With sixteen patches (and two mystery update) this is a massive update that deserves a system administrator's attention.

There month contains a few little gems, and an update that maybe you might want to wait for, before deploying.

You can find the full story here:

Ii will post another preview of Microsoft Patch Tuesday next month (December) so, please watch this space.

↧

Microsoft Security Intelligence Report Version 17 - Now Released

November 17, 2014, 7:50 am

≫ Next: Microsoft Delivers Out of Bound Security Update to Kerberos Authentication

≪ Previous: Patch Tuesday Update: November 2014

Microsoft has been publishing their Security Intelligence Report for a few years now - we are now on Issue 17. Last week, the latest update has been released and is available from the Microsoft download center here.

This latest report covers a great detail of the territory that marks out the major security issues of our time;

including security credentials
application, operating and browser security
and the dangers of expired anti-virus and anti-malware software

One of the real surprises in this lengthy security briefing is the risk of running expired anti-malware software is sometimes actually worse than not running with any protection at all.

The following diagram details each of the risk profiles for anti-malware software.

As you can see from the diagram, The "red" bar representing expired software was almost as high as the "pink" bar with no protection.

Referencing the latest version of the Microsoft SIR document, the authors note;

"Computer users who experience malware infections because of expired security
software are likely to conclude that the protection offered by such products is
largely illusory. An examination of infected and clean computers with security
software from one such vendor, Vendor A, shows that expired security software
misses far more infection attempts than it catches".

Microsoft offers free anti-virus and anti-malware protection, that may not suit all of your needs, but according to the data collected here, it is much better to enable these tools on your desktops than continue to use other expired software. You can get the latest definitions here.

And, if you are using Microsoft Windows 8.1 you are automatically covered if you have enabled automatic updates.

↧

Microsoft Delivers Out of Bound Security Update to Kerberos Authentication

November 19, 2014, 8:14 am

≫ Next: Patching Bad: The new reality of systems updates.

≪ Previous: Microsoft Security Intelligence Report Version 17 - Now Released

Earlier this month, I posted an update on the November Patch Tuesday security releases from Microsoft, which you can read about here. In that posting, I detailed that although it was a massive update of sixteen patches, two updates were not ready for release. The first of those two patches, MS14-068 has now been released by Microsoft and is the fifth patch rated as critical for November by Microsoft.

The Microsoft security update MS14-068 attempts to resolve a privately reported vulnerability in the Kerberos Key Distribution Centre (KDC) authentication system. Once a system has been compromised through this vulnerability, an attacker could impersonate any account (including domain administrator) with the potential to create, edit, or delete any system account. In addition to the severity of this potential security issue, Microsoft has reported limited targeted attacks of this particular vulnerability.

This patch updates a significant number of operating system files (DLL’s) and also updates the SChannel library which was included in the update MS14-066

This is definitely a "patch now” Microsoft update

Chris Goettl has a great blog on these issues which you can find here:

Additional references for this Microsoft update can be found at the Knowledge base article KB2992611

↧

Latest Images