Описание RPC уязвимости в DNS сервере

Michael Howard (блог, rss) в блоге SDL (rss) описывает недавнюю RPC уязвимость в DNS сервере и рассказывает, почему не удалось её обнаружить фуз-тестированием и утилитами анализа кода.

А чуть раньше он же рассказывал про недавнюю ANI уязвимость, описывая, почему так получилось и что они (SDL группа) сделали для предотвращения подобных ошибок в будущем.

Вообще мне нравится, как пишет Michael Howard. Люди из маркетинга говорят, что в Vista есть ASLR, UAC, Firewall, а значит Vista неуязвима. А Michael Howard говорит, что есть ряд технологий противодействия червям и эксплоитам, но это не панацея, и с технической точки зрения описывает что да как. Такой подход мне нравится гораздо больше.

В общем, для меня лично, must read.

Теги: Microsoft, Security, Vulnerability

Virtual Machine Remote Control Client Plus

Microsoft выпустили Virtual Machine Remote Control Client Plus v1.5 для управления виртуальными машинами Virtual Server 2005 R2.

Выгодно отличается от обычного клиента возможностью управлением самим сервером. Обычный же клиент даёт возможность только подключатся к запущенным виртуальным машинам. Доступен для скачивания тут.

Написан на .Net 2.0. Написано, что создавался под VS R2 SP1, но должен работать и на более ранних версиях. На практике удалённо подключится к VS R2 (не SP1) не получилось.

Удивило тем, что это вроде первое обфусцированное приложение от MS.

Теги: Microsoft, Virtual Server

FTP7 Server Beta

Microsoft выпустила бету нового FTP сервиса, который был полностью переписан специально для Windows Server 2008. Скачать можно с сайта IIS.net (http://www.iis.net/downloads/default.aspx?tabid=34&i=1454&g=6).

Естественно только для Win2K8. Хотя новый IIS7 очень бы хотелось запустить на Win2K3…

Features

This new FTP service supports a wide range of features and improvements, and the following list contains several of the improvements in this version:

Integration with IIS 7.0:

IIS 7.0 has a brand-new administration interface and configuration store, and the new FTP service is tightly integrated with this new design. The old IIS 6 metabase is gone, and a new configuration store that is based on the .NET XML-based *.config format has taken its place. In addition, IIS 7.0 has a new administration tool, and the new FTP server plugs seamlessly into that paradigm.

Support for new Internet standards:
One of the most significant features in the new FTP server is support for FTP over SSL. The new FTP server also supports other Internet improvements such as UTF8 and IPv6.

Shared hosting improvements:

By fully integrating into IIS 7.0, the new FTP server makes it possible to host FTP and Web content from the same site by simply adding an FTP binding to an existing Web site. In addition, the FTP server now has virtual host name support, making it possible to host multiple FTP sites on the same IP address. The new FTP server also has improved user isolation, now making it possible to isolate users through per-user virtual directories.

Extensibility and custom authentication:

The new FTP server supports developer extensibility, making it possible for software vendors to write custom providers for FTP authentication. Microsoft is using this extensibility feature to implement two new methods for using non-Windows accounts for FTP authentication for IIS Managers and .NET Membership.

Improved logging support:
FTP logging has been enhanced to include all FTP-related traffic, unique tracking for FTP sessions, FTP sub-statuses, additional detail fields in FTP logs, and much more.

New supportability features:
IIS 7.0 has a new option to display detailed error messages for local users, and the FTP server supports this by providing detailed error responses when logging on locally to an FTP server. The FTP server also logs detailed information using Event Tracing for Windows (ETW), which provides additional detailed information for troubleshooting.

 

Наконец-то появился FTPS. Да и в целом, смотря на IIS7, думается, что проблем с ним, а в частности и с FTP, будет гораздо меньше.

Network Monitor 3.1 Has Released

Только что пришло письмо о том, что зарелизили Network Monitor 3.1!

The NM3.1 is now available on http://connect.microsoft.com featuring wireless sniffing and an easier way to create filters using "Right Click Add To Filter". Here is a list of features that are new to NM3.1.

What’s New in Network Monitor 3.1?

·         Wireless (802.11) capturing and monitor mode on Vista — With supported hardware, (Native WIFI), you can now trace wireless management packets. You can scan all channels or a subset of the ones your wireless NIC supports. You can also focus in on one specific channel. We now show the wireless metadata for normal wireless frames. This is really cool for t-shooting wireless problems. See signal strength and transfer speed as you walk around your house!

·         RAS tracing support on Vista — Now you can trace your RAS connections so you can see the traffic inside your VPN tunnel. Previously this was only available with XP.

·         Right click add to filter — Now there’s an easier way to discover how to create filters. Right click in the frame details data element or a column field in the frame summary and select add to filter. What could be easier!

·         Microsoft Update enabled — Now you will be prompted when new updates exist. NM3.1 will occasionally check for a new version and notify you when one is available.

·         New look filter toolbar — We’ve changed the UI related to apply and remove filters. You can now apply a filter without having to UN-apply it first.

·         New reassembly engine — Our reassembly engine has been improved to handle a larger variety of protocol reassembly schemes.

·         New public parsers — These include ip1394, ipcp, ipv6cp, madcap, pppoE, soap, ssdp, winsrpl, as well as improvements in the previously shipped parsers.

·         Numerous Bug Fixes — We’ve taken your reported problems on the connect site and fixed many of the confirmed bugs.

·         Faster Parser Loading — We’ve significantly improved the time it takes to load the parsers. Now rebuilding takes a fraction of the time it used to.

How do I get NM3.1?

NM3.1 is currently available on http://connect.microsoft.com. You will need to sign in with your passport account and participate in the Network Monitor 3 project, if you haven’t already. Once you do this, you’ll have access to the latest download. This will also give you access to our bug filing process and access to our news groups for getting support. We will also release NM3.1 on the Microsoft Download site within the next few weeks.

Enjoy! 

Network Monitor Team

http://blogs.technet.com/netmon

Migration Sync Toolkit v1.0

Команда, занимающаяся migration solutions for Team Foundation, в своем блоге (rss) объявила о выходе первой версии TFS Migration and Synchronization Toolkit.

Тулкит доступен на codeplex по адресу http://www.codeplex.com/MigrationSyncToolkit/