|Worms and rootkits plague the present, Windows Server 2008 marks the future and Bill Gates gets ready to become the past.
Welcome to the searchWinIT.com Windows week in review podcast transcript, for January 10th, 2008. To listen to this podcast, visit the searchWinIT.com
IN THIS PODCAST
Rootkit rings in new year for Windows users
A mistake in Office 2003?
Active Directory overhaul
New vulnerability allows for remote deletion
Vista sales minimal...still
Bye bye Bill, we hardly knew ye
Leading off, searchSecurity.com reports that a new rootkit is rearing its ugly head at Windows users. The rootkit overwrites the master boot record of Windows machines with a different code. The danger of this rootkit lies in that, by overwriting files in the master boot record, several important startup files that run the machine's operating system are at risk.
At this point, Symantec states that the Trojan Mebroot only poses a threat to Windows XP users. Users can protect themselves, however, if their master boot records feature write-protection.
This rootkit isn't the only problem plaguing Windows users, however. ZDNet UK is reporting that Microsoft has admitted to a mistake in Office 2003.
A December advisory informed users that the latest service pack for Office 2003 featured several blocked file formats. Microsoft told users at the time that by making changes to the registry, they could unblock those file formats.
Last week, however, Microsoft admitted that the released information was incorrect and that it was not the file formats that were insecure, but rather the parsing code that Office 2003 uses to open and save files.
Microsoft has since updated their original advisory. They have provided four updates that users can download in order to block the afforementioned file formats. The updates are for Word, Excel, PowerPoint and CorelDraw. They also provided downloadable content that would effectively REblock these file formats.
Reed Shaffner, worldwide product manager for Microsoft Office, suggests that end users who frequently use the older formats should use the downloadable update, but recommended that IT admins use the previous registry fix.
According to Desmond, among the existing Active Directory features that will be upgraded in Windows Server 2008 are password policies. He said that IT admins can expect to be able to use multiple password policies per domain, adding, "Historically, password policy (in Active Directory) defines how passwords have to be -- for example, eight characters long and (they) expire every 90 days. You've only been able to have one (password policy) per AD domain and Microsoft changed it so you can now have multiple ones and define them on a per-user basis. That's been a major request for a while."
Desmond also spoke of Server Core installations in Windows Server 2008, saying that admins installing the OS would not necessarily be forced to install everything that Microsoft ships. In some cases, like with Internet Explorer, this should eliminate major security concerns for Windows admins.
Desmond went on to say that one of the more exciting new features of Active Directory in Windows Server 2008 is the read-only domain controller. In domain controllers with writeable copies, it becomes a huge security risk if the server is ever stolen. With a read-only feature, however, you can define which passwords are stored locally so that, in the event of server theft, you would not necessarily have to have every single user change their password. The other advantage to a read-only domain controller, obviously, is that your users can't make any unwanted changes to it.
The TCP/IP exploit allows attackers to install programs on infected systems and change or even delete data. These attackers will also be able to create new accounts with full user rights.
Amol Sarwate, manager of the vulnerability research lab at Qualys Inc, recommends not taking this flaw lightly. He said, "This is a very critical flaw in which an attacker can remotely send malicious packets," he said. "No user intervention is required, and no authentication is required of the attacker. I would apply this patch as soon as possible."
The second bulletin, which is deemed important, addresses a problem in Windows Local Security Authority Subsystem Service, or LSASS.
The flaw allows successful attackers to exploit the vulnerability to malicious code on targeted machine with elevated privileges. This flaw is important for users of Windows 2000, Windows XP and Windows Server 2003.
Vista machines appear safe from this LSASS flaw. But even if there was a danger, would anybody know?
A report published by Information Week states that Vista sales in its first year on the market have been a disappointment, generating far fewer sales percentage wise than the previous OS, Windows XP, did during its first year. Vista has sold more units than XP did in its first year of availability, but this number is not very impressive considering that the PC market has nearly doubled in size since XP was released in 2001.
According to Microsoft, Vista has sold over 100 million copies since its release in January of 2007. However, this number would only cover just shy of 40% of all new PC's shipped in 2007.
An Information Week survey released last year showed that 30% of corporate desktop managers have no intention of upgrading their company's PC's to Windows Vista this year or beyond.
And finally this week, we'd like to say so long to Bill Gates. The Microsoft chairman made what is likely to be his final keynote address recently, in which he expressed his pride in the incredible strides the IT community has made over the past 10 years in connecting people over the globe. He added that he expects that to continue in the future, with greater emphasis being placed on mobile devices.
And that's it for this week. We'll be back next week with more news from the World of Windows. Until then be sure to check out SearchWinIT.com throughout the week for all the latest Windows news and expert advice.