Windows Week in Review: January 10th, 2008

Worms and rootkits plague the present, Windows Server 2008 marks the future, and Bill Gates gets ready to become the past.

Worms and rootkits plague the present, Windows Server 2008 marks the future and Bill Gates gets ready to become the past.

Welcome to the Windows week in review podcast transcript, for January 10th, 2008. To listen to this podcast, visit the
Windows Week in Review home page.

Rootkit rings in new year for Windows users
A mistake in Office 2003?
Active Directory overhaul
New vulnerability allows for remote deletion
Vista sales minimal...still
Bye bye Bill, we hardly knew ye

Rootkit rings in new year for Windows users

Leading off, reports that a new rootkit is rearing its ugly head at Windows users. The rootkit overwrites the master boot record of Windows machines with a different code. The danger of this rootkit lies in that, by overwriting files in the master boot record, several important startup files that run the machine's operating system are at risk.

Windows Week in Review:  A podcast
Stay up to date with the latest Windows IT news with the Windows Week in Review podcasts.
The attack has been compared to the "Blue Pill" attack, first outlined by Joanna Rutkowska, founder of "Invisible Things Lab" in Poland. Specifically, the Blue Pill attack made rootkits undetectable to anti-malware programs, which, at the time, included Windows vista

At this point, Symantec states that the Trojan Mebroot only poses a threat to Windows XP users. Users can protect themselves, however, if their master boot records feature write-protection.

A mistake in Office 2003?

This rootkit isn't the only problem plaguing Windows users, however. ZDNet UK is reporting that Microsoft has admitted to a mistake in Office 2003.

A December advisory informed users that the latest service pack for Office 2003 featured several blocked file formats. Microsoft told users at the time that by making changes to the registry, they could unblock those file formats.

Last week, however, Microsoft admitted that the released information was incorrect and that it was not the file formats that were insecure, but rather the parsing code that Office 2003 uses to open and save files.

Microsoft has since updated their original advisory. They have provided four updates that users can download in order to block the afforementioned file formats. The updates are for Word, Excel, PowerPoint and CorelDraw. They also provided downloadable content that would effectively REblock these file formats.

Reed Shaffner, worldwide product manager for Microsoft Office, suggests that end users who frequently use the older formats should use the downloadable update, but recommended that IT admins use the previous registry fix.

Active Directory overhaul

You can now have multiple (password policies in Active Directory) and define them on a per-user basis. That's been a major request for a while.

Brian Desmond
AD operations manager
In other news, Windows Server 2008 will be launched next month, with several key changes to Active Directory. In an interview with, Brian Desmond, an AD operations manager, spoke about some of things that have changed.

According to Desmond, among the existing Active Directory features that will be upgraded in Windows Server 2008 are password policies. He said that IT admins can expect to be able to use multiple password policies per domain, adding, "Historically, password policy (in Active Directory) defines how passwords have to be -- for example, eight characters long and (they) expire every 90 days. You've only been able to have one (password policy) per AD domain and Microsoft changed it so you can now have multiple ones and define them on a per-user basis. That's been a major request for a while."

Desmond also spoke of Server Core installations in Windows Server 2008, saying that admins installing the OS would not necessarily be forced to install everything that Microsoft ships. In some cases, like with Internet Explorer, this should eliminate major security concerns for Windows admins.

Desmond went on to say that one of the more exciting new features of Active Directory in Windows Server 2008 is the read-only domain controller. In domain controllers with writeable copies, it becomes a huge security risk if the server is ever stolen. With a read-only feature, however, you can define which passwords are stored locally so that, in the event of server theft, you would not necessarily have to have every single user change their password. The other advantage to a read-only domain controller, obviously, is that your users can't make any unwanted changes to it.

New vulnerability allows for remote deletion

(The TCP/IP exploit) is a very critical flaw in which an attacker can remotely send malicious packets. I would apply this patch as soon as possible.
Amol Sarwate
Vulnerability research lab managerQualys Inc
Moving on to Patch Tuesday news, Microsoft released two security updates this month. reports that the lone critical bulletin addresses two flaws in Windows' Transmission Control Protocol/Internet Protocol (TCP/IP) processing component.

The TCP/IP exploit allows attackers to install programs on infected systems and change or even delete data. These attackers will also be able to create new accounts with full user rights.

Amol Sarwate, manager of the vulnerability research lab at Qualys Inc, recommends not taking this flaw lightly. He said, "This is a very critical flaw in which an attacker can remotely send malicious packets," he said. "No user intervention is required, and no authentication is required of the attacker. I would apply this patch as soon as possible."

The second bulletin, which is deemed important, addresses a problem in Windows Local Security Authority Subsystem Service, or LSASS.
The flaw allows successful attackers to exploit the vulnerability to malicious code on targeted machine with elevated privileges. This flaw is important for users of Windows 2000, Windows XP and Windows Server 2003.

Vista sales minimal...still

Vista machines appear safe from this LSASS flaw. But even if there was a danger, would anybody know?

A report published by Information Week states that Vista sales in its first year on the market have been a disappointment, generating far fewer sales percentage wise than the previous OS, Windows XP, did during its first year. Vista has sold more units than XP did in its first year of availability, but this number is not very impressive considering that the PC market has nearly doubled in size since XP was released in 2001.

According to Microsoft, Vista has sold over 100 million copies since its release in January of 2007. However, this number would only cover just shy of 40% of all new PC's shipped in 2007.

An Information Week survey released last year showed that 30% of corporate desktop managers have no intention of upgrading their company's PC's to Windows Vista this year or beyond.

Bye bye Bill, we hardly knew ye

And finally this week, we'd like to say so long to Bill Gates. The Microsoft chairman made what is likely to be his final keynote address recently, in which he expressed his pride in the incredible strides the IT community has made over the past 10 years in connecting people over the globe. He added that he expects that to continue in the future, with greater emphasis being placed on mobile devices.

And that's it for this week. We'll be back next week with more news from the World of Windows. Until then be sure to check out throughout the week for all the latest Windows news and expert advice.

Dig Deeper on Legacy operating systems

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.