Archive for the ‘Microsoft’ Category

Microsoft to lay off 18,000 in next year

Microsoft announced Thursday morning that it will cut its workforce by up to 18,000 jobs, or 14 percent, in the next year, as part of a broad effort to streamline the company in the wake of its acquisition of phone-maker Nokia.

A letter to employees from CEO Satya Nadella, released by the company, said that its “work toward synergies and strategic alignment on Nokia Devices and Services is expected to account for about 12,500 jobs, comprising both professional and factory workers. We are moving now to start reducing the first 13,000 positions, and the vast majority of employees whose jobs will be eliminated will be notified over the next six months.”

Nadella’s letter said that the company will add jobs in other areas.

In it, he promised further information about where the company will focus investment in innovation during a public conference call to discuss earnings on July 22, and invited staff to join a monthly internal question and answer session with him on Friday to find out more.

Senior leadership team members will discuss the effect of the cuts on their organizations later Thursday, he said. Staff laid off as a result of the process will be offered severance pay and, in many places, help in finding a new job, he said.

Beyond integration of the Nokia handset business, Nadella said the job cuts would focus on work simplification, eliminating layers of management and changing what the company expects from each of the disciplines involved in engineering activities. These changes are intended to accelerate the flow of information and decision making, he wrote.

Nadella also unveiled a few details of his plans for the Nokia phone portfolio.

Microsoft will “focus on breakthrough innovation that expresses and enlivens Microsoft’s digital work and digital life experiences” to win in the higher price tiers, he said.

Most intriguingly, the low-end, Android-based Nokia X phones, introduced as last-gasp strategy by Nokia before it sold the handset business to Microsoft, will survive—but not as Android phones. Instead, said Nadella, “We plan to shift select Nokia X product designs to become Lumia products running Windows.” Nokia had laid the groundwork for that before the sale, building its own apps and a user interface for Android that resembled Windows Phone.

In a separate letter to staff, Microsoft Devices Group head Stephen Elop said the company would continue to sell the Android devices in some countries, depending on local conditions.

He also detailed where some of the job cuts would fall. Engineering work on mobile phones will continue at two locations in Finland, Salo for high-end Lumia devices and Tampere for affordable devices, but will be ramped down in Beijing, San Diego and in Oulo, Finland. Phone manufacturing will continue in Hanoi, and to a lesser extend in Beijing and Dongguan. He made no mention of former Nokia manufacturing operations in India.

There will be limited change for the teams working on Surface devices and Xbox hardware as these had already been restructured earlier in the year, Elop said.

As of June 5, Microsoft had 127,104 employees, 61,313 of them in the U.S., according to its website. The planned job cuts could affect around 14 percent of the workforce.

Peter Sayer contributed to this article.


MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

 

 

Microsoft slates critical IE, Windows patches for Tuesday

One month left for businesses to migrate from Windows 8.1 to Windows 8.1 Update

Microsoft today said it will ship six security updates to customers next week, patching all versions of Internet Explorer (IE) and nearly all supported editions of Windows.

The IE update, one of two classified as “critical” — Microsoft’s most serious threat ranking — will patch IE6 on Windows Server 2003, IE7, IE8, IE9, IE10 and the newest, IE11.

It’s unlikely that July’s IE update will match June’s in size: Microsoft fixed a record 60 flaws in the browser on June 10. (Originally, Microsoft said it had patched 59 IE bugs last month, but a week later acknowledged it had forgotten to add one to the list, and so upped the count to an even 60.)

Windows 7 users who have not freshened IE11 with a mandatory April update will not receive next week’s browser fixes.

According to Thursday’s advanced notice, which briefly described the July updates, the second critical bulletin will patch all client editions of Windows — from Vista to Windows 8.1 — and all server versions except for those running on systems powered by Intel’s Itanium processors. Windows Server 2008 and Server 2012 systems provisioned by installing only the Server Core — a minimal install with many features and services omitted to lock down the machine — are also exempt from Bulletin 2, Microsoft said.

Of the remaining four updates, three were labeled “important” by Microsoft — the threat step below critical — while the fourth was pegged “moderate.” All will offer patches for some or all Windows editions, both on the desktop and in the data center.

Security researchers pointed to the two critical bulletins as the obvious first-to-deploy for most Microsoft customers.

They also remarked on Bulletin 6, the single moderate update, which will patch Microsoft Service Bus for Windows Server. The bus is a messaging and communications service that third-party developers can use to tie their code to Windows Server and Microsoft Azure, the Redmond, Wash. company’s cloud service.

“The odd one out this month is the Moderate Denial of Service in ‘Microsoft Service Bus for Windows Server,’” said Ross Barrett, senior manager of security engineering at Rapid7, in an email. “It’s part of the Microsoft Web Platform package and is not installed by default with any OS version.”

Although Microsoft did not mention it in today’s advance notice, or in the blog post by the Microsoft Security Response Center (MSRC), enterprises have one more month to deploy April’s Windows 8.1 Update and Server 2012 R2 Update before losing patch privileges for devices running Windows 8.1 or servers running 2012 R2.

Hardware powered by Windows 8.1 or Server 2012 R2 must be updated before Aug. 12, the next scheduled Patch Tuesday, to receive that month’s updates, as well as any future security fixes.

Or in some cases, even present patches, said Chris Goettl, a program product manager at Shavlik, in an email.

“One thing to watch out for [next week] will be [something similar to] the many exceptions we saw last month,” Goettl cautioned. “Many of the updates we saw in June required other updates to be in place, depending on the platform. For those running Windows 8.1 or Server 2012 R2, they need to be prepared for more of these updates to require Update 1 before they can apply them. Microsoft has stated they would delay a hard enforcement until August, but more and more of the patches [have] had variations that required Update 1. So look out for that cut over — it’s coming quick.

 


MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCP Training at certkingdom.com

 

 

Microsoft Windows Server 2008 Certification Exam

In this day and age, companies tend to hire those applicants who are not only well-qualified but have a diverse combination of skills as well. So it does not hurt if you have a certification on your resume; instead, it will help you a great deal. A certification in your profession will not only make you more qualified than the other applicants but it will also give a signal to the employers that you are a person who believes in moving forward and is determined to develop further his or her understandings and skills about the subject matter. MCSA – Windows Server 2008 certification exam is designed for IT professionals whose jobs revolve around handling Server Networks. This certification is quite an important one since Windows Server 2008 is an important program and it is needed for the proper functioning of extended programs.

Exam Topics of MCSA- Windows Server 2008: This exam consists of three papers. The first one is Windows Server 2008 Active Directory, Configuring with the certification code of 70-640. The second one is Windows Server 2008 Network Infrastructure, Configuring with the certification code of 70-642. Last one is Windows Server 2008, Server Administration with the certification code of 70-646.


MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com


Exam Topics of 70-640:
This exam tests an individual’s knowledge in configuring and implementing Windows Server 2008 Active Directory Environment. This exam is divided into 6 sections.

  • First section deals with Configuration of DNS for Active Directory and this section carries 17 percent marks.
  • Second section deals with Configuration of Active Directory Infrastructure and this section carries total of 17 percent marks.
  • Third part covers Configuration of Active Directory Roles and Services and this part is worth 14 percent marks.
  • Forth part deals with creation and maintenance of Active Directory objects and this part is worth 18 percent marks.
  • Fifth part deals with maintenance of Active Directory Environment and this part carries a total of 18 percent marks.
  • Sixth part deals with Configuration of Active Directory Certificate Services and this part is worth 15 percent marks.

Exam Topics of 70-642:
This paper is all about Network infrastructure and the topics are:

  • IP addressing and Services.
  • Configuring Name Resolution.
  • Configuring Network and Remote Access.
  • File and Print Services configuration.
  • Network Infrastructure Monitoring and Management.

Exam topics of 70-646:
This paper tests the candidate’s skills on the following topics:

  • Planning of Server Deployment. (This part carries 19 percent marks)
  • Planning for Server Management. (This part carries 23 percent marks)
  • Monitoring and Maintaining Services. (This part carries 20 percent marks)
  • Planning Application and Data Provisioning. (This part carries 19 percent marks)
  • Planning for Business continuity and High Availability. (This part carries 19 percent marks)

MCSA: Windows Server 2008 certification exam is held in Pro metric testing centers. When compared with its benefits, this exam is quite inexpensive; it costs around $240. Hence, IT professionals and Systems Administrators are encouraged to register for this exam. Moreover, if you are considering on taking MCSE in the future, you should start from this exam since it counts towards MCSE.

Microsoft Certifications 2014 can you a JOB

With the new technologies coming in the market every other day, life has become advanced these days. In this modern era, you have to be on your toes all the time especially if your career in related to the field of IT: one has to stay updated with all the latest programs and their features in order to stay ahead of his peers. For instance, there was a time when Gramophone was the invention of the century but then it was replaced with mobile phones. Similarly, the invention of television and radio created quite a heap in the early 20th century but later on, the thunder was stolen by computers in the late 20th century.

In this day and age, computers and internet have become the center of attention. Consequently, IT has become the most popular field. IT experts are quite in demand these days; but with the emergence of new programs every other day, they have to keep up with the latest technology in order to stay ahead in the race. One way of staying ahead is the certification courses. These courses ensure that the candidate has attained all the latest knowledge and is ready to roll in the world of technology.

This article will discuss some of the most popular certification courses offered by Microsoft.

Microsoft Technology Associate

This is a certification course designed for the starters: people who want to start their line of business in the field of technology. Accordingly, it tests the fundamentals of IT and validates that the candidates have a basic understanding of the essentials. This course has been divided into three tracks and the candidates can choose any one of the tracks, depending on their preference. The tracks are: IT infrastructure, Database Design and Developer.

Microsoft MCSA- Windows Server 2008
This exam is designed for the IT personnel and it validates their skills in Server Networking management. IT professionals and System Administrators are suggested to take MCSA- Windows Server 2008 exam especially if they are looking forward to earning their MCSE certification.

Microsoft MCSA- Windows Server 2012
This certification exam is an advanced level exam which validates that the candidates have sufficient knowledge of Windows Server 2012 for its proper installation, configuration and working. MCSA- Windows Server 2012 certified can easily get the position of Network Administrator, Computer Systems Administrator or Computer Network Analyst.

Microsoft MCSE- Server Infrastructure
This certification course is designed for IT experts and it will get you the title of ‘Solutions Expert’. It tests individual’s skills in effectively and efficiently running a modern data center with some experience in virtualization storage and networking, identity management and systems management.

Microsoft MCSE- Desktop Infrastructure
This course validates that the individuals can manage desktops and devices, while maintaining their security and integrity, from anywhere around the globe. It also tests individuals’ expertise in application and desktop virtualization together with remote desktop services. With this certification in hand, you can easily qualify for a job of Data and Application Manager or Desktop and Device Support Manager.

Microsoft MCSE- Messaging
This certification is an expert level certification and it validates that the applicant has relevant skills in order to increase user productivity and flexibility. It also validates that the person has sufficient knowledge as to how to improve data security and reduce data loss. After passing this certification exam, candidates can easily qualify for the position of Network and Computer System Administrator.

Microsoft  MCSE- Communication
This certification validates candidates’ expertise in using Lync Server to create an effective communication path that can be accessed from all around the globe. This certification is also an expert level certification and you can easily qualify for the position of Network and Computer System Administrator with it.

Microsoft  MCSE- SharePoint

This Microsoft Certified Solutions Expert certification course verifies that the candidates have the necessary expertise to share, synchronize and organize the data across the organization. SharePoint 2013 is the updated version of Microsoft Office, and passing this certification can get you a job of Systems or Network Analyst.

Microsoft MCSD- SharePoint Application

This Microsoft Certified Solutions Developer certification course is another of expert level certification courses which validates individuals’ expertise in web programming. It also requires the individuals to design and develop applications with Microsoft SharePoint. With this certification, you can easily secure the position of Software Developer or Web Developer.

Microsoft Private Cloud

MCSE- Private Cloud certification course tests candidates’ expertise to manage Private Cloud computer technologies. It also verifies that the candidate can implement these technologies in a way to optimize service delivery. You can easily get the position of Server Administrator and Network Manager with this certification on your resume.

Microsoft System Center Configuration Manager
Microsoft System Center Certification focuses on the skills to manage computer and clients. The candidates should be able to configure, administer and deploy System Center 2012 in order to pass this exam. You can earn the title of Microsoft Certified Technology Specialist through this certification.

Microsoft Server Virtualization
This certification verifies that the candidate is familiar with Server Virtualization, both on Windows Server and System Center. This course expands individual’s expertise and skills in order for him to meet the rapidly modernizing technological business needs, and it can get him the title of Microsoft Specialist in no time.

Microsoft Office Certifications
Microsoft offers many certifications that verify candidates’ skills in handling and using Microsoft Office Applications. These certifications start from beginners level and go up to the master level. Microsoft Office Specialist is a beginner level certification whereas Microsoft Office Specialist Expert is an advanced level certification. Last but not the least; Microsoft Office Specialist Master is a master level certification.

Microsoft MCSA- Office 365
This course focuses on individual’s skills in handling Office 365 together with productivity tools and cloud-based collaboration. This certification can easily get you the position of Cloud Application Administrator or SaaS Administrator.

Microsoft Dynamics

This Microsoft Certified Technology Specialist certification confirms an individual’s expertise in Microsoft dynamics: a specific module can be chosen for this certification. However, this certification will be withdrawn from the market, at the end of this year, and replaced with the new ones.


MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

 

 

Windows XP hack resurrects patches for retired OS

But security researcher who tried the hack isn’t sure the fixes will actually keep exploits at bay

A simple hack of Windows XP tricks Microsoft’s update service into delivering patches intended for a close cousin of the aged OS, potentially extending support for some components until 2019, a security researcher confirmed today.

What’s unclear is whether those patches actually protect a Windows XP PC against cyber criminals’ exploits.

The hack, which has circulated since last week — first on a German-language discussion forum, then elsewhere as word spread — fools Microsoft’s Windows Update service into believing that the PC is actually running a close relation of XP, called “Windows Embedded POSReady 2009.”

Unlike Windows XP, which was retired from security support April 8 and no longer receives patches, Embedded POSReady 2009 is due patches until April 9, 2019.

As its name implies, POSReady 2009 is used as the OS for devices such as cash registers — aka point-of-sale systems — and ATMs. Because it’s based on Windows XP Service Pack 3 (SP3), the last supported version of the 13-year-old OS, its security patches are a superset of those that would have been shipped to XP users if support was still in place. Many of POSReady 2009′s patches are similar, if not identical, to those still offered to enterprises and governments that have paid Microsoft for post-retirement XP support.

Jerome Segura, a senior security researcher at Malwarebytes, an anti-malware software vendor, tried out the hack and came away impressed.

“The system is stable, no crashes, no blue screens,” Segura said in an interview, talking about the Windows XP virtual machine whose updates he resurrected with the hack. “I saw no warnings or error messages when I applied patches for .Net and Internet Explorer 8.”

The Internet Explorer 8 (IE8) update Segura applied appeared to be the same one Microsoft released May 13 for other versions of Windows, including POSReady 2009, but did not deliver to Windows XP.

But although he has run the hacked XP for several days now without any noticeable problems, he wasn’t willing to give the trick a passing grade.

“[POSReady 2009] is not Windows XP, so we don’t know if its patches fully protect XP customers,” Segura said. “From an exploit point of view, when those vulnerabilities are exploited in the wild, will this patch protect PCs or will they be infected? That would be the ultimate proof.”

Microsoft, not surprisingly, took a dim view of the hack.

“We recently became aware of a hack that purportedly aims to provide security updates to Windows XP customers,” a company spokesperson said in an email. “The security updates that could be installed are intended for Windows Embedded and Windows Server 2003 customers and do not fully protect Windows XP customers. Windows XP customers also run a significant risk of functionality issues with their machines if they install these updates, as they are not tested against Windows XP.”


 

Best Microsoft MCTS Training – Microsoft MCITP Training at Certkingdom.com

 

Malicious Downloader’s calls out Microsoft

Anti-malware vendors advise about downloaders used to infect PCs

Microsoft is placing makers of downloader software on observe when it sees that their softwares are getting used to infect PCs, and it is effective anti-virus vendors that maybe these downloader agenda ought to be tagged as malware.

In its latest Security Intelligence Report the corporation comments that the use of previously benign downloaders has ever more become a means to infect computers with malware, mainly click-fraud programs and ransomware in which assailant extort cash from wounded in return for return their equipment to a useful state.

As part of its manufacturing teamwork, Microsoft shares the data it gathers from its clients about infections with related parties. In this case it tells the downloader makers in hopes they can restrict use of their products to legitimate purposes.

It tells anti-malware vendors so they are aware that certain downloaders represent a threat and should be removed from computers protected by their products, says Holly Stewart, a senior program manager in Microsoft’s Malware defense Center.

A downloader called Rotbrow was the one mainly often used to help malicious actions throughout the last partially of 2013, most usually by downloading a click-fraud app called Sefnit. Before that Rotbrow didn’t record at all as a tool use by attackers, Stewart says.

characteristically the downloaders are bundled with useful freeware such as software to unzip archive. The downloaders might be used legitimately to download updates to the unzip programs, or to download malware, Stewart says.

The dominant types of malware Microsoft observed being downloaded in this way during the last half of 2013 were BitCoin miners and click-fraud programs.

Bitcoin miners run in the background of infected computers to confirm and process Bitcoin transactions in exchange for earning Bitcoins. The attacker reaps the Bitcoins earned by the infected computers. Click fraud forces the infected computer’s browser to automatically click on advertisements that earn cash for each click logged. In both cases indication of the infections can decrease performance of the engine involved.

Microsoft also experimental the proliferation of ransomware, with one called Reveton important the pack and enjoying a 45% raise in use during the last half of 2013, Stewart says. The need to disinfect Microsoft computers of ransomware tripled during the same time period, according to the Security Intelligence Report.

Microsoft procedures prevalence of malware by including the number of computers cleaned per 1,000 computers that are execute Microsoft’s Malicious Software Removal Tool. For ransomware in general, that count rose from 5.6 to 17.8 between the third and fourth quarters of last year, Stewart says.

Ransomware attacker’s goal picky regions with particular ransomware platforms, she says. For example, the one called Crilock is aimed mostly at computers in the U.S. and U.K. while Reveton aims at the likes of Spain, Belgium, Portugal, Hungary and Austria.


MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCSE Training at certkingdom.com

Open sources software’s are expensive than Microsoft

Microsoft cheaper to use than open source software, UK CIO says

British government says every time they compare FOSS to MSFT, Redmond wins.

 

A UK government CIO says that every time government citizens evaluate open source and Microsoft products, Microsoft products forever come out cheaper in the long run.

 

Jos Creese, CIO of the Hampshire County Council, told Britain’s “Computing” publication that part of the cause is that most staff are already familiar with Microsoft products and that Microsoft has been flexible and more helpful.

 

“Microsoft has been flexible and obliging in the means we apply their products to progress the action of our frontline services, and this helps to de-risk ongoing cost,” he told the publication. “The tip is that the true charge is in the totality cost of ownership and exploitation, not just the license cost.”

 

Creese went on to say he didn’t have a particular bias about open source over Microsoft, but proprietary solutions from Microsoft or any other commercial software vendor “need to justify themselves and to work doubly hard to have flexible business models to help us further our aims.”

 

He approved that there are troubles on together sides. In some cases, central government has developed an undue dependence on a few big suppliers, which makes it hard to be confident about getting the best value out of the deal.

 

On the other hand, he is leery of depending on a small firm, and Red Hat aside, there aren’t that many large, economically hard firms in open source like Oracle, SAP, and Microsoft. Smaller firms often offer the greatest innovation, but there is a risk in agreeing to a significant deal with a smaller player.

 

“There’s a huge dependency for a large organization using a small organization. [You need] to be mindful of the risk that they can’t handle the scale and complexity, or that the product may need adaptation to work with our infrastructure,” said Creese.

 

I’ve heard this argue before. Open source is cheaper in gaining costs not easy to support over the long run. Part of it is FOSS’s DIY ethos, and bless you guys for being able to debug and recompile a complete app or distro of Linux, but not everyone is that smart.

 

The extra problem is the lack of support from vendors or third parties. IBM has done what no one else has the power to do. 20 after Linus first tossed his creation on the Internet for all to use, we still don’t have an open source equivalent to Microsoft or Oracle. Don’t say that’s a good thing because that’s only seeing it from one side. Business users will demand support levels that FOSS vendors can’t provide. That’s why we have yet to see an open source Oracle.

 

The part that saddens me is that reading Creese’s interview makes it clear he has more of a clue about technology than pretty much anyone we have in office on this side of the pond.
b3

Best Microsoft MCTS Certification, Microsoft MCP Training at certkingdom.com

Zero-day IE unprotected, Windows XP exposed

Microsoft is trying to gauge the seriousness of a zero-day flaw in all Internet Explorer browsers from versions 6 through 11 and whether it warrants issuing an out-of-band fix before May’s Patch Tuesday.

The vulnerability, which is being exploited in the wild, allows remote code execution within the browser and could be carried out by luring users to specially crafted Web pages. It then enables attackers to assume the same privileges as the current user.

+ Also on Network World: Secure browsers offer alternatives to Chrome, IE and Firefox | Best browsers for safe surfing +

While Microsoft investigates, it recommends that users deploy its Enhanced Mitigation Experience Toolkit (EMET) 4.1, whose default setting helps protect IE. EMET can be configured using group policy.

It also recommends blocking Active X Controls and Active Scripting by setting IE security zone settings to “high.” This may cause some Web sites to behave incorrectly. “If you have difficulty using a website after you change this setting, and you are sure the site is safe to use, you can add that site to your list of trusted sites,” Microsoft says. “This will allow the site to work correctly even with the security setting set to High.”

According to Ross Barrett, a security engineer at Rapid7, the known exploit relies on Adobe Flash. “Disabling or removing flash will block the known exploit, but does not address the root cause issue in Internet Explorer,” he says in a blog post.

He notes that this is the first major issue to hit Windows XP since Microsoft stopped supporting the operating system April 8. The Microsoft security advisory doesn’t mention XP as an affected system since the company no longer provides security updates for it.

There are some mitigating factors surrounding the vulnerability, Microsoft says, including that some default-mode configurations that may lessen the threat it poses. Microsoft says:

By default, Internet Explorer on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2 runs in a restricted mode that is known as Enhanced Security Configuration. This mode mitigates this vulnerability.

By default, all supported versions of Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML email messages in the Restricted sites zone. The Restricted sites zone, which disables script and ActiveX controls, helps reduce the risk of an attacker being able to use this vulnerability to execute malicious code. If a user clicks a link in an email message, the user could still be vulnerable to exploitation of this vulnerability through the web-based attack scenario.

An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

In a web-based attack scenario, an attacker could host a website that contains a webpage that is used to exploit this vulnerability. In addition, compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these websites. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker’s website.


MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCP Training at certkingdom.com

Microsoft suspends Windows 8.1 Update release to businesses

Bug prompts Microsoft to halt update’s delivery through WSUS, the standard enterprise update service

Microsoft on Tuesday suspended serving Windows 8.1 Update to businesses that rely on WSUS (Windows Server Update Services), saying that a bug would prevent devices from recognizing future updates.

WSUS is Microsoft’s standard corporate update service and is used by IT staffs to manage the distribution of bug fixes, security patches and other updates to Windows devices on a company’s network.

“There is a known issue which causes some PCs updated with the Windows 8.1 Update to stop scanning against Windows Server Update Services 3.0 Service Pack 2 (WSUS 3.0 SP2 or WSUS 3.2) servers which are configured to use SSL and have not enabled TLS 1.2,” Microsoft wrote on its WSUS blog.

Microsoft released Windows 8.1 Update on Tuesday. The refresh was a follow-on to last October’s Windows 8.1, which in turn was a major update to 2012′s Windows 8.

The problem affected WSUS 3.2 running on Windows Server 2003 SP2, Windows Server 2003 R2 SP2, Windows Server 2008 SP2, and Windows Server 2008 R2 SP1 when HTTPS and SSL (Secure Sockets Layer) were enabled but TLS 1.2 was not.

Until the Redmond, Wash., company comes up with a fix, customers that have already deployed Windows 8.1 Update can apply workarounds — enable TLS 1.2 or disable HTTPS — that will let PCs recognize future WSUS-delivered updates.

It’s unclear how many businesses were affected, and Microsoft did not provide an estimate. But neither HTTPS nor TLS 1.2 are enabled by default on WSUS.

Even so, Microsoft halted Windows 8.1 Update’s rollout via WSUS.

“Microsoft plans to issue an update as soon as possible that will correct the issue and restore the proper behavior for Windows 8.1 Update scanning against all supported WSUS configurations,” Microsoft said. “Until that time, we are temporarily suspending the distribution of the Windows 8.1 Update to WSUS servers.”

Microsoft has stumbled over updates numerous times in the past 12 months. Last September, Microsoft shipped several flawed updates, including one that emptied Outlook 2013′s folder pane and others that repeatedly demanded customers install them even after they had been deployed. In the months before that, Microsoft yanked an Exchange security update, admitting it had not properly tested the patches, and urged Windows 7 users to uninstall an update that crippled PCs with the infamous “Blue Screen of Death.”

Microsoft did not hint at a timetable for fixing the bug, but discouraged customers who rely on WSUS from manually deploying Windows 8.1 Update, which is also available from Windows Update, MSDN (Microsoft Developers Network) and the Microsoft download center.

“We recommend that you suspend deployment of this update in your organization until we release the update that resolves this issue,” Microsoft said.


MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

 

 

The greatest security story never told — how Microsoft’s SDL saved Windows

‘We actually had to bus in engineers.’

Microsoft has launched a new website to “tell the untold story” of something it believes changed the history of Windows security and indeed Microsoft itself – the Software Development Lifecycle or plain ‘SDL’ for short.

For those who have never heard of the SDL, or don’t have the remotest idea why it might be important, the new site offers some refreshingly candid insights to change their minds.

Without buying into the hype, the SDL can still fairly be described as the single initiative that saved Redmond’s bacon at a moment of huge uncertainty in 2002 and 2003. Featuring video interviews with some of its instigators and protagonists, the new site offers outsiders a summary of how and why Microsoft decided to stop being a software firm and become a software and security firm in order to battle the malware that was suddenly smashing into its software.

Few outside the firm knew of the crisis unfolding inside its campus but not everyone was surprised. Microsoft now traces the moment the penny dropped to the early hours of a summer morning in 2001, only weeks before it was due to launch Windows XP to OEMs.

“It was 2 a.m. on Saturday, July 13, 2001, when Microsoft’s then head of security response, Steve Lipner, awoke to a call from cybersecurity specialist Russ Cooper. Lipner was told a nasty piece of malware called “Code Red” was spreading at an astonishing rate. Code Red was a worm a malicious computer program that spreads quickly by copying itself to other computers across the Internet. And it was vicious.”

Others arrived in the following two years; the Blaster worm, Nimda, Code Red II, MyDoom, Sasser, and on and on. To a world and a Microsoft not used to the notion of malware being a regular occurrence, this was all a big shock.

By January 2002, with attacks on its baby XP humbling the biggest software firm on earth, Bill Gates sent his famous Trustworthy Computing (TwC) memo to everyone at Microsoft. From now on, security was going to be at the root of everything and so help us God.

That turned into the SDL, and it was given priority one to the extent that it took over the whole 8,500-person Windows development team for much of that year and the next. Its ambition was to completely change the way Microsoft made software so that as few programming errors were made that had to be fixed once customers were involved; “security could not continue to be a retroactive exercise.”

Users had also started complaining. Loudly.

“I remember at one point our local telephone network struggled to keep up with the volume of calls we were getting. We actually had to bus in engineers,” the site quotes its security VP Matt Thomlinson as saying.

The fruit of the SDL was XP’s first Service Pack in 2002, followed up by the even more fundamental security overhaul of SP2 in 2004. By then, XP had been equipped with a software firewall, an almost unthinkable feature for an OS three years eariler.

It’s arguable that despite the undoubted gains of the SDL since then, that the firm has yet to fully recover from the trauma of the period. Windows development has seemed less and less certain ever since, following up XP with the flawed Vista and more recent Windows 8 near-debacle. Microsoft still does operating systems but it’s not clear that all its users do.

Still, the SDL programme has proved hugely influential even if it’s not well known outside tech circles. It is now baked into everything. It has also influenced many other software houses and many have versions of the SDL of their own, many modelled on Microsoft’s published framework on how to run secure development.

Whatever mis-steps Microsoft has made in the last decade, security has turned into a bit of a success story right down to the firm’s pioneering and hugely important Digital Crimes Unit (DCU) that conducts the forensics necessary to track down the people who write malware in their caves. Both the SDL and DCU are seen as world leaders.

So let’s hear of for Redmond, the software giant that launched an operating system years behind the criminals but somehow clawed itself back from disaster. Most other firms would have wilted but somehow Gates’s memo rallied the cubicle army.


 

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com