So I’m back , this week I had a little downtime with the blog.

Microsoft Support did a quick fix Thanks guy’s for the fast support.

 

Here is an Excellent post from the McAfee blog.

First Glimpse into MS08-067 Exploits In The Wild

It has been over 2 years since I last wrote about malware exploitation of a major vulnerability in the Windows Server Service (MS06-040) by malware.

In 2006, worm authors were quick to adopt the remotely executed exploit in just 4 day following a security update released as part of the regular Patch Tuesdays - IRC-Mocbot, W32/Sdbot, W32/Spybot, W32/Opanki, et ceteras.

Now in 2008, we are faced with malware authors, motivated by profits, more organized, and are more likely to target zero-day vulnerabilities, as we have reported on several critical incidents we have discovered since 2006. Like déjà vu, Microsoft released an out-of-cycle security update today to address in-the-wild attacks against a new MS08-067 vulnerability targeting the same Windows Server Service.

Attacks seen in the wild so far seem to have come from variants of the Spy-Agent.da trojan. When run, it may not be immediately apparent to the victim that it was using any exploits. Taking a quick glimpse into the binary code of basesvc.dll (Spy-Agent.da.dll), one of the DLL components installed by Spy-Agent.da, one can see strings that would look very familiar to those familiar with MS06-040.

On closer analysis, Spy-Agent.da.dll seeks out potentially vulnerable Windows machines in the local network, and sends maliciously crafted DCERPC requests to exploit the Server Service (SvrSvc).

When successful, hardcoded shellcode embedded within the malware, is executed on the targeted machines to download Spy-Agent.da (or possibly other variants or files) from a web server hosted in Japan.

(shellcode after decoding)

Just hours following the patch release, public source code has already been seen distributing on the Internet. What more can I say ? Patch your systems ! Yes, NOW !

Spy-Agent.da and Spy-Agent.da.dll are now detected using the current 5414 DATs. See Dave’s blog for McAfee’s coverage.

(thanks to Joey Koo and Xiaobo Chen for providing analysis data and packet dumps used in this blog)

McAfee Avert Labs / Fri, 24 Oct 2008 13:53:55 GMT

Microsoft urgent security update for October 2008

Here is the new security update:

•MS08-067 - addresses a vulnerability in Microsoft Windows (KB 958644)

General Information

Executive Summary

This security update resolves a privately reported vulnerability in the Server service. The vulnerability could allow remote code execution if an affected system received a specially crafted RPC request. On Microsoft Windows 2000, Windows XP, and Windows Server 2003 systems, an attacker could exploit this vulnerability without authentication to run arbitrary code. It is possible that this vulnerability could be used in the crafting of a wormable exploit. Firewall best practices and standard default firewall configurations can help protect network resources from attacks that originate outside the enterprise perimeter.

This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, and rated Important for all supported editions of Windows Vista and Windows Server 2008. For more information, see the subsection, Affected and Non-Affected Software, in this section.

The security update addresses the vulnerability by correcting the way that the Server service handles RPC requests. For more information about the vulnerability, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.

Recommendation. Microsoft recommends that customers apply the update immediately.

Known Issues. None

Microsoft Assessment and Planning Toolkit 3.2 Beta Now Available!
Many of our customers do not know what computers are in their IT environment or what applications have been deployed. The Microsoft Assessment and Planning (MAP) Toolkit 3.2 Beta makes it easier for customers and partners to quickly identify what servers, workstations, and network devices are in their IT environment. MAP also provides specific and actionable IT proposals and reports to help customers get the most value out of Microsoft products and infrastructure. Over 500,000 Microsoft customers and partners have already used MAP and its prior versions including Costco Wholesale Corporation, Continental Airlines, and Banque de Luxembourg.
Introducing Microsoft Assessment and Planning Toolkit

MAP is a scalable and agent-less assessment platform designed to make it easier for our customers to adopt the latest Microsoft technologies. In this version, MAP has expanded its assessment capabilities to include SQL Server 2008, Forefront/NAP, and Microsoft Online Services migration, as well as providing a Power Savings assessment to help your customers "go green."

In summary, MAP 3.2 assessment areas now include:

• SQL Server 2008 Migration Proposals and Reports (NEW!)
• Forefront/NAP Readiness Proposals (NEW!)
• Microsoft Online Services Migration Surveys, Proposals, and Reports (NEW!)
• Power Savings Proposals (NEW!)
• Server Migration Reports and Proposals (Windows Server 2008 and "virtualized guests by hosts" reporting) (NEW!)
• Server Consolidation Reports and Proposals (Virtual Server 2005 R2 and Hyper-V)
• Desktop Security Assessment to determine if desktops have anti-virus and anti-malware programs installed and up-to-date, or if the Windows Firewall is turned on
• Windows Vista and Microsoft Office 2007 Hardware Assessment Reports and Proposals

Toolkit Features

The Microsoft Assessment and Planning Toolkit performs key functions that include hardware and device inventory, compatibility analysis, and readiness reporting.

MAP utilizes an enterprise-scale, agent-less architecture that enables users to inventory their servers, desktops, applications, and network devices without installing any software agents on each machine being assessed. This tool has the ability to discover all computers within Active Directory, and most importantly, non-IT managed machines such as workgroup members.

Additionally, MAP can generate localized desktop readiness reports in seven languages including North American English, German, French, Japanese, Korean, Spanish, and Portuguese.

Benefits to Customers and Partners

• Fast and Agent-less. MAP provides secure network-wide assessment of environments of up to 100,000 computers in a matter of hours instead of days, all without deploying any software agents on each inventoried machine.
• Saves Pre-Sales and Planning Time. For most IT consultants and Microsoft Partners, a detailed network inventory and assessment of servers and desktops often takes days of manual labor. With MAP, they can now drastically reduce the time it takes for the same inventory to a matter of hours; allowing them more time to focus their efforts on critical pre-sales engagement tasks. For IT professionals, MAP can significantly reduce the time it takes to gather the information necessary to make the business case for client and server migration, as well as for their upcoming virtualization projects.
• Actionable Recommendations and Reporting. MAP offers valuable inventory and readiness assessment reports with specific upgrade recommendations and virtualization candidate reports that make it easier for IT migration and deployment projects to get off the ground and running.
• Coverage from Desktops to Servers. MAP provides technology assessment and planning recommendations for many Microsoft desktop and server products including SQL Server 2008, Forefront/NAP, Microsoft Online Services, Windows Server 2008, Hyper-V, Virtual Server 2005 R2, Windows Vista, 2007 Microsoft Office, Microsoft Application Virtualization (or App-V), System Center Virtual Machine Manager 2007, and more.

Next Steps - How to get MAP?

• Download Microsoft Assessment and Planning Toolkit 3.2 BETA and give us your feedback (Live ID login and registration required)
• Learn more about MAP on TechNet

Read MAP Toolkit Case Studies: See how Costco Wholesale Corporation, Continental Airlines, and Banque de Luxembourg benefitted from using the MAP Toolkit

• Read the MAP Team Blog
• Listen to TechNet webcasts on MAP
• Join the TechNet Forum Community for MAP
• MAP is a member of the family of Server, Desktop, and Virtualization Solution Accelerators.

Ever need to calculate the disk IOPS for how big your Exchange site must be.

with 100 users there is no need for this but with more then 5000 or in my case almost 20k on mailboxes this could be very handy.

http://h71028.www7.hp.com/enterprise/cache/576785-0-0-225-121.html

 

You can find the tools here :

Choose the right tools for better business results

Here’s a sampling of currently available storage tools. Check ActiveAnswers for a complete list of tools.

» HP ProLiant Server Sizer for Microsoft Exchange Server

2003—downloadable tool that generates server configuration recommendations for deploying Microsoft Exchange 2003 Server on HP ProLiant servers

» HP Sizing and Configuration Tool for Microsoft Exchange

Server 2007—provides HP ProLiant server and HP StorageWorks storage sizing guidelines for Microsoft Exchange Server 2007 solutions

» HP Storage Planning Calculator for Microsoft Exchange

Server 2003—addresses critical performance and capacity planning for the storage subsystem within Exchange server design

» HP StorageWorks Sizer—downloadable tool that simplifies

   the storage solution design process

» HP Transaction Processing Storage Planning Calculator for

Microsoft SQL Server—helps determine the appropriate storage solution for your Microsoft SQL Server deployment

» Library and Tape Tools—robust diagnostic tool ideal for

customers who want to verify their installation, ensure product reliability and achieve faster resolution of device issues through expert diagnostics

» SAN Designer—complementary utility that helps you configure

and design a customized SAN based on: performance, cost, and future growth requirements; reporting feature generates topology diagrams, required components, and additional recommendations

» SAN Visibility—complementary software utility that helps with

SAN Analysis, SAN Diagnostics and SAN Optimization and provides a quick and accurate view of your SAN topology

»Storage Product Selector—allows you to navigate through the

vast portfolio of HP StorageWorks products visually reducing the number of storage options, based on your selected criteria

» Storage Security Self-Assessment Tool—helps you

understand how well your business is prepared for managing risk to sensitive data in your storage and backup environment

» Tape Media Compability Tool—fastest and easiest way to find

compatibility information between HP storage media and HP Storage hardware devices

 

Ever need to calculate the disk IOPS for how big your Exchange site must be.

with 100 users there is no need for this but with more then 5000 or in my case almost 20k on mailboxes this could be very handy.

http://h71028.www7.hp.com/enterprise/cache/576785-0-0-225-121.html

 

You can find the tools here :

Choose the right tools for better business results

Here’s a sampling of currently available storage tools. Check ActiveAnswers for a complete list of tools.

» HP ProLiant Server Sizer for Microsoft Exchange Server

2003—downloadable tool that generates server configuration recommendations for deploying Microsoft Exchange 2003 Server on HP ProLiant servers

» HP Sizing and Configuration Tool for Microsoft Exchange

Server 2007—provides HP ProLiant server and HP StorageWorks storage sizing guidelines for Microsoft Exchange Server 2007 solutions

» HP Storage Planning Calculator for Microsoft Exchange

Server 2003—addresses critical performance and capacity planning for the storage subsystem within Exchange server design

» HP StorageWorks Sizer—downloadable tool that simplifies

   the storage solution design process

» HP Transaction Processing Storage Planning Calculator for

Microsoft SQL Server—helps determine the appropriate storage solution for your Microsoft SQL Server deployment

» Library and Tape Tools—robust diagnostic tool ideal for

customers who want to verify their installation, ensure product reliability and achieve faster resolution of device issues through expert diagnostics

» SAN Designer—complementary utility that helps you configure

and design a customized SAN based on: performance, cost, and future growth requirements; reporting feature generates topology diagrams, required components, and additional recommendations

» SAN Visibility—complementary software utility that helps with

SAN Analysis, SAN Diagnostics and SAN Optimization and provides a quick and accurate view of your SAN topology

»Storage Product Selector—allows you to navigate through the

vast portfolio of HP StorageWorks products visually reducing the number of storage options, based on your selected criteria

» Storage Security Self-Assessment Tool—helps you

understand how well your business is prepared for managing risk to sensitive data in your storage and backup environment

» Tape Media Compability Tool—fastest and easiest way to find

compatibility information between HP storage media and HP Storage hardware devices

 

Watch the Microsoft Small Business Summit. Live Webcast October 14-16, 2008 (12 P.M. EDT/9 A.M. PDT) Mortgage meltdowns ... credit crunches ... sky-high gasoline prices ... large bank bailouts by the federal government ... The financial news has been dismal, and small business owners have every reason to wonder, “If the big guys can’t survive, how am I going to make it?” Here’s some good news for small business: For three days in mid-October, you can get help from experts in sales and marketing, finance, productivity, and technology. Mark your calendar so you won’t miss the FREE online Microsoft Small Business Summit: Three days of business wisdom, just when you need it most! Learn more at www.sbsummit.com. Below are some of our featured speakers. A more detailed guest lineup is available at www.sbsummit.com/guests. Appearing Every Day Rieva to the Rescue Rieva Lesonsky has been offering guidance and inspiration to small businesspeople and aspiring entrepreneurs for more than two decades. As an author and editor, Rieva has written and shaped countless articles and books on small business. Join Rieva as she fields questions from YOU on sales and marketing, business productivity, and financial management. Send your questions for Rieva to answer live on-air to questions@sbsummit.com.