Showing posts sorted by relevance for query Windows Server 2012. Sort by date Show all posts
Showing posts sorted by relevance for query Windows Server 2012. Sort by date Show all posts

Microsoft Releases Windows Server 2012 [Download Now]

Posted by Avik Sarkar On 9/06/2012 04:32:00 pm

Microsoft Releases Windows Server 2012 With Complete Virtualization, Cloud Services, Improved Scalability & Performance [Download Now]

In March this year software giant Microsoft has announced the availability of Windows Server 8, later in April it has been renamed to Windows Server 2012. Windows Server powers many of the worlds' largest datacenters, enables small businesses around the world, and delivers value to organizations of all sizes in between. Windows Server 2012 redefines the server category, delivering hundreds of new features and enhancements spanning virtualization, networking, storage, user experience, cloud computing, automation, and more. Simply put, Windows Server 2012 helps you transform your IT operations to reduce costs and deliver a whole new level of business value. With Windows Server 2012, Microsoft delivers a server platform built on our experience of building and operating many of the world's largest cloud-based services and datacenter. Whether you are setting-up a single server for your small business or architecting a major new datacenter environment, Windows Server 2012 will help you cloud-optimize your IT so you can fully meet your organization's unique needs. 

Features at a Glance:- 

Beyond Virtualization:- Offers a dynamic, multitenant infrastructure to help you scale and secure workloads and build a private cloud. Windows Server 2012 can help you provide:

  • Complete Virtualization Platform- A fully-isolated, multitenant environment with tools that can help guarantee service level agreements, enable usage-based chargeback, and support self-service delivery.
  • Improved Scalability and Performance- A high-density, scalable environment that you can modify to perform at an optimum level based on your needs.
  • Connecting to Cloud Services- A common identity and management framework to enable highly secure and reliable cross-premises connectivity.

The Power of Many Servers, the Simplicity of One:- Delivers a highly available and easy to manage cloud-optimized platform. Windows Server 2012 can help you provide:

  • Flexible Storage- Diverse storage choices that can help you achieve high performance, availability, and storage resource efficiency through virtualization and storage conservation.
  • Continuous Availability- New and improved features that provide cost-effective, highly available services with protection against a wide range of failure scenarios.
  • Management Efficiency- Automation of a broad set of management tasks and simplified deployment of workloads as you move toward full, lights-out automation.

Every App, Any Cloud:- Offers a cloud-optimized server platform that gives you the flexibility to build and deploy applications and websites on-premises, in the cloud, or across both. Windows Server 2012 can help you deliver:

  • Flexibility to Build On-Premises and in the Cloud- A consistent set of tools and frameworks that enables developers to build symmetrical or hybrid applications across the datacenter and the cloud.
  • A Scalable and Elastic Infrastructure- New features to help you increase website density and efficiency, plus frameworks, services, and tools to increase the scalability and elasticity of modern applications.
  • An Open Web and App Development Environment- An open platform that enables mission-critical applications and provides enhanced support for open standards, open-source applications, and various development languages.


Modern Workstyle, Enabled:- Provides users with flexible access to data and applications while simplifying management and maintaining security, control, and compliance. Windows Server 2012 can help you offer:

  • Access to Applications and Data from Virtually Anywhere, Any Device- Seamless, on-demand access to virtualized work environments from virtually anywhere.
  • A Full Windows Experience Anywhere- A personalized and rich user experience from virtually any device that adapts to different network conditions quickly and responsively.
  • Enhanced Data Security and Compliance- Granular access to data and corporate resources based on strong identity, data classification, and centralized policy administration and auditing.

To Download Windows Server 2012 (Both iso & VHD) Click Here


-Source (Microsoft) 







SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Microsoft Releases Windows 8 Enterprise Edition (Freely Available For 90 Days)

Posted by Avik Sarkar On 8/27/2012 12:25:00 pm

Microsoft Releases Windows 8 Enterprise Edition (Freely Available For 90 Days) 

Redmond based software giant Microsoft has released the Windows 8 Enterprise Evaluation version yet again making it available free for 90 days. Before this Evolution version we have tested three different flavors of Microsoft's upcoming and long awaited operating system Windows 8, and they are  Windows 8   Consumer PreviewWindows 8 Developer Preview Windows 8 Release Preview. According to Microsoft - Windows 8 Enterprise features include all the capabilities that customers get with Windows 8 Pro* plus premium features designed to provide the mobile productivity, security, manageability and virtualization needs of today’s businesses. Developers can write their own apps in widely used languages such as C#, C++, JavaScript, and Microsoft’s Visual Basic. Windows 8 Enterprise also includes a built-in print driver that supports “a wide range” of printers without the hassle of installing printer drivers from CDs or the Web onto print servers or client devices.

Some of the key features that will be available exclusively to Windows 8 Enterprise customers are:-

  • Windows To Go is a fully manageable corporate Windows 8 desktop on a bootable external USB stick. This will allow IT organizations to support the “Bring Your Own PC” trend and businesses can give contingent staff access to the corporate environment without compromising security.
  • Direct Access allows remote users to seamlessly access resources inside a corporate network without having to launch a separate VPN and helps IT administrators keep remote users’ PCs in compliance by applying the latest policies, software updates. When used with Windows Server 2012, Windows 8 makes Direct Access easier to deploy and implement with the existing IPv4 infrastructure.
  • BranchCache allows users’ PCs to cache files, websites, and other content from central servers, so content is not repeatedly downloaded across the wide area network (WAN). When used with Windows Server 2012, Windows 8 brings several improvements to BranchCache to streamline the deployment process, optimize bandwidth over WAN connections and ensure better security and scalability.
  • AppLocker can help mitigate issues by restricting the files and apps that users or groups are allowed to run.
  • VDI enhancements: Enhancements in Microsoft RemoteFX and Windows Server 2012, provide users with a rich desktop experience with the ability to play 3D graphics, use USB peripherals and use touch-enabled devices across any type of network (LAN or WAN) for VDI scenarios.
  • New Windows 8 App Deployment: Domain joined PCs and tablets running Windows 8 Enterprise will automatically be enabled to side-load internal, Windows 8 Metro style apps.

Windows 8 Enterprise is available to Software Assurance customers via the Volume License Service Center (VLSC), allowing you to test, pilot and begin adopting Windows 8 Enterprise within your organization. For those customers who are interested in trying out the key features in Windows 8 Enterprise, you can also now obtain Windows 8 Enterprise through your TechNet Professional Subscription or MSDN Subscription. For IT professionals that don’t have access to any of the above options, a 90-day evaluation version is now available for download through the TechNet Evaluation Center


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Microsoft Azure Cloud Starts Supporting Linux (Hybrid Cloud)

Posted by Avik Sarkar On 6/09/2012 07:00:00 pm

Microsoft Azure Cloud Starts Supporting Linux (Hybrid Cloud)

If you love both Microsoft and Linux parallely then we have a great news for you and that is Microsoft is now offering Linux-based operating systems on its Windows Azure cloud service. The software giant has announced the release of a new preview version of the platform which will add Infrastructure-as-a-Service (IaaS) capabilities to it. As well as Windows Server 2008 and the release candidate of Windows Server 2012, Microsoft will be supporting openSUSE 12.1, SUSE Linux Enterprise Server 11, Ubuntu 12.04 and CentOS 6.2 on the Hyper-V virtual machines that power Azure.

Some of the Highlights:- 
  • Windows Azure Virtual Machines— Virtual Machines give you application mobility, allowing you to move your virtual hard disks (VHDs) back and forth between on-premises and the cloud.   Migrate existing workloads such as Microsoft SQL Server or Microsoft SharePoint to the cloud, bring your own customized Windows Server or Linux images, or select from a gallery.    As a common virtualization file format, VHD has been adopted by hundreds of vendors and is a freely available specification covered under the Microsoft Open Specification Promise.
  • Windows Azure Virtual Network— Virtual Network lets you provision and manage virtual private networks (VPNs) in Windows Azure as well as securely extend on-premises networks into the cloud.  It provides control over network topology, including configuration of IP addresses, routing tables and security policies and uses the industry-standard IPSEC protocol to provide a secure connection between your corporate VPN gateway and Windows Azure. 
  • Windows Azure Web Sites —Build web sites and applications with this highly elastic solution supporting .NET, Node.js, and PHP while using common deployment techniques like Git and FTP.  Windows Azure Web Sites will also allow easy deployment of open source applications like WordPress, Joomla!, DotNetNuke, Umbraco, and Drupal to the cloud with a few clicks. 
  • New tools, language support, and SDK—Windows Azure SDK June 2012 includes new developer capabilities for writing code against the latest service improvements with updated support for Java, PHP, and .NET, and the addition of Python as a supported language on Windows Azure.  Additionally, the SDK now provides 100% command line support for both Windows and Mac.
  • Availability in New Countries— Availability of Windows Azure is being expanded to customers in 48 new countries, including Russia, South Korea, Taiwan, Turkey, Egypt, South Africa, and Ukraine.  Roll-out will be complete later this month, making Windows Azure one of the most widely available cloud platforms in the industry with offerings in 89 countries and in 19 local currencies.  
These new capabilities simplify building and bringing applications of all kinds to the cloud and enable flexibility in the following areas:
  • Increased datacenter capacity through secure VPN connections to the cloud
  • Easy operations and management from an improved Windows Azure Management Portal, with powerful operational capabilities for deploying and managing your cloud applications – with similar management support from the command line
  • Cloud scale for building websites with ASP.NET, PHP, and Node.js
  • Support for additional Operating Systems and OSS language libraries for building cloud applications
  • Scale on demand by migrating existing applications to the cloud using portable, industry standard VHDs -- delivering global scale with maximum control
  • Secure connectivity between cloud and on-premises applications
  • Ability to develop, test and configure new applications in the cloud, and then deploy on-premises for production



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Microsoft®SQL Server 2012 Released & Available To Download

Posted by Avik Sarkar On 3/12/2012 05:53:00 pm

Microsoft®SQL Server 2012 Released & Available To Download 

The software giant Microsoft announced the availability of SQL Server 2012. The product will be generally available on April 1st but you can still download the evaluation version on today itself. The Big Data features in SQL Server 2012 include new storage options and tools that help with analysis of large workloads. For example, the new version includes an in-memory column-oriented database to improve analytics performance. In addition, Microsoft is developing a Windows-based version of Hadoop (the Hortonworks edition) for the Azure cloud environment which should be ready for prime time by July 1. 
Key Features:-
  •     AlwaysOn Availability Groups
  •     Support for Server Core
  •     Power View
  •     SQL Server Data Tools
  •     Data Quality Services
  •     Hadoop Integration
While there been a lot of exciting changes to the product there’s also been changes to the editions and licensing. SQL Server 2012 will provide the Enterprise, Business Intelligence, Standard and Express editions. Notably the older Datacenter and Workgroup editions have been dropped. A new core based licensing scheme has been added as well. 

To Download Microsoft®SQL Server 2012 Evaluation Click Here



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Nmap 6.25 Released! With 85 New Scripts, Windows 8 Enhancements & Better Performance

Posted by Avik Sarkar On 12/05/2012 07:33:00 pm

Nmap 6.25 Released! With 85 New Scripts, Windows 8 Enhancements & Better Performance

Gordon Lyon also known as Fyodor, the author of world's most popular security scanner 'Nmap' announced another update. Almost after five months we got this new version that is Nmap 6.25. This release of Nmap  contains hundreds of improvements, including 85 new NSE scripts, nearly 1,000 new OS and service detection fingerprints, performance enhancements such as the new kqueue and poll I/O engines, better IPv6 traceroute support, Windows 8 improvements, and much more!  It also includes the work of five Google Summer of Code interns who worked full time with Nmap mentors during the summer. 

Here are the most important change since 6.01:
  • Integrated all of your IPv4 OS fingerprint submissions since January (more than 3,000 of them).  Added 373 fingerprints, bringing the new total to 3,946.  Additions include Linux 3.6, Windows 8, Windows Server 2012, Mac OS X 10.8, and a ton of new WAPs, printers, routers, and other devices--including our first IP-enabled doorbell! Many existing fingerprints were improved.
  • Integrated all of your service/version detection fingerprints submitted since January (more than 1,500)!  Our signature count jumped by more than 400 to 8,645.  We now detect 897 protocols, from extremely popular ones like http, ssh, smtp and imap to the more obscure airdroid, gopher-proxy, and enemyterritory. 
  • Integrated your latest IPv6 OS submissions and corrections. We're still low on IPv6 fingerprints, so please scan any IPv6 systems you own or administer and submit them to http://nmap.org/submit/.  Both new fingerprints (if Nmap doesn't find a good match) and corrections (if Nmap guesses wrong) are useful.
  • Enabled support for IPv6 traceroute using UDP, SCTP, and IPProto(Next Header) probes. 
  • Scripts can now return a structured name-value table so that results are query-able from XML output. Scripts can return a string as before, or a table, or a table and a string. In this last case, the table will go to XML output and the string will go to screen output. See http://nmap.org/book/nse-api.html#nse-structured-output 
  • [Nsock] Added new poll and kqueue I/O engines for improved performance on Windows and BSD-based systems including Mac OS X. These are in addition to the epoll engine (used on Linux) and the classic select engine fallback for other system.  
  • [Ncat] Added support for Unix domain sockets. The new -U and --unixsock options activate this mode.  These provide compatibility with Hobbit's original Netcat. 
  • Moved some Windows dependencies, including OpenSSL, libsvn, and the vcredist files, into a new public Subversion directory /nmap-mswin32-aux and moved it out of the source tarball. This reduces the compressed tarball size from 22 MB to 8 MB and similarly reduces the bandwidth and storage required for an svn checkout.
  • [NSE] Replaced old RPC grinder (RPC enumeration, performed as part of version detection when a port seems to run a SunRPC service) with a faster and easier to maintain NSE-based implementation. This also allowed us to remove the crufty old pos_scan scan engine. 




For additional information and to know the full change log of this release click Here. To download Namp 6.25 (Source Code & Binary Packages) for Windows, Linux, Mac, Unix & few other OS click Here






SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

For the first time, Microsoft CEO Ballmer referred to the next version of Windows as "Windows 8"

Posted by Avik Sarkar On 5/25/2011 07:14:00 pm


For the first time, Microsoft CEO Steve Ballmer referred to the next version of Windows as "Windows 8" – it was during remarks at a Microsoft Developer Forum in Japan, as opposed to an official press event for Windows, but it's still worth noting. Furthermore, Ballmer specifically said the next generation of Windows systems will be out next year.
We've been referring to Windows 7's successor as Windows 8 for a long time now, so many might think this isn't a big deal, but it is. Microsoft has made a point never to refer to the next version of Windows as Windows 8, and has instead publicly called it "Windows Next" or the "next generation of Windows." The company has also refused to give a timeframe for a release date, merely saying that it won't come sooner than three years after the release of Windows 7 (October 22, 2009).
Here is the relevant quote from Ballmer, courtesy of Microsoft's own transcript:
We're obviously hard at work on the next version of Windows. Windows 7 PCs will sell over 350 million units this year. We've done a lot in Windows 7 to improve customer satisfaction. We have a brand new user interface. We've added touch, and ink, and speech. And yet, as we look forward to the next generation of Windows systems, which will come out next year, there's a whole lot more coming. As we progress through the year, you ought to expect to hear a lot about Windows 8. Windows 8 slates, tablets, PCs, a variety of different form factors.
To make things a bit more interesting, Microsoft is saying Ballmer made a mistake. "It appears there was a misstatement," a Microsoft spokesperson told ZDNet. "We are eagerly awaiting the next generation of Windows 7 hardware that will be available in the coming fiscal year. To date, we have yet to formally announce any timing or naming for the next version of Windows."
In other words, despite what Ballmer said, Microsoft is still not ready to announce the name of Windows 7's successor, or when it will arrive. It's still very probable that Ballmer's statement was accurate, but to what extent we'll have to wait a little while longer.
Windows 8 build 7850, the first leaked Windows 8 build, hit the Internet last month. It was quickly followed by Windows 8 Build 7955 a few weeks later. Windows Server 8 build 7959 then leaked earlier this month.
If you see a download claiming to be newer than build number 7959, be careful as it is likely bogus and probably contains malware. We may not see new leaks for a while given that Microsoft is rumored to have recently fired two employees for this exact reason.
Microsoft announced earlier this year that Windows 8 will support Intel, AMD, and ARM architectures. Although a rumor suggests that Windows 8 will arrive on January 7, 2013, we expect that the operating system will ship in time for the 2012 holiday season.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

"April Patch" By Microsoft & Adobe Closed Critical Security Holes

Posted by Avik Sarkar On 4/11/2012 06:36:00 pm

"April Patch" By Microsoft & Adobe Closed Critical Security Holes

As per schedule two software giants Microsoft and Adobe today each issued security bulletin to plug security holes in their vulnerable products. The patch batch from Microsoft fixes at least 11 flaws in Windows, Internet Explorer (IE), Office and several other products, including one bug that attackers are already exploiting. The company also issued the first patch for Windows 8 Consumer Preview, the beta-like build Microsoft released at the end of February. Adobe’s update tackles four vulnerabilities that are present in current versions of Adobe Acrobat and Reader. 
Seven of the 11 bugs Microsoft fixed with today’s release earned its most serious “critical” rating, which Microsoft assigns to flaws that it believes attackers or malware could leverage to break into systems without any help from users. In its security bulletin summary for April 2012. Among those is an interesting weakness (MS12-024) in the way that Windows handles signed portable executable (PE) files. According to Symantec, this flaw is interesting because it lets attackers modify signed PE files undetected. Microsoft said that this patch the highest priority security update this month. “What makes this bulletin stand out is that Microsoft is aware of attacks in the wild against it and it affects an unsually wide-range of Microsoft products, including Office 2003 through 2010 on Windows, SQL Server 2000 through 2008 R2, BizTalk Server 2002, Commerce Server 2002 through 2009 R2, Visual FoxPro 8 and Visual Basic 6 Runtime,” Kandek said. “Attackers have been embedding the exploit for the underlying vulnerability (CVE-2012-0158) into an RTF document and enticing the target into opening the file, most commonly by attaching it to an e-mail. Another possible vector is through web browsing, but the component can potentially be attacked through any of the mentioned applications.” Other notable fixes from Microsoft this month include a .NETupdate, and a patch for at least five Internet Explorer flaws. Patches are available for all supported versions of Windows, and available through Windows Update. In March 2012 Security bulletins Microsoft closed a total of seven security holes in its products. Among them one Critical-class, four Important and one Moderate – addressing seven issues in Microsoft Windows, Visual Studio, and Expression Design. According to Microsoft (MS12-020) remote code execution vulnerability has been found in RDP (Remote Desktop Protocol).

After Microsoft here comes the turn for Adobe &  they updates fix critical problems in Acrobat and Reader on all supported platforms, including Windows, Mac OS X, and Linux. Users on Windows and Mac can use each products’ built-in update mechanism. The newest, patched version of both Acrobat and Reader is v. 10.1.3 for Windows and Mac systems. The default configuration is set to run automatic update checks on a regular schedule, but update checks can be manually activated by choosing Help > Check for Updates. Reader users who prefer direct links to the latest version can find them by clicking the appropriate OS, Windows, Mac or Linux (v. 9.5.1).




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

SQL Server 2008 R2 Service Pack 2 (SP2) Released & Available To Download

Posted by Avik Sarkar On 8/01/2012 02:10:00 am

SQL Server 2008 R2 Service Pack 2 (SP2) Released & Available To Download

The software giant Microsoft announced the availability of SQL Server 2008 R2 Service Pack 2 (SP2). SQL Server 2008 R2 SP2 contains fixes to issues that have been reported through customer feedback platforms and Hotfix solution provided in SQL Server 2008 R2 SP1 Cumulative Update 1 thru to Cumulative Update 5. Service Pack 2 also includes supportability enhancements and issues that have been reported through Windows Error Reporting system. The update fixes several bugs with the product, most notably a problem that could cause a deadlock of the server when synchronising database logs to another server. A bug that prevented users of the JDBC Driver to connect to the server when using JRE 6 update 29, or later, was also fixed. A problem where users receive "incorrect results" when running "a complex query" which contains joins and aggregate functions and uses the DISTINCT statement has been fixed, but Microsoft is not offering any further details on it. Other patches correct false error reports, fix problems with the server's update install mechanism and more.
Both the Service Pack and Feature Pack updates are available for download on the Microsoft Download Center. As part of the continued commitment of Microsoft to software excellence for the customers, this upgrade is free and doesn't require an additional service contract. Microsoft SQL Server 2008 R2 SP2 also addresses a few key customer requests:

  • Reporting Services Charts Maybe Zoomed & Cropped 
    Customers using Reporting Services on Windows 7 may sometime find charts are zoomed in and cropped. To work around the issue some customers set ImageConsolidation to false.
  • Batch Containing Alter Table not Cached 
    In certain situations with batch files containing the alter table command, the entire batch file is not cached.
  • Collapsing Cells or Rows, If Hidden Render Incorrectly 
    Some customers who have hidden rows in their Reporting Services reports may have noticed rendering issues when cells or rows are collapsed. When writing a hidden row, the Style attribute is opened to write a height attribute. If the attribute is empty and the width should not be zero.
Customers are highly encouraged to stay on a supported service pack to ensure they are on the latest and most secure version of SQL Server 2008 R2. The Service Pack is freely available for download from Microsoft's Download Center. We would like to share with you that, earlier in this year Microsoft has released SQL Server 2012 , and the Evaluation edition of SQL Server 2012 is also freely available to download from Microsoft. 



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Microsoft Security Bulletin (March 2012) Closed Critical RDP Security Hole

Posted by Avik Sarkar On 3/15/2012 01:53:00 am

Microsoft Security Bulletin (March 2012) Closed Critical RDP Security Hole 

Microsoft released March 2012 Security bulletins to close a total of seven security holes in its products. Among them one Critical-class, four Important and one Moderate – addressing seven issues in Microsoft Windows, Visual Studio, and Expression Design. According to Microsoft (MS12-020) remote code execution vulnerability has been found in RDP (Remote Desktop Protocol).
The first of these is a "critical-class" issue in RDP that could be exploited by an attacker to remotely execute arbitrary code on a victim's system. Although RDP is disabled by default, many users enable it so they can administer their systems remotely within their organizations or over the Internet. All supported versions of Windows from Windows XP Service Pack 3 to Windows 7 Service Pack 1 and Windows Server 2008 R2 are affected. As the issue was reported to company by the Zero Day Initiative (ZDI), Microsoft says that it has yet to see any active attacks exploiting these in the wild, but warns that, "due to the attractiveness of this vulnerability to attackers", it anticipates "that an exploit for code execution will be developed in the next 30 days". Because of this it recommends that installing the updates should be made a priority. 
Microsoft has also provided a workaround and a no-reboot "Fix it" tool that enables Network-Level Authentication (NLA) to mitigate the problem. A second "moderate-class" denial-of-service (DoS) which can cripple an RDP server was also fixed.
A brief overview of all of these updates, including descriptions about each of the vulnerabilities, can be found in Microsoft's Security Bulletin Summary for March 2012.




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Microsoft Security Bulletin (June 2012) Closed Security Hole in RDP, IE,Certificate Tool & .NET

Posted by Avik Sarkar On 6/15/2012 05:07:00 pm

Microsoft Security Bulletin (June 2012) Closed Security Hole in RDP, IE,Certificate Tool & .NET

Microsoft released June 2012 Security bulletin to close a total of 27 security holes in its products, among them 13 in Internet Explorer. The rest of the patches affect all currently supported Windows versions, the .NET Framework, Remote Desktop, Lync, Windows Kernel and Dynamics AX. The company separately announced changes to its automatic updater to block untrusted security certificates. Microsoft updated the updater tool after researchers uncovered how the Flame malware had gamed the process. The most important updates are bundled in the cumulative Internet Explorer patch (MS12-037), which includes fixes for the holes that were targeted by Pwn2Own exploits. Another urgent update is MS12-036, which concerns denial of service and remote code execution vulnerabilities in the Remote Desktop features built into all supported versions of Windows. The third critical update affects the .NET Framework (MS12-038). The remaining 4 updates are rated "important" by Microsoft and close code execution bugs in Lync and privilege escalation holes in Dynamics AX and Windows.

Through this security bulletin Microsoft released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Server Update Services (WSUS), Windows Update (WU), and the Download Center.





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Three Secrets & Full Analysis of Flame's Command & Control Servers Unraveled

Posted by Avik Sarkar On 9/20/2012 05:40:00 pm

Three Secrets & Full Analysis of Flame's Command & Control Servers Unraveled

Flame the next generation cyber weapon which is also known as 'The Super Spy' has already fascinated the cyber-security industry with its sophistication and versatility as a Swiss-Army knife of cyber-spying. Recently security firm Kaspersky lab has published a new report on the sophisticated nation-state sponsored Flame cyber-espionage campaign. During the research, conducted by Kaspersky Lab in partnership with International Telecommunication Union’s cybersecurity executing arm - IMPACT, CERT-Bund/BSI and Symantec, a number of Command and Control (C&C) servers used by Flame’s creators were analyzed in detail. The analysis revealed new, groundbreaking facts about Flame. Particularly, traces of three yet undiscovered malicious programs were found, and it was discovered that the development of the Flame platform dates back to 2006.

Main findings:
  • The development of Flame’s Command and Control platform started as early as December 2006.
  • The C&C servers were disguised to look like a common Content Management System, to hide the true nature of the project from hosting providers or random investigations.
  • The servers were able to receive data from infected machines using four different protocols; only one of them servicing computers attacked with Flame.
  • The existence of three additional protocols not used by Flame provides proof that at least three other Flame-related malicious programs were created; their nature is currently unknown.
  • One of these Flame-related unknown malicious objects is currently operating in the wild.
  • There were signs that the C&C platform was still under development; one communication scheme named “Red Protocol” is mentioned but not yet implemented.
  • There is no sign that the Flame C&Cs were used to control other known malware such as Stuxnet or Gauss.
The Flame cyber-espionage campaign was originally discovered in May 2012 by Kaspersky Lab during an investigation initiated by the International Communication Union. Following this discovery, ITU-IMPACT acted swiftly to issue an alert to its 144 member nations accompanied with the appropriate remediation and cleaning procedures. The complexity of the code and confirmed links to developers of Stuxnet all point to the fact that Flame is yet another example of a sophisticated nation-state sponsored cyber operation. Originally it was estimated that Flame started operations in 2010, but the first analysis of its Command and Control infrastructure (covered by at least 80 known domains names) shifted this date two years earlier.
The findings in this particular investigation are based on the analysis of the content retrieved from several C&C servers used by Flame. This information was recovered despite the fact that Flame’s control infrastructure went offline immediately after Kaspersky Lab disclosed the existence of malware. All servers were running the 64-bit version of the Debian operating system, virtualized using OpenVZ containers. Most of the servers’ code was written in the PHP programming language. Flame’s creators used certain measures to make the C&C server look like an ordinary Content Management System, in order to avoid attention from the hosting provider.
Sophisticated encryption methods were utilized so that no one, but the attackers, could obtain the data uploaded from infected machines. The analysis of the scripts used to handle data transmissions to the victims revealed four communication protocols, and only one of them was compatible with Flame. It means that at least three other types of malware used these Command and Control servers. There is enough evidence to prove that at least one Flame-related malware is operating in the wild. These unknown malicious programs are yet to be discovered.
Another important result of the analysis is that the development of the Flame C&C platform started as early as December 2006. There are signs that the platform is still in the process of development, since a new, yet not implemented protocol called the “Red Protocol” was found on the servers. The latest modification of the servers’ code was made on May 18, 2012 by one of the programmers.
“It was problematic for us to estimate the amount of data stolen by Flame, even after the analysis of its Command and Control servers. Flame’s creators are good at covering their tracks. But one mistake of the attackers helped us to discover more data that one server was intended to keep. Based on this we can see that more than five gigabytes of data was uploaded to this particular server a week, from more than 5,000 infected machines. This is certainly an example of cyber espionage conducted on a massive scale,” commented Alexander Gostev, Chief Security Expert, Kaspersky Lab. 
Here we want to remind you that after the episode of 'Duqu'; In the middle of this year The Iranian Computer Emergency Response Team (MAHER) claims to have discovered a new targeted Stuxnet attacking the country's internal system. This newly found Stuxnet have been dubbed Flame (also known as Flamer or Skywiper). Later it was spotted in the wild when software giant Microsoft confirmed that its Windows Server Update Services (WSUS), Windows Update (WU) has been infected by Flame malware. Also in many fields, the name of 'Flame' was on the high node. 
For detailed analysis on Flame's command and control (C&C) servers click Here

-Source (Kaspersky)


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Red Hat Inc Announced The General Availability Red Hat Enterprise Linux (RHEL) 6.5

Posted by Avik Sarkar On 11/30/2013 03:32:00 am

Red Hat Inc Announced The General Availability Red Hat Enterprise Linux (RHEL) 6.5 

The RHEL 6x series get another important update as Red Hat Inc, the world's leading provider of open source solutions announced the general availability of Red Hat Enterprise Linux 6.5, the latest version of Red Hat Enterprise Linux 6. According to the official press release of Red Hat -RHEL 6.5 expands Red Hat’s vision of providing an enterprise platform that has the stability to free IT to take on major infrastructure challenges and the flexibility to handle future requirements, with an extensive partner and support ecosystem. 
Red Hat Enterprise Linux 6.5 is mainly designed for those who build and manage large, complex IT projects, especially enterprises that require an open hybrid cloud. From security and networking to virtualization, Red Hat Enterprise Linux 6.5 provides the capabilities needed to manage these environments, such as tools that aid in quickly tuning the system to run SAP applications based on published best practices from SAP.“Red Hat Enterprise Linux 6.5 provides the innovation expected from the industry’s leading enterprise Linux operating system while also delivering a mature platform for business operations, be it standardizing operating environments or supporting critical applications. The newest version of Red Hat Enterprise Linux 6 forms the building blocks of the entire Red Hat portfolio, including OpenShift and OpenStack, making it a perfect foundation for enterprises looking to explore the open hybrid cloud.”-said Jim Totton, vice president and general manager of Red Hat Inc. Now lets take a closer look to the main highlights of RHEL 6.5 : 

Securing the Next-Generation Enterprise
Red Hat Enterprise Linux 6.5 continues the push for integrated security functionality that combines ease-of-use and up-to-date security standards into the platform. The addition of a centralized certificate trust store enables standardized certificate access for security services. Also included are tools that meet leading security standards, including OpenSCAP 2.1, which implements the National Institute of Standards and Technology’s (NIST’s) Security Content Automation Protocol (SCAP) 1.2 standard. With these additions, Red Hat Enterprise Linux 6 provides a secure platform upon which to build mission-critical services and applications.

Networking – When Every (Micro)Second Matters
In the financial services and trading-related industries, application latency is measured in microseconds, not seconds. Now, the latest version of Red Hat Enterprise Linux 6 fully supports sub-microsecond clock accuracy over the local area network (LAN) using the Precision Time Protocol (PTP). Precision time synchronization is a key enabler for delivering better performance for high-speed, low latency applications. Red Hat Enterprise Linux 6.5 can now be used to track time on trading transactions, improving time stamp accuracy on archived data or precisely synchronizing time locally or globally. Thanks to other networking enhancements in Red Hat Enterprise Linux 6.5, system administrators now have a more comprehensive view of network activity. These new capabilities enable sysadmins to inspect IGMP (Internet Group Management Protocol) data to list multicast router ports, multicast groups with active subscribers and their associated interfaces, all of which are important to many modern networking scenarios, including streaming media.

Virtualization Enhancements
Red Hat Enterprise Linux 6.5 continues Red Hat’s commitment to improving the overall virtualization experience and includes several improvements that make it a compelling choice for running in virtualized environments. Sysadmins can now dynamically enable or disable virtual processors (vCPUs) in active guests, making it an ideal choice for elastic workloads. The handling of memory intensive applications as Red Hat Enterprise Linux guests has also been improved, with configurations supported for up to 4TB of memory on the Kernel-based Virtual Machine (KVM) hypervisor. The KVM hypervisor also integrates with GlusterFS volumes to provide direct access to the distributed storage platform, improving performance when accessing Red Hat Storage or GlusterFS volumes. Finally, guest drivers have been updated to improve performance of Red Hat Enterprise Linux 6.5 running as a guest on supported third-party hypervisors.

Evolving Ease-of-Use, Storage, and More
As application deployment options grow, portability becomes increasingly important. Red Hat Enterprise Linux 6.5 enables customers to deploy application images in containers created using Docker in their environment of choice: physical, virtual, or cloud. Docker is an open source project to package and run lightweight, self-sufficient containers; containers save developers time by eliminating integration and infrastructure design tasks. Red Hat Enterprise Linux 6.5 stays current with the advancements in Solid-State Drive (SSD) controller interface, introducing support for NVM Express (NVMe)-based SSDs. The NVMe specification aims to standardize the interface for PCIe-based SSDs and its inclusion in Red Hat Enterprise Linux 6.5 positions the platform to support an expanding range of future NVMe-based devices.

Improvements have also been added to improve enterprise storage scalability within Red Hat Enterprise Linux 6.5. It is now possible to configure more than 255 LUNs connected to a single iSCSI target. In addition, control and recovery from SAN for iSCSI and Fibre Channel has been enhanced, and updates to the kexec/kdump mechanism now make it possible to create debug (dump) files on systems configured with very large memory (e.g. 6TB).

Red Hat Enterprise Linux 6.5 makes it easier to track and manage subscription consumption across the enterprise, integrating subscription tracking into existing business workflow. Usability enhancements include support for remote access to Windows clients and servers that use a newer version of the RDP protocol, including Windows 7 and 8 desktops and Windows Server 2012

To Download Red Hat Enterprise Linux 6.5 Click Here


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Oracle Released Emergency Update to Patch Java 0day (CVE-2012-4681)

Posted by Avik Sarkar On 8/31/2012 06:06:00 pm

Oracle Released Emergency Update to Patch Java 0day (CVE-2012-4681)

Zero-day vulnerabilities in Java, which was on the spotlight for last few days; takes a new direction. Several security firms have already declared that, this newly found Java exploit had been added to Blackhole, a popular hacker's tool that bundles numerous exploits and tries each in turn until it finds one that will work against a personal computer. As expected  Oracle has released an emergency update to address those zero-day vulnerabilities. This Security Alert addresses security issues CVE-2012-4681 (US-CERT Alert TA12-240A and Vulnerability Note VU#636312) and two other vulnerabilities affecting Java running in web browsers on desktops. These vulnerabilities are not applicable to Java running on servers or standalone Java desktop applications. They also do not affect Oracle server-based software.
These vulnerabilities may be remotely exploitable without authentication, i.e., they may be exploited over a network without the need for a username and password. To be successfully exploited, an unsuspecting user running an affected release in a browser will need to visit a malicious web page that leverages this vulnerability. Successful exploits can impact the availability, integrity, and confidentiality of the user's system.
In addition, this Security Alert includes a security-in-depth fix in the AWT subcomponent of the Java Runtime Environment.
Due to the severity of these vulnerabilities, the public disclosure of technical details and the reported exploitation of CVE-2012-4681 "in the wild," Oracle strongly recommends that customers apply the updates provided by this Security Alert as soon as possible.

Supported Products Affected

Security vulnerabilities addressed by this Security Alert affect the products listed in the categories below.  Please click on the link in the Patch Availability column or in the Patch Availability Table to access the documentation for those patches.
Affected product releases and versions:
Java SEPatch Availability
JDK and JRE 7 Update 6 and beforeJava SE
JDK and JRE 6 Update 34 and beforeJava SE

Patch Availability Table and Risk Matrix

Java SE fixes in this Security Alert are cumulative; this latest update includes all fixes from previous Critical Patch Updates and Security Alerts.

Patch Availability Table

Product GroupRisk MatrixPatch Availability and Installation Information
Oracle Java SEOracle JDK and JRE Risk Matrix

Also Java 7 Update 7 is now available to download for Windows (32- and 64-bit), Linux (32- and 64-bit), Mac OS X (64-bit), Solaris x86 (32- and 64-bit) and Solaris SPARC (32- and 64-bit). JDKs with the updated Java runtimes are also available. Users with Java installed on their systems, whatever operating system, should install the updates as soon as possible because malicious software that uses the vulnerability is already in circulation. For detailed information click here






SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Related Posts Plugin for WordPress, Blogger...

Site search