Hi All,

For those of you looking for a list certified hardware for Windows Server 2008 (x64), here’s the current and growing list:

All Hardware Items: http://www.windowsservercatalog.com/results.aspx?&bCatID=1283&cpID=0&avc=11&ava=23&avq=0&OR=1&PGS=25&ready=0

For details:

Product category

Storage (371)
Networking (102)
Servers (102)
Other Hardware (26)
Printers (20)
Bus Controllers and Ports (13)
Cameras and Video (5)
Scanners (2)
Input Devices (1)
Sound (1)

If you would like per Vendors:

Vendor

Intel Corporation (97)
Hewlett-Packard Company (82)
Dell Inc. (64)
NetApp (63)
HITACHI, Ltd. (30)
Fujitsu Siemens Computers (28)
QLogic Corporation (26)
EMC Corporation (21)
IBM (13)
Pioneer Corporation (13)

More…

Sourced from Nick MacKechnie’s MSDN blog

Nothing says rock and roll like a song about Microsoft Silverlight.

Head over to Dan Wahlin and Spike Xavier’s blog to listen to the song

http://weblogs.asp.net/dwahlin/archive/2008/04/27/silverlight-the-song.aspx

free viagra canada viagra buy discount viagra generic
delivery online overnight viagra 100 mg viagra price discussion generic viagra
drug interaction viagra 100 mg viagra prices viagra price
who should not take viagra 12 cod generic pal pay viagra dysfunction erectile viagra
viagra side affects 12citrate generic sildenafil viagra viagra dosages
viagra info 12generic sildenafil viagra discount levitra online viagra
discount viagra 50 mg 1998 medical breakthrough viagra cost generic lowest viagra
viagra side effect headaches 1viagra cialis levitra viagra lowest price
generic brand of viagra online 2 00 viagra woman taking viagra
discount viagra europe 200 calias viagra discount sildenafil generic viagra
viagra prices 200 viagra direct generic viagra
fda approved generic usa viagra 2006 cialis followup january post viagra viagra overdose
consultation online viagra 2006 followup march post viagra al alternativas naturales viagra
viagra over the counter 2007 viagra hmo generic for viagra
drug female new viagra 25mg viagra and online medical consultation free viagra samples uk
viagra soft tabs 25mg viagra free generic shipping viagra
free trial generic viagra 2737 aid prevacid viagra zyrtec alternative uk viagra
coverage insurance viagra health 2737 amerimedrx viagra wetrack it zyban viagra hgh
viagra overnight delivery 2cialis generic levitra viagra discount viagra perscription drug
drug generic store value viagra 5 sildenafil citrate viagra discount generic levitra online viagra
viagra xenical 5 viagra tablets viagra pharmacy
free viagra sample before buying 50mg viagra retail price viagra levitra cialis comparison
any drug effects side there viagra 5citrate generic sildenafil viagra 100 viagra faq
viagra levitra comparison 5viagra levitra cialis apcalis regalis zenegra discount viagra cialis
entry entry greymatter home optional page previous viagra weblog 6 free sample viagra free prescription viagra
alternative herb natural viagra 78 zenegra viagra dose anxiety relief online prescription medicine viagra
generic female viagra a href viagra a alternative buy lavitra levitra viagra
direct generic viagra a q name buy viagra viagra women
viagra side affects abc video premature baby viagra discount pharmacy purchase viagra
free online viagra about viagra cheapest viagra viagra price
comparison pfizer viagra ace inhibiters and viagra dysfunction erectile viagra

Bill Sisk just wrote an article on the Microsoft Security Response Centre (MSRC) blog:

There have been conflicting public reports describing a recent rash of web server attacks. I want to bring some clarification about the reports and point you to the IIS blog for additional information.

To begin with, our investigation has shown that there are no new or unknown vulnerabilities being exploited. This wave is not a result of a vulnerability in Internet Information Services or Microsoft SQL Server. We have also determined that these attacks are in no way related to Microsoft Security Advisory (951306).

The attacks are facilitated by SQL injection exploits and are not issues related to IIS 6.0, ASP, ASP.Net or Microsoft SQL technologies. SQL injection attacks enable malicious users to execute commands in an application’s database. To protect against SQL injection attacks the developer of the Web site or application must use industry best practices outlined here. Our counterparts over on the IIS blog have written a post with a wealth of information for web developers and IT Professionals can take to minimize their exposure to these types of attacks by minimizing the attack surface area in their code and server configurations. Additional information can be found here: http://blogs.iis.net/bills/archive/2008/04/25/sql-injection-attacks-on-iis-web-servers.aspx �

As outlined in other reports the security flaw seems to be in poor code on websites, hackers a merely taking advantage of it on a massive scale.
Installing updates and blocking any malicious websites is the best method to protect your IIS Server.

�

Earlier this week I published a post regarding a vulnerability in several versions of Microsoft Windows…
…Well the vulnerability is now being executed-there is another round of Mass SQL injections going on which has infected hundreds of thousands of websites running on the IIS platform.

Preforming a simple Google search for traces of the malicious script results in over 510,000 modified pages.

With more and more websites using a SQL back-end to make them faster and more dynamic, it also means that it’s crucial to verify what information get stored in or requested from those databases - especially if you allow users to upload content themselves which happens all the time in discussion forums, blogs, feedback forms etc. Unless that data is sanitized before it gets saved you can’t control what the website will show to the users. This is what SQL injection is all about, exploiting weaknesses in these controls.

Currently the malicious file that is being injected is 1.js however it must be noted that this could change at any stage. Visitors to this website are “treated” to 8 different exploits for many windows based applications including AIM, RealPlayer, and iTunes. DO NOTvisit sites that link to this site as you are very likely to get infected. Trendmicro named the malware toj_agent.KAQ it watches for passwords and passes them back to contoller’s ip.

In this case the injection code starts off like this (note, this is not the complete code):

   DECLARE%20@S%20NVARCHAR(4000);SET%20@S=CAST(0x440045004300
   4C00410052004500200040005400200076006100720063006800610072
   00280032003500350029002C0040004300200076006100720063006800
   610072002800320035003500290020004400450043004C004100520045
   0020005400610062006C0065005F0043007500720073006F0072002000
   43005500520053004F005200200046004F0052002000730065006C0065
   0063007400200061002E006E0061006D0065002C0062002E006E006100
   6D0065002000660072006F006D0020007300790073006F0062006A0065
   00630074007300200061002C0073007900730063006F006C0075006D00
   6E00730020006200200077006800650072006500200061002E00690064
   003D0062002E0069006400200061006E006400200061002E0078007400
   7900700065003D00270075002700200061006E0064002000280062002E
   00780074007900700065003D003900390020006F007200200062002E00
   780074007900700065003D003300350020006…

Which when decoded becomes:

   DECLARE @T varchar(255)'@C varchar(255) DECLARE Table_Cursor
   CURSOR FOR select a.name'b.name from sysobjects a'syscolumns b
   where a.id=b.id and a.xtype='u' and (b.xtype=99 or b.xtype=35
   or b…

What happens as a result? It finds all text fields in the database and adds a link to malicious javascript to each and every one of them which will make your website display them automatically. So essentially what happened was that the attackers looked for ASP or ASPX pages containing any type of querystring (a dynamic value such as an article ID, product ID, et cetera) parameter and tried to use that to upload their SQL injection code.

So far three different domains have been used to host the malicious content — nmidahena.com, aspder.com and nihaorr1.com. There’s a set of files that gets loaded from these sites that attempts to use different exploits to install an online gaming trojan. Right now the initial exploit page on all domains are inaccessible but that could change. So if you’re a firewall administrator we recommend you to block access to them.

I would recommend that Administrators block access to hxxp:/www.nihaorr1.com and the IP it resolves to 219DOT153DOT46DOT28 at the edge or border of your network.

Info sourced from f-secure

HEROES Happen {HERE}

Microsoft have just posted the resources from the Windows Server, SQL Server & Visual Studio Heroes happen {Here}  launch. Check them out they are very informative indeed!

Catergorys include:

• Session 1 | What’s New in Windows Server 2008
• Session 2 | Virtualization and Your Infrastructure
• Session 3 | Securing Your IT Infrastructure with Windows Server 2008
• Session 4 | Exploring Windows Server 2008 Web and Application Technologies

Find the links to the slides here: http://www.technetbriefings.com/2008-launch-resources.aspx

A new version of the Visual Studio 2008 Product Comparison Guide is now available. Version 1.08 includes updates to a number or line items, but in particular it includes a lot of fixes in the debugging section and adds a section on 64-bit development features.

Also check out the update for Visual Studio 2008 and Visual Web Developer Express 2008 @ http://code.msdn.microsoft.com/KB946581

Picture this: You’re a developer who frequently writes console applications. Each day after work you go home and head to bed, you close your eyes and burnt into the darkness is the ever so familiar output of command prompt jargon.
Does the above sound like you? Sick of screen-burn in your eyes?
Well Microsoft have answered your call to give your eyes a rest

Introducing the “Consolas” font Microsoft developed specifically for developers!!

“When we began work on a project to create a new set of fonts which would take maximum advantage of ClearType, we decided to develop a fixed-pitch font for developers - because no one ever thought of their needs, and we realized a highly-readable fixed-width font would make their lives a lot easier…
…The Windows International fonts team is also working on another version that’ll support Vietnamese, and also the line draw characters that we made to support the console window.”

See for yourself-This image (as shown on IE blog is of the standard 8 x 12Px Raster font used by default in CMD.exe

Compare this to the Consolas type fonts:

You can defiantly see how much more cleaner and easy to read the new font looks compared to the old Raster font (you can’t fit as much on the screen - it’s a trade off for the best in my opinion)

Now, this font comes bundled with Microsoft Office 2007 but if you don’t happen to have Office installed or available to you Microsoft have provided a download for the font from here.
To install the font simply do the following in CMD.exe

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Console\TrueTypeFont" /v 00 /d Consolas

logoff

Note: In Windows Vista, you need to run the reg command from an elevated command prompt… When you log back in, Consolas will be an option in the “Command Prompt” Properties.

That should make the reading of Command Prompt output a whole lot more easier… Still, personally this font reminds me of the font used within Konsole/Terminal in Linux.
http://www.microsoft.com/downloads/details.aspx?familyid=22e69ae4-7e40-4807-8a86-b3d36fab68d3&displaylang=en

After months of being left in the dark after the first release of Microsoft Ultimate Extra’s for Windows Vista’s Ultimate edition Microsoft surprised us yesterday with some new content.

I admit��surprised is sort of the wrong word used to describe my feelings for the latest batch of Ultimate Extra’s…
But nonethe less - Get ready to justify Ultimate’s large price tag because today we were gifted a few cheesy Windows sound effects, some language packs and a couple more mediocre Windows Dream-scene wallpapers.

…Sure in the past we were rewarded with Texas Hold’em Poker as well as Windows Dream scene, with promises of more to come but the latest instalment has left me with a bitter taste in my mouth-I think it’s time Microsoft woke up and actually fulfilled their promise and take care of the little guy!

…But who knows, perhaps its just a Taste of whats to come?

The WoW Starts now?

Added Feature?: Windows Live Photo Show NOW appears in the list of apps to which sound events may be added. New sound effects to come?

After investigating public reports, Microsoft has published Microsoft Security Advisory 951306, which describes a vulnerability that affects multiple versions of Windows (including Windows XP Professional Service Pack 2, all supported versions and editions of Windows Server 2003, Windows Vista, Windows Vista Service Pack 1, and Windows Server 2008.)

The newly found security flaw could potentially allow a malicious local user (who has authentication) to execute specially crafted code to raise his privilege level to LocalSystem. IIS and SQL Server are the main attack vectors. But other vectors are possible, such as Microsoft Distributed Transaction Coordinator (MSDTC) on Windows Server 2003.

The vulnerability looks like it basically allows for any process that has the SeImpersonatePrivilege to execute some code and be able to impersonate LocalSystem (which has the NT AUTHORITY\SYSTEM SID and a wealth of privileges in its token). For Windows 2003 and beyond the users awarded that privilege are in the Network Services, Local Services, Local System, and Administrators groups. On Vista/Server 2008 you additionally won’t have the privilege unless you’ve elevated. That fortunately reduces the scope of this otherwise highly serious vulnerability, though it still isn’t pretty.

It must be noted however  Microsoft stated in its advisory that- “Hosting providers may be at increased risk from this elevation of privilege vulnerability.” However, no exploitation has been observed at this time.
Microsoft Security Advisory 951306

Ever since i made the change to Vista I have noticed that the browsing of network folders  on my network was slow-with OR without connecting through a domain (esp When browsing Windows Server 2003 shared folders).

When opening the network folder your computer displays straight away but there is  5-6+ second wait before other network computers & shares are displayed…

So what to do? The fix involves changing two settings from the command prompt. You need to run the command prompt as an administrator. You can do this by right-clicking and selecting run as administrator. Type in the following commands:

netsh int tcp set global autotuninglevel=disabled
netsh int tcp set global rss=disabled

You will need to restart your machine afterwards. The difference is night and day. I wonder what the reasoning was for not having Vista set like this out of the box?If you are unhappy with the changes you can restore the default settings with

netsh int tcp set global autotuninglevel=normal
netsh int tcp set global rss=enabled

 I saw this fix over at Excalibur Partners

If you are a Microsoft Certified Systems Administrator (MCSA) or a Microsoft Certified Systems Engineer (MCSE) on Windows Server 2003, you can now transfer your skills to achieve multiple Microsoft Certified Technology Specialist (MCTS) certifications or Microsoft Certified IT Professional (MCITP) credentials on Windows Server 2008.

For the first time, the transition path is available before the product release. If you have a Windows Server 2008 certification on your resumé, you have an excellent opportunity to catch the eye of early adopter organizations. Microsoft Learning developed this transition path to recognize the investment and expertise you have demonstrated throughout your certification history—don’t miss your chance to take advantage of these new certifications.

Your path consists of one exam, which allows you to earn multiple Microsoft Certified Technology Specialist (MCTS) certifications on Windows Server 2008.
-First step: Take one exam to earn MCTS certification on Windows Server 2008

From there, you can complete the remaining requirements for one or both of the Microsoft Certified IT Professional (MCITP) certifications for Windows Server 2008.
-Your transition path from MCSA on Windows Server 2003 to MCITP 
-Your transition path from MCSE on Windows Server 2003 to MCITP

Because there is a significant technology gap between Windows 2000 Server and Windows Server 2008, only IT professionals with specific Microsoft Certifications on Windows Server 2003 can utilize these transition or upgrade paths. In addition, there is no upgrade path from messaging or security specializations to Windows Server 2008 certifications.

 Check out all the details here:
Thanks Microsoft

Well it seems as though its finally happened-Service Pack 3 for every-ones favourite OS, Windows XP has been released to manufacturing (however not available to the public just yet-expect to see it on April 29th).

Service Pack 3 updates all 32-bit versions of Windows XP from Starter to XP Professional (the x64 edition of XP is based on Server 2003 and requires the Service Packs for that product). The complete package from the Download Center will reportedly be some 320 MB. Downloads via the Update function will be around 70 MB according to Microsoft’s current plans; this update can be so much smaller because only the data required for a specific XP version are downloaded, not the entire package.

Support for Windows XP without any service packs expired long ago and officially SP2 has to already be installed before SP3 can be installed, despite the fact there is no technical reason for this requirement. However Microsoft is inconsistent and SP3 can in practice be installed on XP with only SP1. Strangely, the complete SP3 contains all of the patches you need to update even a fresh base version of XP. Microsoft says that a slipstream installation CD can be created so that the operating system with SP3 can be installed at once without any other service pack.

SP3 not only contains patches and updates, but also a number of add-onsthat have been sold separately, such as Background Intelligent Transfer Service (Bits) 2.5, Windows Installer 3.1, Management Console (MMC) 3.0 and Core XML Services 6.0. SP3 does not, however, contain any fundamentally new functions, and no new versions of Internet Explorer or Media Player are included.

This is set to be the very last Service pack for XP however patches and updates for the OS are set to continue until Service Pack 3 expires in 2014.
A time line of SP3:

An overview for SP3 is available here (MSFT), however expect new documentation to arise pretty soon.