From MS Exchange Team Blog:
Recently Apple released iOS 4 (the new name for the operating system that runs on iPhones, iPod touches, and iPads). Since its release there have been numerous reports (link, link, link) of a number of issues with new iPhone 4s (and older iPhone models running the updated software version) when using Exchange ActiveSync (EAS). I wanted to put up a quick posting about what issues users may be seeing and what we’re doing about it.
One of my biggest worries about running my fathers business’s Sharepoint (WSS) and Exchange (Packaged with SBS 2003) is the element of Backing up and Expandability. I always fear the day that i would get the dreaded phonecall (you know the one that all Administrators dread) in which email is offline or the sharepoint is offline / missing files. I have been lucky to date in that ive only had one failure in which i was able to use a backup to restore everything.
Pet hate of mine is creation of new computer accounts (ahhh) for machines that have been reimaged, rejoining the same account is actually really simple!
- Open up AD Users & Computers
- Find your computer account
- Right click an hit “Reset”
- Join the computer to the domain with the old account.
Bam, computers back on the domain with the same name and groups! Simple
As consultants we always have the challenge of migrating from one Desktop OS to a Newer Version and normally we stick to the same products: USMT, SCCM and Radia CAE; Its rare that we deviate from this because we know that USMT + SCCM or Radia is bullet proof, millions of desktops have been migrated this way with much success.
So here we are in 2010! 2009 was good, but if your a big geek like me well let me assure you 2010 will not disappoint you, 2010 has got something for everyone in store.
What does Hydraq do?
Hydraq is a targeted attack that installs itself on a user’s computer or an organization’s server. It then can be used to search an organization for private information. Hydra can capture and forward all information from an infected computer, including a live feed of windows on a screen and all information typed on the keyboard. Hydra can also be remotely updated to perform additional tasks, including attempting to compromise other machines.
How does Hydraq infect a computer?
- Through a vulnerability in the Internet Explorer web browser HTTP MSIE Memory Corruption Code Exec (BID 37815)
- As an attachment to an email using a pdf file read by Adobe Acrobat, Adobe Reader, and Adobe Flash Player Adobe APSB09-10
Typically an email is sent to an individual or small group of individuals, within an organization. All efforts are made to make the email look legitimate, that is, it will appear as though it was sent by somebody the recipient trusts . The subject matter will often be related to the recipient’s area of business. In order to install the malware, the user must be tricked into either clicking a malicious link or opening an attachment. Both methods then exploit a vulnerability to install the Trojan onto the machine.
What is the current state of Hydraq?
At this time, the command and control servers are no longer active so any of the Hydraq trojans still remaining in the field are effectively non-functional. Symantec has released definitions to detect and remove infections of the Hydraq trojan.
Customers are encouraged to follow best practices in general and specifically to update to the latest patches available for Adobe Acrobat, Adobe Reader, and Adobe Flash Player. See: Adobe APSB09-10. At this time a patch is not available for the Internet Explorer, but IPS signatures have been released by Symantec which block exploitation of both vulnerabilities.
Information on Hydraq
- Security Blog: The Trojan.Hydraq Incident
- Security Blog: Protect Yourself Against Exploit Targeting New IE Zero-Day Vulnerability
- Security Response Report: Trojan.Hydraq
Symantec customers are protected
Our product and services teams discuss how Symantec customers are effectively protected from this threat.
Symantec Protection Suite
The Hydraq attacks were targeted at the core security infrastructure of organizations. Multiple layers of defense bolster an organization’s ability to defend against such attacks. Symantec Protection Suite users have a robust defense at the gateway with Brightmail Gateway for SMTP email security, along with Web Gateway for Web traffic and usage, ensuring that an organization is able to monitor all incoming and outgoing mail and Web traffic – constantly monitoring for and stopping threats. The Protection Suite ensures endpoints are clean with its market-leading Endpoint Security product. Finally, by having access to Symantec’s Backup Exec for desktops and laptops, in the event an endpoint is infected, doing a complete re-image is quick and easy, ensuring up-time and employee productivity. Symantec’s security products are backed by our Global Intelligence Network, ensuring customers are protected and up-to-date on rules and signatures.
Symantec Security Information Manager
A number of these attacks were achieved using a combination of attack vectors, resulting in back door Trojans being installed. Security Information Manager can effectively collect and prioritize these events as they occur across the layered security solutions that need to be deployed to protect against a broad variety of these attack vectors. Security Information Manager can further contribute global intelligence to the correlation process to include malicious IP, Worm IP and Botnet IP lists that can be manually updated to automatically conclude incidents around this particular attack. Early detection of single exploited attack vectors may provide preemptive visibility to attacks before they can fully execute.
DeepSight Early Warning Services
Symantec DeepSight Early Warning Services provides actionable intelligence covering the complete threat lifecycle, from initial vulnerability to active attack. On January 15 we published a journal about a new unpatched Microsoft Internet Explorer vulnerability, which is leveraged by malware identified by Symantec as Trojan.Hydraq. DeepSight Analysts continue to provide updates to this evolving threat as new information becomes available. DeepSight subscribers benefit from personalized notifications and expert analysis (including patches, countermeasures and workarounds) to better protect critical information assets against a potential attack.
Symantec Managed Security Services
Symantec Managed Security Services monitors over 800 customers (including 92 of the Fortune 500). In response to this threat, Symantec MSS updated our detection capabilities for both the targeted Trojan.Hydraq as well as exploits against the recent IE vulnerability. This monitoring includes customers’ firewalls, intrusion detection sensors (IDS), web proxies and system logs. As this threat is primarily client side, any clients with our Managed Endpoint Security service also received updates to protect their endpoints from this attack. Our SOC Analysts are available to work with customers to take proactive steps to mitigate the IE vulnerability within their enterprise as needed.
Symantec Critical Systems Protection
The focus of these attacks was to steal intellectual property. Symantec Critical Systems Protection plays a significant role in defending this data by placing constraints around which users and applications have access to sensitive data. Any unauthorized users or applications would have been denied access to the data and an alert would have been generated by making the attempt. Additionally, Symantec Critical Systems Protection provides out-of-the-box protection against both known and unknown remote code execution attempts.
Altiris Total Management Suite
With this attack, Total Management Suite customers benefit from the ability to gain complete visibility into their IT environment. Users run accurate asset inventory reports to react quickly to threats and vulnerabilities and take the necessary steps to remediate. Total Management Suite will have quickly found the necessary software updates and/or patches then run automatic processes for all assets – like upgrading to IE 8 in this case. Total Management Suite also generates reports to ensure successful updates or migrations, and update asset inventory reports to prepare for ongoing management.
Symantec Hosted Services
Trojan.Hydraq spans multiple communication protocols and can evade signature-based detection. Symantec Hosted Services help protect against converged threats that span email, Web, and instant messaging. Our proprietary heuristic technology for malware and spam filtering, captures and shares threat intelligence across these protocols and provides identification of previously unseen threats. All managed via a single, integrated security management console that simplifies administration while increasing visibility and control.
| For more information about the Windows Springboard Series visit http://go.microsoft.com/?linkid=8418918.
In June of 2009 I wrote an article about a feature of Windows 7 that I loved… but couldn’t at the time confirm would actually make it into the final release of Windows 7. In fact I was unable to find any documentation on it at all, which led me to believe, late one night, that I might have violated a non-disclosure agreement. The article was called Smartphones and Windows 7 – VERY Smart!
Fortunately the feature made it through, and here is how I set it up and access it.
Once I did all of that my phone rang… complete coincidence of course, but the timing was great. I put on my headset (Microsoft LifeChat LX-3000) and answered the phone… the call came through over the headset.
I know that on the previous post the screen shot showed that I could enter a phone number to dial, hang up, and so on. I suspect this functionality will differ by phone model; I still have my old phone configured and the screen shot is slightly different; having said that the dial-from-computer functionality never worked on the old one – always said ‘not supported by this phone’.
Give this a shot… it is much easier to make calls without having to hold the phone to your ear for hours!
For more information about the Windows Springboard Series visit http://go.microsoft.com/?linkid=8418918.