You are here

Feed aggregator

The story behind Windows XP's Bliss wallpaper

MSDN Blogs - 2 hours 20 min ago

This is a follow on from my post last week: Goodbye Windows XP - Hello Windows 8.1 Update, where we discussed the end of support for Windows XP.

What do Autumn, Azul, Bliss, Radiance, Red moon dessert, Stonehenge and Wind all have in common?

Ok, the article's heading is a huge hint. They are the names of the Windows XP's standard wallpaper images.

The image known as Bliss is probably the most iconic of all of them and has graced computer screens all around the world for many years.

Below is the story behind the wallpaper and its photographer Charles O'Rear:

 

The story behind the wallpaper we'll never forget (Direct Link)

(Please visit the site to view this video)

 

From the comments on the video, here is a link to what the hill looks like now (well as at May 2011).

Happy Easter

David

CUSTOMER RELATIONSHIP MANAGEMENT – April 2014 Readiness Update

MSDN Blogs - 2 hours 57 min ago

Save the date for Convergence 2014 Europe: November 4-6, Barcelona

Convergence is the premiere event where you can join other members of the Microsoft business community to network, learn and meet with industry experts. You'll also get to see how opportunity and innovation meet to deliver real business value. Save the date on your calendar for this upcoming Convergence and visit the event website for more details. Questions? Contact MBS Events Inbox and find more info here.

Microsoft Dynamics will be at WPC 2014

Microsoft Dynamics will be part of this year’s Worldwide Partner Conference coming up in Washington, DC July 13-17, 2014. Build credibility and strengthen the Microsoft Dynamics partner channel, share best practices, and choose to attend Dynamics-focused sessions. Visit the WPC event website for more details. Questions around the Microsoft Dynamics presence at WPC 2014? Visit PartnerSource or email the MBS Events Inbox.

Microsoft Dynamics CRM Spring Wave launch portal

Get ready for the upcoming Microsoft Dynamics CRM Spring Wave of releases. There is a vast amount of new readiness content now available, including Getting Ready Guides and preview session recordings; more content continues to be added as the releases draw near.

Co-op Position Opening - PAID

CIS Dept. Posts & Announcements - 5 hours 48 min ago

Pacific Mountain Workforce Consortium is looking for a Media Intern, wage $10, 19 hours per week. The Social Media Intern will play an active role in the development of PacMtn’s community outreach initiatives. The intern will work closely with Business and Community Engagement Manager, Executive Assistant and web development contractor to implement a social media presence for the organization, update/maintain the pacmtn.org website and perform other community engagement projects as needed.

read more

SmartWatch, Processing 2, C# and the love affair with Java

MSDN Blogs - 5 hours 49 min ago
Here is a question: Who owns C#? Answer: No One Another question: Who owns Java? Answer: Oracle Just saying. Processing 2 for example is OpenSource but not open specification, it does have a community, but like TouchDevelop, it is an unusual language that is useful for programming Arduinos.  Are there other products like the Arduino?  Sure. Now to the SmartWatch: Who owns ‘C” and who owns “Javascript”?  No One. So what is this love affair with Java, I just don’t get it.  Keep...(read more)

EWS PUSH - What is the StatusFrequency for

MSDN Blogs - 5 hours 58 min ago

The StatusFrequency value used in EWS Push notifications is often misunderstood.  So, I will try to provide some information on this setting which may help.

The important thing to understand:  StatusFrequency is really not a "frequency" - it’s a maximum timeout value based upon the maximum number of retries - StatusFrequency is in essence the number of retries.

Its best to wait at least twice the time of the expected time out before re-issuing the PUSH request. Push subscriptions notifications will be sent  until the maximum number of minutes is reached (specified by the StatusFrequency element. The way it works is that the initial notification should be tried right away, if that fails then the next try is in 30 seconds.  After that, the next retry is double the prior one... 30, 60, 120, 240 seconds... Each retry is basically the" frequency" of retries. The retries are done until the frequency you specified is reached. Note that the actual time of the PUSH occurs may be delayed by other things happening on the sever, so the expected PUSH time is not exact. The default retry with EWS is 30 seconds.  The Exchange managed API has a default of 30 minutes - that's six retries.  

    Retry     Seconds      Time

    0         0:00         Initial Sync
    1         30           00:30
    2         60           01:00
    3         120          02:00
    4         240          04:00
    5         480          08:00
    6         960          16:00
    7         1920         32:00
    8         3840         1:004:00

Related links:

Subscribe:
http://msdn.microsoft.com/en-us/library/office/aa566188(v=exchg.140).aspx

FrequencyStatus
http://msdn.microsoft.com/en-us/library/aa564048(v=exchg.80).aspx

Unsubscribe Operation:
http://msdn.microsoft.com/en-us/library/office/aa564263(v=exchg.140).aspx

Here are some other things to note as your doing Push Notifications...

Push notification subscriptions:

There were some issues with Exchange 2010 and 2013 which were fixed in the latest hotfix rollups – so, it’s important that any issue you encounter has been tested with the latest rollups.

Here are some important points.

  1. Keep in mind that watermarks are good for 30 days. 
  2. Water marks always change - you get the old one off the prior call and use it with the next call.  Don't forget to store the last one - you will need it to do the next call.
  3. Notifications do a have a timeout value within that based upon the “StatusFrequency”.  See: http://msdn.microsoft.com/en-us/library/office/aa564048(v=exchg.150).aspx
  4. For Push notations, your code needs a time based piece of compensation code for when notifications have not been received for a while –
    You may need to re-subscribe when that happens.  Notifications can and do fail – expect this to happen sometimes.  This is why you need to have compensating code to check for notifications and have not received a notification for a while.  Also note that sometimes the CAS will delay a response due to things such as it being overloaded.
  5. If the watermark times out then you have to resync and re-subscribe – ie start from zero and do a full new resync.

If your still within the 30 days of the water mark but the frequency has past then do a re-subscribe using the last watermark.

  1. Re-subscribe with the existing watermark if its valid.  Don’t unsubscribe and re-subscribe unless you want to cancel the subscription instead of letting the subscription just timeout.
  2. If your code is just looking for newmail notifications
    and the server is on-premise then a transport agent may be a lot more
    efficient.  This type of application is often used when a lot of mailboxes
    are involved and certain events such as newmail need to have code run when they
    are raised.

Timeout:

  1. The Exchange Managed API has a timeout which can be increased.
  2. There is a timeout server side which you might also be able to increase.  An administrator would need to set this.  This setting cannot be changed for 365 as I understand it.
  3.  Your code should have retry logic.  Servers do get busy.
  4. Be sure that the application is not exceeding throttling limits with your application for that server . 
  5. Check the event logs if you get a busy error in case you got throttled.

Listeners:

With listeners there should be 1 listener per process.  Yes, that means you should have just one in your listening application.  The way the listening application should work is to have the listener listen to all incoming traffic and then spawn a new thread to handle each notification as its received. So, basically the listener just receives the notifications and hands off the work to be done.  This allows the listening thread to not be tied up.  This allows the application to handle an immense amount of notifications at once and process them.

Autodiscover:

If you get the EAS URL through Auto discover and cache it then it would increase performance.  AutoDiscover requires a lot of calls, so a lot of AutoDiscover activity can reduce performance. The thing is to avoid doing AutoDisover as much as possible.  However, its recommended to redo auto discover every 24 hours for mailboxes in order to get the optimal CAS server – you might be able to increase or skip this for on-premise mailboxes if the environment does not get changed often. If the mailboxes are not on-premise then set the scplookup setting on the Exchange Managed API service object to false – this will cause AD lookups to be skipped.

Consider doing a call using GetUserSettings to instead of doing AutoDiscover off of the service object whenever possible. Why?  It allows you to specify an array of addresses, which is more efficeient than doing separate AutoDiscover calls for each mailbox off of a service object.

 

German Students: Join Us on April 21st for a Live Webinar on Building SharePoint Apps Using JavaScript

MSDN Blogs - 6 hours 12 min ago

Please join us on Monday April 21st where SharePoint MVP and student mentor Thorsten Hans will be presenting a LIVE German language webinar on "Building SharePoint Apps Using JavaScript" 

When:  Monday April 21st, 2014

Time:  5pm UTC/GMT

7pm Germany

10am US Pacific Time

Where: https://join.microsoft.com/meet/karifinn/B4M3V5KW?sl=

If you do not have Microsoft Lync installed, clicking on this link will bring you to the Microsoft Lync Web App installation page

This event is part of our ongoing MVP Webinar series where we host events in German, English and other languages.  To view the recordings of our past events, please visit our YouTube Page

Hope you can join us live!

Pebble Watch: Building an app that incorporates the Pebble Watch

MSDN Blogs - 6 hours 13 min ago
This blog is making any statements about a “Microsoft” Official watch, except that I thought that the MSN watch was pretty cool, and the SPOT technology was SPOT on.  So again, this is NOT an official statement about a “Microsoft” Official Watch or software related to that.  If it was I would mention that the SPOT technology was used in the previous Microsoft Watch, and it can be found at the Microsoft Microframework community site: http://www.netmf.com/ , which I think is still alive and...(read more)

Webcast - Entendendo o MS Curah e Recapitulando as Boas Práticas do TechNet Wiki

MSDN Blogs - 6 hours 16 min ago
Conheça o Projeto Curah e como colaborar para aumentar a sua abrangência nas redes através do compartilhamento dos seus links favoritos e relembre como utilizar corretamente o TechNet Wiki, postando novos artigos e se destacando como escritor. Nesse webcast, Yuri Diógenes (Microsoft Senior Engineer) nos mostrará como alcançar esses objetivos e utilizar corretamente essas grandes ferramentas. Participe! Dia: 30/04/2014 - 20h00 Inscreva-se aqui Abraços, Fernanda Saraiva...(read more)

Microsoft Data Platform brings support for Internet of (your) Things

MSDN Blogs - 6 hours 19 min ago

This week Microsoft laid out its vision for Microsoft’s Data Platform which consists of key services based on Services provided through Office, Azure and SQL Server division.

The platform consists of three layers.
The first layer Azure Intelligent Systems Service which provides a way to collect data (sometime also referred to as Data Exhaust) from Internet of Things devices.

The second layer comprises of the Data Platform which can store vast amounts of data either through SQL Server 2014 or various Azure Services.

The third layer is the Analytics Platform System which provides way to analyze the stored data to create new type of products and services to your customers.

More related information can be found at the resources below:

Microsoft’s new data platform spans Office, Azure, & SQL

Microsoft: A data culture for everyone by Satya Nadella

Microsoft: Data dividend info graphic

Microsoft: Press release

Microsoft: Create the Internet of Your Things

10 reasons your business needs a strategy to capitalize on the Internet of Things today

Setting up Kerberos Authentication for a Website in IIS

MSDN Blogs - 6 hours 20 min ago

I had previously blogged on the working of Kerberos and how to troubleshoot authentication issues with Kerberos when it fails. Then I thought it would be good if I can also document the basic steps we look into when configuring Kerberos for a site. Over here we look into step by step process of the changes we need to make when we want to setup Kerberos for a site.

Please go through the blog on how Kerberos works before going through the setup blog.

The below steps will take you through the setup of Kerberos for a site. Steps 1-8 should be sufficient when you want Kerberos for the site to be configured only for single HOP. The steps followed from Step 9 shows you the configuration when you want to configure double hop i.e delegate the logged in account to a backend server (for eg a sql service).

Steps:

Configuration for single hop:

1) Click on the website, go to authentication and make sure that windows authentication is enabled.

2) Make sure that when you want to use windows authentication, anonymous authentication is not enabled, which is a common mistake I have observed. Because anonymous authentication takes more precedence than windows authentication. Below is the link which talks about precedence in authentication.

http://msdn.microsoft.com/en-us/library/ee825205(v=cs.10).aspx

3) Enabling windows authentication doesn’t mean Kerberos protocol will be used. It might also use NTLM which is also a provider in windows authentication. In order to setup Kerberos for the site, make sure “Negotiate” is at the top of the list in providers section that you can see when you select windows authentication. Negotiate is a provider or container which supports Kerberos protocol and it also contains NTLM as a backup when Kerberos fails due to some reason. But one important thing to keep in mind over here is when we want to use Kerberos “Negotiate” should be at the top.

4) So above three steps should be sufficient when you want to browse your site with the machine name as http://machinename or http://FQDN of machine name and you need not create any SPN’s (concept of SPN is explained in my previous blog) as you will have a HOST SPN registered to your machine account by default when you join a machine to a domain. HOST SPN is similar to HTTP SPN’s and should be sufficient when you want to access a site over Kerberos.

For eg: If you have a machine with the name ‘illuminati’ a host SPN for illuminati will be present and it will be registered to your inbuilt machine account. You can confirm this through running the below command.

Setspn –l machineaccount

Setspn –l illuminati : this will query for all the SPN’S registered to the machine account illuminati.

5) If you want to access the site with a custom hostname we need to create appropriate SPN for the hostname and we need to register it either to the machine account or to the domain account.

We usually don’t register the SPN to a machine account and choose domain accounts when we have a web farm scenario (same site hosted in multiple servers behind a load balancer) and the same ticket from AD should be accessible in all the machines in the farm.

6) Let’s consider the below scenario with imaginary hostname, machine name and a domain account.

FQDN Machine name: illuminatiserver.domain.com

Hostname: Kerberos.com

Domain account: domain\chiranth

Note: Be careful while choosing a hostname. The hostname shouldn’t have “www.” If we have www in the hostname Kerberos will fail, because when a client tries to access a site with hostname www in it, it will try to go over internet rather than intranet zone.

7) For the above requirements with a custom hostname we can create SPN’s in either one of the two ways. It can be chosen on your requirement and the policies you have.

Method 1: Registering a SPN to a machine account.

When you have a custom hostname and you want to register it to a machine account, you need to create an SPN as below.

Setspn –a HTTP/HOSTNAME machineaccount

Eg: setspn –a HTTP/Kerberos.com illuminatiserver

Method 2: Registering a SPN to a domain account.

When you have a custom hostname and you want to register it to a domain account, you need to create a SPN a below.

Setspn –a HTTP/HOSTNAME domainaccount

Eg: setspn –a HTTP/Kerberos.com domain\chiram

Note: These commands can be run on any machines within the domain but In order to create or delete SPN’s you need to be a domain admin privileges.

8) So once we have the proper SPN in place we need to modify the configuration of IIS such that we point IIS to the account to which we have the SPN registered and what account’s credentials IIS needs to use to decrypt the ticket forwarded by the client which obtained from AD. So again based on the above two variations, configuration settings will differ as below.

Method 1: Configuration when we have SPN registered to machine account.

a) Click on the site and go to configuration editor and traverse to the path system.webServer/security/authentication/windowsAuthentication

b) Make sure that usekernel mode is set to true. Usekernel mode setting tells IIS that it needs to use its machine account to decrypt the Kerberos token/ticket which was obtained from AD and forwarded by the client to the server to authenticate the user.

c) Also when have usekernel mode set to true the decryption of the ticket happens at the kernel level which is performance effective and a faster process.

Method 2: Configuration when we have SPN registered to the domain account.

a) Go to advanced settings of your application pool under which your website is running and change the identity to the domain account. In our case it will be domain\chiranth

b) Now Click on the site and go to configuration editor and traverse to the path system.webServer/security/authentication/windowsAuthentication

d) Make sure that you have “useAppPoolCredentials” set to true. When you have “useAppPoolCredentials” set to true you are telling IIS that it needs to use its application pool identity(which we have changed in the previous step to point to domain account) to decrypt the Kerberos token/ticket which was obtained from AD and forwarded by the client to the server to authenticate the user.

c) Also when we have “useAppPoolCredentials” set to true decryption happens at the user level.

Note: If we have both useAppPoolCredentials and kernel mode set to true useAppPoolCredentials takes precedence. Usekernelmode setting was introduced from IIS 7 and higher versions. In IIS 6 and lower version always the application pool identity was used for decryption of the token/ticket and it used to happen at the user level.

Configuration for double hop:

9) The above steps should be sufficient if you expect your site to work over a single Hop. But if you want to delegate the logged in credentials to the backend server, For e.g. if you are passing the logged in credentials to the backend database server and have integrated security = true /SSPI you need to continue following the below steps.

10) Click on site and in authentication section make sure that you have ASP.NET impersonation enabled along with windows authentication.

11) Now you need to specify in AD that the account to which your HTTP service/SPN is registered (for the hostname) is authorized to delegate the user logged in credentials to any backend service (for eg: MSSQL service). This setting again varies on the type of SPN you have registered and might fall under any one of the below categories.

Method 1: When SPN is registered to machine account.

a) Go to Active directory Users and Computers.

b) Click on computers.

c) Search for your computername (in our case illuminatiserver) and go to its properties.

d) Select the delegation tab and choose the second option (unconstrained delegation) ‘Trust this computer for delegation to any service’ where you are authorizing the machine account “illuminatiserver” with the power to delegate the logged in credentials of an user to any backend service running on any machine.

Method 2: When SPN is registered to a domain account.

a) Go to Active directory Users and Computers.

b) Click on Users.

c) Search for your domain user account (in our case domain\chiranth) and go to its properties.

d) Select the delegation tab and choose the second option (unconstrained delegation) ‘Trust this account for delegation to any service’ where you are authorizing the domain account “illuminatiserver” with the power to delegate the logged in credentials of an user to any backend service running on any machine.

12) We might have policies where we don’t want to enable delegation to all the services i.e we don’t want to have unconstrained delegation setup due to some security policies in such cases we need to enable constrained delegation.

To enable constrained delegation on the delegation tab select the 3rd option where it says “Trust this account for delegation to specified service” and in the bottom windows you can add the list of backend services (MSSQLSVC, CIFS service) specific to the machines to which your SPN account can delegate the login credentials.

For eg: I have registered my HTTP SPN to domain\chiranth and in the delagtion tab of chiranth I have selected the third option “Trust this account for delegation to specified service” and in the list of service I have specified MSSQLSvc/MySQLServer:1433.

The above setting specifies that domain\chiranth account will be able to delegate the logged in credentials in IIS server to only MSSQLSvc running MySQLServer on port 1433 and no other services or machines.

Hope this helps J

Technorati Tags: ,,,,,,,,

Game Dev Blog Series Recap

MSDN Blogs - 6 hours 26 min ago

Well this concludes our game dev blog series. I hope that you have learnt something from it, whether it was how to get started with Unity or how to port one of your existing games to Windows or one of the many other topics covered. If you have any feedback or anything that you particularly enjoyed or would like to see more of in the future, please leave a comment! If you've published your game to the Windows Store, leave me a link!

Don't forget about the additional resources that are available on AppBuilder, or the awesome offer Microsoft has going on for Unity developers

Thank you for tuning in!

How does [BlobInput] work?

MSDN Blogs - 7 hours 5 min ago

The Azure WebJobs SDK supports running functions when a new blob is added.  IE, you can write code like this:

public static void CopyWithStream( [BlobInput("container/in/{name}")] Stream input, [BlobOutput("container/out1/{name}")] Stream output ) { Debug.Assert(input.CanRead && !input.CanWrite); Debug.Assert(!output.CanRead && output.CanWrite); input.CopyTo(output); }

See modelbinding to blobs for how we bind the blob to types like Stream.  In this entry, I wanted to explain how we handle the blob listening.  The executive summary is:

  1. The existing blobs in your container are processed immediately on startup.
  2. But once you’re in steady state, [BlobInput] detection (from external sources) can take up to 10 minutes. If you need fast responses, use [QueueInput].
  3. [BlobInput] can be triggered multiple times on the same blob. But the function will only run if the input is newer than the outputs.

More details…

Blob listening is tricky since the Azure Storage APIs don’t provide this directly. WebJobs SDK builds this on top of the existing storage APIs by:

1. Determining the set of containers to listen on by scanning  the [BlobInput] attributes in your program via reflection in the JobHost ctor. This is a  fixed list because while the blob names can have { } expressions, the container names must be constants.  IE, in the above case, the container is named “container”, and then we scan for any blobs in that container that match the name “in/{name}”.

2. When JobHost.RunAndBlock is first called, it will kick off a background scan of the containers. This is naively using CloudBlobContainer.ListBlobs.

    a. For small containers, this is quick and gives a nice instant feel.  
    b. For large containers, the scan can take a long time.

3. For steady state, it will scan the azure storage logs. This provides a highly efficient way of getting notifications for blobs across all containers without pulling. Unfortunately, the storage logs are buffered and only updated every 10 minutes, and so that means that the steady state detection for new blobs can have  a 5-10 minute lag. For fast response times at scale, our recommendation is to use Queues.

The scanning from #2 and #3 are done in parallel.

4. There is an optimization where any blob written via a [BlobOutput] (as opposed to being written by some external source) will optimistically check for any matching [BlobInputs], without relying on #2 or #3. This lets them chain very quickly. This means that a [QueueInput] can start a chain of blob outputs / inputs, and it can still be very efficient.

See Also

Обновления для Internet Explorer в апреле 2014 г.

MSDN Blogs - 7 hours 20 min ago

Бюллетень по безопасности (Майкрософт) MS14-018 — критический

С помощью этого обновления безопасности в Internet Explorer устраняются шесть уязвимостей, о которых сообщалось неофициально. Самые серьезные уязвимости позволяли удаленно выполнять код, если пользователь Internet Explorer просматривал специально созданную веб-страницу. Злоумышленник, использовавший самые серьезные из этих уязвимостей, мог получить такие же права, как и текущий пользователь. Для пользователей, учетные записи которых настроены с предоставлением меньших прав в системе, это не так опасно, как для пользователей с правами администратора.

Уровень серьезности данного обновления безопасности определен как "Критический" для Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9 и Internet Explorer 11 на клиентах Windows и "Средний" для Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9 и Internet Explorer 11 на серверах Windows. Это не относится к Internet Explorer 10. Дополнительную информацию можно прочитать в полной версии бюллетеня.

Рекомендация. У большинства пользователей обновления выполняются автоматически. В этом случае никаких действий не потребуется, поскольку данное обновление безопасности загрузится и установится автоматически. Пользователям, у которых автоматическое обновление не включено, следует проверить наличие обновлений и установить их вручную. Информацию о конкретных настройках автоматического обновления можно найти в статье 294871 базы знаний Майкрософт.

Майкрософт рекомендует администраторам и лицам, отвечающим за корпоративное программное обеспечение, а также конечным пользователям, которые хотят установить это обновление безопасности вручную, немедленно применить это обновление, используя программное обеспечение для управления обновлениями или проверив наличие обновлений с помощью службы Центра обновления Майкрософт.

Обновление безопасности для Flash Player (2942844)

8 апреля было также выпущено обновление безопасности для Adobe Flash Player в Internet Explorer 10 и Internet Explorer 11 во всех поддерживаемых выпусках Windows 8, Windows 8.1, Windows Server 2012 и Windows Server 2012 R2. Уязвимости, устраняемые этим обновлением, подробно описаны в бюллетене по безопасности Adobe APSB14-09. Это обновление предназначено для устранения уязвимостей в Adobe Flash Player путем обновления подверженных риску двоичных файлов Adobe Flash, содержащихся в Internet Explorer 10 и Internet Explorer 11. Подробнее можно прочитать в советах.

У большинства пользователей обновления выполняются автоматически. В этом случае никаких действий не потребуется, поскольку это обновление загрузится и установится автоматически. Пользователям, у которых автоматическое обновление не включено, следует проверить наличие обновлений и установить их вручную. Информацию о конкретных настройках автоматического обновления можно найти в статье 294871 базы знаний Майкрософт.

— Уилсон Гуо (Wilson Guo), руководитель программы, Internet Explorer

Atualizações de abril de 2014 do Internet Explorer

MSDN Blogs - 7 hours 20 min ago

Boletim de Segurança da Microsoft MS14-018 - Crítica

Essa atualização de segurança resolve seis vulnerabilidades relatadas no Internet Explorer. A mais grave das vulnerabilidades permitia a execução remota de um código caso o usuário exibisse certas páginas da Web com o Internet Explorer. Um invasor que explorasse com sucesso a mais grave destas vulnerabilidades poderia ter acesso aos mesmo direitos de usuário do usuário atual. Usuários cujas contas são configuradas para ter menos direitos de usuário no sistema poderiam ser menos afetados do que usuários que operam com direitos de usuário administrador.

Essa atualização de segurança é classificada como Crítica no Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9 e Internet Explorer 11 do Windows. Ela é classificada como Moderada no Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9 e Internet Explorer 11 do Windows Server. O Internet Explorer 10 não será afetado. Para obter mais informações, consulte o boletim completo.

Recomendação. A maioria dos clientes habilitou a atualização automática e não precisará realizar nenhuma ação porque essa atualização de segurança será baixada e instalada automaticamente. Os clientes que não habilitaram a atualização automática precisam verificar as atualizações e instalá-las manualmente. Para obter mais informações sobre opções específicas de configuração da atualização automática, consulte o Artigo 294871 da Base de Dados de Conhecimento Microsoft.

Recomendamos a administradores, instalações corporativas, e usuários finais que desejam instalar esta atualização de segurança manualmente, que apliquem a atualização o mais rápido possível usando o software de gerenciamento de atualizações ou verificando atualizações pelo serviço Microsoft Update.

Atualização de segurança para o Flash Player (2942844)

Em 8 de abril, uma atualização de segurança do Adobe Flash Player no Internet Explorer 10 e 11 estará disponível em todas as edições suportadas do Windows 8, Windows 8.1, bem como do Windows Server 2012 e Windows Server 2012 R2. Os detalhes dessas vulnerabilidades estão documentados no boletim de segurança da Adobe APSB14-09. A atualização corrige as vulnerabilidades do Adobe Flash Player ao atualizar no Internet Explorer 10 e no Internet Explorer 11 os binários do Adobe Flash afetados. Para obter mais informações, consulte o comunicado.

A maioria dos clientes habilitou a atualização automática e não precisará realizar nenhuma ação porque essa atualização será baixada e instalada automaticamente. Os clientes que não habilitaram a atualização automática precisam verificar as atualizações e instalá-las manualmente. Para obter mais informações sobre opções específicas de configuração da atualização automática, consulte o Artigo 294871 da Base de Dados de Conhecimento Microsoft.

— Wilson Guo, gerente de programas, Internet Explorer

2014년 4월 Internet Explorer 업데이트

MSDN Blogs - 7 hours 20 min ago

Microsoft 보안 공지 MS14-018 - 긴급

이 보안 업데이트는 Internet Explorer에서 비공개적으로 보고된 취약점 6건을 해결합니다. 가장 심각한 취약점으로는 사용자가 Internet Explorer를 사용하여 특수 조작된 웹 페이지를 열어 볼 경우 원격 코드가 실행될 수 있다는 것입니다. 이렇게 심각한 취약점을 악용해 시스템에 침투한 해커는 현재 사용자와 동일한 권한을 얻게 됩니다. 시스템에 대한 사용자 권한이 비교적 적게 구성된 계정의 사용자는 관리자 권한으로 작업하는 사용자에 비해 영향을 덜 받을 수 있습니다.

이 보안 업데이트의 심각도는 Windows 클라이언트의 Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 11에 대해서는 '긴급' 수준이며, Windows 서버의 Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 11에 대해서는 '보통' 수준입니다. Internet Explorer 10은 영향을 받지 않습니다. 자세한 내용은 전체 공지를 참조하십시오.

권장 사항. 대부분의 사용자에게는 자동 업데이트가 설정되어 있으므로 별도의 작업 없이도 이 보안 업데이트가 자동으로 다운로드되어 설치됩니다. 자동 업데이트를 설정하지 않은 사용자는 업데이트가 있는지 확인한 후 수동으로 설치해야 합니다. 자동 업데이트의 특정 구성 옵션에 대한 자세한 내용은 Microsoft 기술 자료 문서 294871을 참조하십시오.

관리자 및 기업 설치의 경우 또는 이 보안 업데이트를 수동으로 설치하려는 최종 사용자의 경우에는 업데이트 관리 소프트웨어를 사용하거나 Microsoft 업데이트 서비스를 통해 업데이트를 확인하고 즉시 적용하는 것이 좋습니다.

Flash Player 보안 업데이트(2942844)

4월 8일부터는 지원 대상인 Windows 8, Windows 8.1과 Windows Server 2012 및 Windows Server 2012 R2 에디션의 Internet Explorer 10 및 11에 포함된 Adobe Flash Player에 대한 보안 업데이트도 가능합니다. 이 취약성에 대한 세부 내용은 Adobe 보안 공지 APSB14-09에 기록되어 있습니다. 이 업데이트는 Internet Explorer 10 및 Internet Explorer 11에 포함된, 영향을 받는 Adobe Flash 바이너리를 업데이트하여 Adobe Flash Player의 취약점을 해결합니다. 자세한 내용은 공지를 참조하십시오.

대부분의 사용자는 자동 업데이트를 사용하고 있으므로 별도의 작업 없이도 이 업데이트가 자동으로 다운로드되어 설치됩니다. 자동 업데이트를 설정하지 않은 사용자는 업데이트가 있는지 확인한 후 수동으로 설치해야 합니다. 자동 업데이트의 특정 구성 옵션에 대한 자세한 내용은 Microsoft 기술 자료 문서 294871을 참조하십시오.

- Internet Explorer 프로그램 관리자, Wilson Guo

2014 年 4 月分の Internet Explorer 用更新プログラム

MSDN Blogs - 7 hours 20 min ago

マイクロソフト セキュリティ情報 MS14-018 - 緊急

今回のセキュリティ更新プログラムは、非公開で報告された Internet Explorer の 6 つの脆弱性を解決します。最も深刻な脆弱性が悪用された場合、ユーザーが特別に細工された Web ページを Internet Explorer で表示すると、リモートでコードが実行される可能性があります。これらの脆弱性の最も深刻なものが悪用された場合、攻撃者が現在のユーザーと同じ権限を取得する可能性があります。コンピューターでのユーザー権限が低い設定のアカウントを持つユーザーは、管理者特権で実行しているユーザーよりもこの脆弱性による影響が少ないと考えられます。

このセキュリティ更新プログラムは、Windows クライアント上の Internet Explorer 6、Internet Explorer 7、Internet Explorer 8、Internet Explorer 9、および Internet Explorer 11 について深刻度を「緊急」と評価し、Windows サーバー上の Internet Explorer 6、Internet Explorer 7、Internet Explorer 8、Internet Explorer 9、および Internet Explorer 11 について深刻度を「警告」と評価しています。Internet Explorer 10 は影響を受けません。詳細情報については、セキュリティ情報ページを参照してください。

推奨する対応策: ほとんどのお客様は自動更新を有効にしていて、このセキュリティ更新プログラムが自動的にダウンロードおよびインストールされるため、特別な措置を講じる必要はありません。自動更新を有効にしていない場合、この更新プログラムを手動で確認し、インストールする必要があります。自動更新の具体的な構成オプションの詳細については、マイクロソフト サポート技術情報 294871 を参照してください。

管理者およびエンタープライズ インストール、またはこのセキュリティ更新プログラムを手動でインストールするエンド ユーザーについては、更新プログラム管理ソフトウェアまたは Microsoft Update サービスを使用して更新プログラムを確認し、この更新プログラムを直ちに適用することをお勧めします。

Flash Player のセキュリティ更新プログラム (2942844)

4 月 8 日に、サポートされているエディションの Windows 8、Windows 8.1、Windows Server 2012、および Windows Server 2012 R2 上の Internet Explorer 10 と Internet Explorer 11 の Adobe Flash Player に関するセキュリティ更新プログラムも提供されます。脆弱性の詳細については、Adobe セキュリティ情報 APSB14-09 (英語) を参照してください。この更新プログラムは、Internet Explorer 10 と Internet Explorer 11 に含まれる、影響を受ける Adobe Flash バイナリを更新することで、Adobe Flash Player の脆弱性を解決します。詳細については、アドバイザリを参照してください。

ほとんどのお客様は自動更新を有効にしていて、この更新プログラムが自動的にダウンロードおよびインストールされるため、特別な措置を講じる必要はありません。自動更新を有効にしていない場合、この更新プログラムを手動で確認し、インストールする必要があります。自動更新の具体的な構成オプションの詳細については、マイクロソフト サポート技術情報 294871 を参照してください。

— Internet Explorer 担当グループ プログラム マネージャー Wilson Guo

Mises à jour d'avril 2014 pour Internet Explorer

MSDN Blogs - 7 hours 20 min ago

Bulletin de sécurité Microsoft MS14-018 - Critique

Cette mise à jour de sécurité corrige six vulnérabilités signalées confidentiellement dans Internet Explorer. Les vulnérabilités les plus graves pourraient permettre l'exécution de code à distance si un utilisateur consultait à l'aide d'Internet Explorer une page Web spécialement conçue à cet effet. Tout attaquant parvenant à exploiter la plus grave de ces vulnérabilités pourrait obtenir les mêmes droits que l'utilisateur actuel. Les utilisateurs dont les comptes sont configurés avec des privilèges système moins élevés subiraient un impact moindre que les utilisateurs possédant des privilèges d'administrateur.

Cette mise à jour de sécurité est de niveau « critique » pour Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9 et Internet Explorer 11 sur les clients Windows. Elle est de niveau « modéré » pour Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9 et Internet Explorer 11 sur les serveurs Windows. Internet Explorer 10 n'est pas affecté par cette vulnérabilité. Pour plus d'informations, consultez le bulletin complet.

Recommandation. La majorité des clients ont activé les mises à jour automatiques et aucune intervention spécifique n'est requise de leur part, car dans ce cas, cette mise à jour de sécurité sera téléchargée et installée automatiquement. Les clients qui n'ont pas activé les mises à jour automatiques doivent effectuer une recherche de mises à jour et installer cette mise à jour manuellement. Pour plus d'informations sur les différentes options de configuration des mises à jour automatiques, consultez l'article 294871 dans la Base de connaissances Microsoft.

Microsoft recommande aux administrateurs, aux responsables d'installations d'entreprise et aux utilisateurs souhaitant installer cette mise à jour de sécurité manuellement d'appliquer cette mise à jour immédiatement, à l'aide d'un logiciel de gestion des mises à jour ou en recherchant les mises à jour par le biais du service Microsoft Update.

Mise à jour de sécurité pour Flash Player (2942844)

Depuis le 8 avril, une mise à jour de sécurité pour Adobe Flash Player dans Internet Explorer 10 et 11 sur les éditions prises en charge de Windows 8, Windows 8.1, Windows Server 2012 et Windows Server 2012 R2 est également disponible. Les détails des vulnérabilités sont documentés dans le bulletin de sécurité Adobe APSB14-09. Cette mise à jour corrige les vulnérabilités dans Adobe Flash Player en mettant à jour les binaires Adobe Flash concernés contenus dans Internet Explorer 10 et Internet Explorer 11. Pour plus d'informations, consultez l'avis de sécurité.

La majorité des clients ont activé les mises à jour automatiques et aucune intervention spécifique n'est requise de leur part, car dans ce cas, cette mise à jour sera téléchargée et installée automatiquement. Les clients qui n'ont pas activé les mises à jour automatiques doivent effectuer une recherche de mises à jour et installer cette mise à jour manuellement. Pour plus d'informations sur les différentes options de configuration des mises à jour automatiques, consultez l'article 294871 dans la Base de connaissances Microsoft.

— Wilson Guo, Chef de projet, Internet Explorer

Internet Explorer-Updates April 2014

MSDN Blogs - 7 hours 20 min ago

Microsoft Security Bulletin MS14-018 – Kritisch

Mit diesem Sicherheitsupdate werden sechs vertraulich gemeldete Sicherheitslücken in Internet Explorer geschlossen. Die schwerwiegendsten Sicherheitsrisiken können Remoteausführung von Code ermöglichen, wenn ein Benutzer eine speziell erstellte Webseite mit Internet Explorer anzeigt. Ein Angreifer, der die schwerwiegendste der Sicherheitslücken erfolgreich ausnutzt, kann die gleichen Benutzerrechte erlangen wie der aktuelle Benutzer. Für Benutzer ohne Administratorrechte hat dies womöglich geringfügigere Auswirkungen als für Benutzer mit Administratorrechten.

Dieses Sicherheitsupdate wird für Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9 und Internet Explorer 11 auf Windows-Clients als „Kritisch“ und für Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9 und Internet Explorer 11 auf Windows-Servern als „Mittel“ eingestuft. Internet Explorer 10 ist nicht betroffen. Weitere Informationen finden Sie im vollständigen Bulletin.

Empfehlung: Die meisten Kunden verwenden automatische Updates und müssen keine Maßnahmen ergreifen, da dieses Sicherheitsupdate automatisch heruntergeladen und installiert wird. Kunden, die keine automatischen Updates verwenden, müssen nach Updates suchen und dieses Update manuell installieren. Weitere Informationen über bestimmte Konfigurationsoptionen bei automatischen Updates finden Sie im Microsoft Knowledge Base-Artikel 294871.

Microsoft empfiehlt Administratoren, Unternehmen und Endbenutzern, das Update im Fall einer manuellen Installation mithilfe einer Updateverwaltungssoftware oder durch die Suche nach Updates mithilfe des Microsoft Update-Diensts umgehend anzuwenden.

Sicherheitsupdate für Flash Player (2942844)

Darüber hinaus ist seit dem 8. April ein Sicherheitsupdate für Adobe Flash Player in Internet Explorer 10 und 11 unter allen unterstützten Editionen von Windows 8, Windows 8.1, Windows Server 2012 und Windows Server 2012 R2 verfügbar. Ausführliche Informationen hierzu finden Sie im Adobe-Sicherheitsbulletin APSB14-09. Dieses Update behebt die Sicherheitsanfälligkeiten in Adobe Flash Player, indem die in Internet Explorer 10 und Internet Explorer 11 enthaltenen betroffenen Adobe Flash-Binärdateien aktualisiert werden. Weitere Informationen finden Sie in der vollständigen Sicherheitsempfehlung.

Die meisten Kunden verwenden automatische Updates und müssen keine Maßnahmen ergreifen, da dieses Update automatisch heruntergeladen und installiert wird. Kunden, die keine automatischen Updates verwenden, müssen nach Updates suchen und dieses Update manuell installieren. Weitere Informationen über bestimmte Konfigurationsoptionen bei automatischen Updates finden Sie im Microsoft Knowledge Base-Artikel 294871.

– Wilson Guo, Programmmanager, Internet Explorer

2014 年 4 月 Internet Explorer 更新

MSDN Blogs - 7 hours 20 min ago

Microsoft 安全公告 MS14-018 - 关键

该安全更新可解决 Internet Explorer 中六个未公开报告的漏洞。如果用户使用 Internet Explorer 访问经过特殊制作的网页,则最严重的漏洞可能会允许远程代码执行。成功利用这些最严重的漏洞的攻击者可以获得与当前用户相同的用户权限。与具有管理用户权限的用户相比,在帐户配置中对系统用户权限进行了限制的用户所受到的影响要小一些。

对于 Windows 客户端上的 Internet Explorer 6、Internet Explorer 7、Internet Explorer 8、Internet Explorer 9 和 Internet Explorer 11,该安全更新的等级为“关键”,对于 Windows 服务器上的 Internet Explorer 6、Internet Explorer 7、Internet Explorer 8、Internet Explorer 9 和 Internet Explorer 11,它的等级为“中等”。Internet Explorer 10 未受到影响。有关详细信息,请参阅完整公告

建议。绝大多数客户已启用自动更新,无需进行任何操作,因为系统将自动下载和安装该安全更新。未启用自动更新功能的客户需要检查更新并手动安装该更新。有关自动更新中特定配置选项的信息,请参阅 Microsoft 知识库文章 294871

对于要手动安装该安全更新的管理员和企业安装或最终用户,Microsoft 建议客户立即使用更新管理软件应用更新,或者使用 Microsoft 更新服务来检查并应用更新。

Flash Player 安全更新 (2942844)

Windows 8、Windows 8.1、Windows Server 2012 和 Windows Server 2012 R2 的受支持版本上的 Internet Explorer 10 和 11 中的 Adobe Flash Player 安全更新也于 4 月 8 日发布。Adobe 安全公告 APSB14-09 中介绍了这些漏洞的详细信息。此更新通过更新 Internet Explorer 10 和 Internet Explorer 11 中包含的受影响的 Adobe Flash 二进制文件,解决了 Adobe Flash Player 中的漏洞。有关更多信息,请参阅公告

绝大多数客户已启用自动更新并且无需进行任何操作,因为系统将自动下载和安装该更新。未启用自动更新功能的客户需要检查更新并手动安装该更新。有关自动更新中特定配置选项的信息,请参阅 Microsoft 知识库文章 294871

— Internet Explorer 项目经理 Wilson Guo

Pages

Subscribe to Randy Riness @ SPSCC aggregator
Drupal 7 Appliance - Powered by TurnKey Linux