internal
News & Links
Infrastructure News
Updated: July 8, 2008The Windows Infrastructure update to Windows server 2008 has been postponed to August, 2008.
Updated: May 10, 2008
The Windows Infrastructure group policies have been updated. The policies have been restructured to support our planned business continuity site and have been updated to better support Windows Vista clients. We have also made changes to allow for local departments to assign DRAs for EFS encryption on clients they control
See the new GPOS at: Infrastructure GPOs
Check out the EFS service pages at: EFS service
Updated: April 26, 2008
The pre-production Active Directory forest (MS) has been upgraded to Windows Server 2008 AD-DS. All clients are encouraged to test their existing IT applications and processes in preparation for production rollout.
Updated: March 27, 2008
The Active Directory schema has been upgraded to version 31 (Windows Server 2003 R2) to support Print Management Console and posixAccount
Updated: February 4, 2008
Windows Server 2008 has released to manufacturing. Final development for upgrade for Stanford Windows Infrastructure has commenced.
Updated: January 18, 2007
Bi-directional trust between the Stanford Windows Infrastructure and the stanford.edu Kerberos 5 realm has been established. Any authentication issues experienced are most likely due to missing servicePrincipalName values. These are most often found when the DNS suffix for a computer is not entered correctly in the computer name properties ("stanford.edu") or MS SQL server is being run under an alternate account (that account needs MSSQLSvc SPNs applied)
Updated: November 30, 2006
Microsoft Windows Vista Business and Enterprise Editions are now available through CWA. The guidance for adding a computer to the domain has been updated to reflect instructions for adding a Windows Vista machine to the infrastructure. LINK. Vista Home and Home Premium Editions cannot join the Stanford Windows Infrastructure.
Windows News
Product life cycles announced by Microsoft. Windows XP to be supported mainstream for 2 years after release of next OS version. Extended support for 5 years after mainstream support ends.
| Product | Support end date |
|---|---|
| Windows 2000 Professional and Server (Extended Support) | June 30, 2010 |
| Windows XP Home (Mainstream Support) | ~January 30, 2009 |
| Windows XP Professional (Mainstream Support) | ~January 30, 2009 |
Microsoft Security Bulletins RSS Feed
Copyright Microsoft Corporation 2005
Updated: Tue, 10 Nov 2009 08:00:00 GMT
MS09-068 - Important: Vulnerability in Microsoft Office Word Could Allow Remote Code Execution (976307)
Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability that could allow remote code execution if a user opens a specially crafted Word file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Updated: Tue, 10 Nov 2009 08:00:00 GMT
MS09-067 - Important: Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (972652)
Bulletin Severity Rating:Important - This security update resolves several privately reported vulnerabilities in Microsoft Office Excel. The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Updated: Tue, 10 Nov 2009 08:00:00 GMT
MS09-066 - Important: Vulnerability in Active Directory Could Allow Denial of Service (973309)
Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability in Active Directory directory service, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS). The vulnerability could allow denial of service if stack space was exhausted during execution of certain types of LDAP or LDAPS requests. This vulnerability only affects domain controllers and systems configured to run ADAM or AD LDS.
Updated: Tue, 10 Nov 2009 08:00:00 GMT
MS09-065 - Critical: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (969947)
Bulletin Severity Rating:Critical - This security update resolves several privately reported vulnerabilities in the Windows kernel. The most severe of the vulnerabilities could allow remote code execution if a user viewed content rendered in a specially crafted Embedded OpenType (EOT) font. In a Web-based attack scenario, an attacker would have to host a Web site that contains specially crafted embedded fonts that are used to attempt to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content could contain specially crafted content that could exploit this vulnerability. An attacker would have no way to force users to visit a specially crafted Web site. Instead, an attacker would have to convince the user to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes the user to the attacker's site.
Updated: Tue, 10 Nov 2009 08:00:00 GMT
MS09-064 - Critical: Vulnerability in License Logging Server Could Allow Remote Code Execution (974783)
Bulletin Severity Rating:Critical - This security update resolves a privately reported vulnerability in Microsoft Windows 2000. The vulnerability could allow remote code execution if an attacker sent a specially crafted network message to a computer running the License Logging Server. An attacker who successfully exploited this vulnerability could take complete control of the system. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter.
Updated: Tue, 10 Nov 2009 08:00:00 GMT
MS09-063 - Critical: Vulnerability in Web Services on Devices API Could Allow Remote Code Execution (973565)
Bulletin Severity Rating:Critical - This security update resolves a privately reported vulnerability in the Web Services on Devices Application Programming Interface (WSDAPI) on the Windows operating system. The vulnerability could allow remote code execution if an affected Windows system receives a specially crafted packet. Only attackers on the local subnet would be able to exploit this vulnerability. This security update is rated Critical for all supported editions of Windows Vista and Windows Server 2008. For more information, see the subsection, Affected and Non-Affected Software, in this section.
Links
Windows Infrastructure in Hi-ed:
- MIT's win.mit.edu Project
- CMU's Project Orpheus
- Univ. of Colorado--Boulder Project
- University of Illinois at Urbana-Champaign AD project
- University of California at Davis W2K project
- University of Leicester in England W2K project
- Oxford University in England W2K project
- Windows 2000 project at the University of Houston
Microsoft:
- Windows Update/Microsoft Update
- Windows Catalog Search by OS
- Microsoft's "NT Resources" Page
- Microsoft's Tested Products List
- Developing using the "Principle of Least Privilege"
- Windows Vista:
- Windows Server 2003:
- Windows XP:
- Windows 2000 Server:
Stanford Links:
Windows Information around the net:
- Windows Tips, Registry Hacks, and More
- Windows NT Security FAQ
- John Savill's FAQ for Windows
- Windows IT Pro
Last modified Tuesday, 08-Jul-2008
