Wednesday 12 August 2015

Microsoft Fixes four critical bugs and releases first Edge Browser Patch


Microsoft has now included most of their system management applications in the Windows update process and as a result we are now seeing consistently large updates of more than ten patches each month, compared to a historic average of around seven. I think that we can now expect between 10-15 updates every month now covering, both desktop and server platforms, Office and all of the Microsoft system management applications and platforms.

This August 2015 Patch Tuesday Microsoft has released four critical updates and ten important updates that cover Internet Explorer, Office and key Windows desktop and server systems including updates to the .NET framework. In addition, we see the first security update to Microsoft’s new browser Edge in what must surely be a disappointing  acknowledgment that Microsoft’s most recent, most secure web-browser needed a major security patch on its first Patch Tuesday. 

As usual, there are a few updates that you will need to watch out for. Hint: they are almost always rated as important, and hidden the middle of the release "pack".

You can read more here: Greg Lambert's August ComputerWorld Patch Tuesday Posting.


Monday 15 June 2015

ComputerWorld Patch Tuesday Posting for June 2015

After last May’s mammoth Patch Tuesday update (17 updates) we see a much smaller security release for June. With eight security related patches, two are rated as critical and the remaining six as important by Microsoft. Internet Explorer has another full update and it looks like we have an update to two key system files that historically have caused a number of compatibility issues and system crashes. The first key file updated this month is the very familiar common control library (COMCTL32.DLL) that was the source of many file conflict issues in the past. The second low-level system file scheduled for an update is the Win32K.DLL system library. Both files and their corresponding Microsoft patches, will require extensive testing before full deployment.


You can find out more at the Computer World site found here


In addition, if you would like to see for yourself the potential impact of these Patch Tuesday updates on  your application portfolio, please sign up for our Qompat Spine application, which incorporates Update Impact Assessments among many other invaluable features.

Tuesday 19 May 2015

Critical Updates to Office and IE

With this May Microsoft Update Tuesday, we see Microsoft delivering 13 security bulletins with three rated as critical and the remaining ten rated as important by Microsoft.

This May release from Microsoft see an update to Office (and its web components), Internet Explorer and some low level system components. Include the Internet Explorer and Office updates as part of your standard testing and deployment plan, however I would suggest waiting a little while before deploying MS15-044 as it updates two key system files; GDIPLUS.DLL and Win32K.sys.

I was hoping for a little respite from the ongoing onslaught of large patches from Microsoft, but with 13 patches to deploy this month, there is no let up in the continuing drum-beat of security patches and application updates.

Here is our monthly overview info-graphic on this month's Microsoft Patch Tuesday.



To find out more about this month’s updates and the potential impact on your application portfolio, head over to Qompat Spine

Or, you can have a read of my monthly posting at Computerworld found here

Monday 27 April 2015

IE11 rages into the night

We are seeing another major 'end of life' (EOL) scenario for a primary Windows component. This time it's Internet Explorer and it's not for the usual "gosh, it's over 10 years old" reason. Take the latest Windows operating system (hint: Windows 8.1 Update) and the latest production version of IE (this time IE 11) and look to January 16, 2016 and what do you get?

EOL! 

"What, but Windows 8.x and IE11 are only a few years old?" 

I thought that we had at least another five years of support and then maintenance after that. You could be forgiven for thinking this way as Microsoft has traditionally followed a multi-year release, production, and support model.  However, things are changing. Following on from Microsoft's IE support statement page found here, we will find that; 
"Beginning January 12, 2016, only the most current version of Internet Explorer available for a supported operating system will receive technical support and security updates"
Microsoft generally allows for five year's Mainstream and then five year's Extended Support. So even though IE11 is a relatively young browser, you will need a plan to move this browser by next Christmas. Microsoft is helping though with two key technologies; Enterprise Mode and Site Discovery

Microsoft describes Enterprise Mode as;
"A compatibility mode that runs on Internet Explorer 11 on Windows 8.1 Update and Windows 7 devices, lets websites render using a modified browser configuration that’s designed to emulate Internet Explorer 8, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer."
The Microsoft Site Discovery toolkit includes a collection of free tools to facilitate the identification and metrics of internal site usage for enterprise customers.

And just last week, Microsoft has made a number of improvements to both technologies which can be found here. The updated Enterprise Mode now supports IE7 where;
"If you put a site in IE7 Enterprise Mode, it will automatically use Enterprise Mode with IE7 document mode if there’s a DOCTYPE in the markup, or fall back to IE5 document mode if there isn’t a DOCTYPE." 
In addition, Microsoft has renamed the original Enterprise Mode for IE to 'IE8 Enterprise Mode', to differentiate the new features. The new Site Discovery update for March found here allows for improved privacy and security settings. Microsoft has also updated several Group Policies for improved management as illustrated by the following diagram;

This reduced lifecycle is not due to something wrong with IE, rather it's part of the new update and maintenance strategy for Microsoft. I think that we will see IE12 or 'Spartan' follow the same fate as Windows 10. Microsoft will continue to deliver 'Features as a Service' (FaaS) with major version numbers fading into the background. IE12 and Windows 10 may be the last 'version' that Microsoft ever delivers. 


Monday 20 April 2015

MS15-034 - Patch now to resolve critical HTTP vulnerability

This month's Patch Tuesday posting included eleven updates with four rated as critical and the remaining seven as important by Microsoft. Each month, I am now posting my views on Microsoft's Patch Tuesday on the on-line ComputerWorld blog found here. The latest update titled, "Microsoft releases 11 critical updates and fixes critical HTTP flaw" provides a brief overview of each update and some recommended actions.

This month, the Microsoft update MS15-034 attempted to resolve a critical security vulnerability in Microsoft IIS web server. Though the updated only affected a single file, we are now seeing active exploits of this security vulnerability at Internet-wide scales.  The Internet Storm Centre has reported active attacks on their honey-pots, with the following comment on their related newsgroup page;

"Update: We are seeing active exploits hitting our honeypots from 78.186.123.180. We will be going to Infocon Yellow as these scans use the DoS version, not the "detection" version of the exploit. The scans appear to be "Internet wide"."

The ISC have also provided a quick test to see if you are vulnerable to this HTTP vulnerability that includes;


GET / HTTP/1.1
Host: MS15034
Range: bytes=0-18446744073709551615

If the server responds with "Requested Header Range Not Satisfiable", then you may be vulnerable.

I would recommend running this quick test, and then updating your servers as a priority with the Microsoft update MS15-034.

Thursday 9 April 2015

A revolutionary new way to resolve your app compatibility issues

How much time, money, and energy does it cost your company to resolve all the issues pertaining to compatibility, virtualisation suitability, and corporate standards? Wouldn't life be so much simpler if you could automate this process in a fraction of the time? And from wherever you are, even if you're not in the office? Even on a mobile device? And if your tech team were freed up from these annoying laborious issues, think about all the more constructive tasks they could be getting on with to improve your company's performance. 

Well here at Qompat we have been developing an app that does all these things and more. Qompat Spine is a unique, cross-platform, cloud based app that assesses, remediates, and converts your applications in minutes. 

Once you have signed up, you create a Project according to your individual requirements:


















Then you simply drag and drop your apps onto the uploader:


















You will then see an executive summary that gives an overview of your app statuses:


















You may drill down further to inspect issues within these apps, and our filtering system allows you to autoselect or manually select whichever issues you want to fix:


















Reports are generated for you to view, export, and print:


















Notifications will give you a progress update, and alert you when your files are ready to download:


















If you would be interested in trying it out for yourself, feel free to email us, or visit our website for more information. 

Wednesday 1 April 2015

To be IE, or not to be IE

Microsoft has released more information on their new web browser, currently code-named Spartan. You can read more about Spartan on the newly minted wikipedia page here

The new browser will be completely different from Microsoft IE, with a different rendering engine and a different code-base. 

The IE team provided a few different reasons for these changes:

  • Project Spartan was built for the next generation of the Web, taking the unique opportunity provided by Windows 10 to build a browser with a modern architecture and service model for Windows as a Service. This clean separation of legacy and new code will enable us to deliver on that promise. Our testing with Project Spartan has shown that it is on track to be highly compatible with the modern Web, which means the legacy engine isn’t needed for compatibility.
  • For Internet Explorer 11 on Windows 10 to be an effective solution for legacy scenarios and enterprise customers, it needs to behave consistently with Internet Explorer 11 on Windows 7 and Windows 8.1. Hosting our new engine in Internet Explorer 11 has compatibility implications that impact this promise and would have made the browser behave differently on Windows 10.
In addition to these changes, I think that there may be some customer confusion about which browser to use, and when. Enterprise customers may still need the legacy compatibility support for their internal enterprise systems while Spartan will be used for the "rest of the web". The web is a messy place, with compatibility issues of its own. I am not sure that a simple distinction of "if it's internal, use IE11 and if not, use Spartan" will work.

That said, Microsoft has updated Windows 10 at its fastest pace ever, and the new browser has been updated as well. Some key elements in the new browser include;

  • Cortana is built-in and ready to assist: Cortana in Project Spartan is a digital personal assistant that helps make Web browsing easier.
  • Inking and sharing so you can capture and communicate your thoughts: Now with new inking capabilities, Project Spartan enables you to write or type directly on the page, comment on what’s interesting or clip what you want – then easily share this “Web Note” via mail, or a social network. 
  • Distraction-free reading with Reading List and Reading View: Project Spartan helps with a new Reading List to collect everything you want to read, including the ability to save any webpage or PDF for convenient access later.
  • A new engine for the modern Web: Project Spartan’s new rendering engine is built around the idea that the Web “just works,” while being fast, more secure, and more reliable. 
However, if you are currently in the UK (like me) you will not be able to see all of these benefits, until worldwide distribution later this year. You can read more about this latest update to the Windows 10 Insider program here

This may all sound interesting from a simple technical perspective. However, if you have been watching my patch updates for a while (years?) and see how often IE is completely refreshed/updated each month, this may not be good news for you. Also, I think we have to ask the question, "Will anyone care?". There are already a number of very good, and fast evolving browsers out there. Microsoft is going to have work pretty hard to woo customers back to a new browser. 

Actually, it's kind of exciting to watch.