Tag: Vulnerability

Update Rollup 4 for Exchange Server 2010 SP2

Update Rollup 4 for Exchange Server 2010 SP2 resolves the issues that are described in the following Microsoft Knowledge Base (KB) articles:

2536846 Email messages sent to a mail-enabled public folder may be queued in a delivery queue on the Hub Transport server in an Exchange Server 2010 environment

2632409 Sent item is copied to the Sent Items folder of the wrong mailbox in an Exchange Server 2010 environment when a user is granted the Send As permission

2637915 "550 5.7.1" NDR when an email message is sent between tenant organizations in a multi-tenant Exchange Server 2010 environment

2677727 MRM cannot process retention policies on a cloud-based archive mailbox if the primary mailbox is in an on-premises Exchange Server 2010 organization

2685001 Retention policies do not work for the Calendar and Tasks folders in an Exchange Server 2010 SP1 environment

2686540 Journal report is not delivered to a journaling mailbox in an Exchange Server 2010 environment

2689025 Performance issues when you use the light version of Outlook Web App in an Exchange Server 2010 environment

2698571 Some email messages are not delivered when you set the MessageRateLimit parameter in a throttling policy in an Exchange Server 2010 environment

2698899 Add-ADPermission cmdlet together with a DomainController parameter fails in an Exchange Server 2010 environment

2700172 Recipient’s email address is resolved incorrectly to a contact’s email address in an Exchange Server 2010 environment

2701162 User A that is granted the Full Access permission to User B’s mailbox cannot see detailed free/busy information for User B in an Exchange Server 2010 environment

2701624 ItemSubject field is empty when you run the Search-MailboxAuditLog cmdlet together with the ShowDetails parameter in an Exchange Server 2010 environment

2702963 The "Open Message In Conflict" button is not available in the conflict notification message in Exchange Server 2010

2707242 The Exchange Information Store service stops responding on an Exchange Server 2010 server

2709014 EdgeTransport.exe process crashes intermittently on an Exchange Server 2010 server

2709935 EdgeTransport.exe process repeatedly crashes on an Exchange Server 2010 server

2713339 Multi-Mailbox Search feature returns incorrect results when you perform a complex discovery search in an Exchange Server 2010 environment

2713371 Throttling policy throttles all EWS applications in Exchange Server 2010

2719894 The Microsoft Exchange RPC Client Access service consumes 100 percent of CPU resources and stops responding on an Exchange Server 2010 Client Access server

2723383 Incorrect time zone in a notification when the Resource Booking Attendant declines a meeting request from a user in a different time zone in an Exchange Server 2010 environment

2724188 A subject that contains colons is truncated in a mixed Exchange Server 2003 and Exchange Server 2010 environment

726897 Event 14035 or Event 1006 is logged when Admin sessions are exhausted in an Exchange Server 2010 environment

Update Rollup 4 for Exchange Server 2010 SP2 also resolves the issue that is described in Microsoft Security Bulletin MS12-058.
For more information about Security Bulletin MS12-058, click the following article number to view the article in the Microsoft Knowledge Base:

2740358 MS12-058: Vulnerability in Microsoft Exchange Server WebReady document viewing could allow remote code execution: August 14, 2012

Download

Hyper-V Updates for Windows 2008 R2

Knowledge Base Article

Name

Date

Required?

KB974598

“You receive a "Stop 0x0000007E" error on the first restart after you enable Hyper-V on a Windows Server 2008 R2-based computer”

10/1/2009

Yes, if you encounter this error and your server uses a “C-state” (lower power state) that is supported by the processor, but is not supported by Hyper-V.

KB974909

“The network connection of a running Hyper-V virtual machine is lost under heavy outgoing network traffic on a Windows Server 2008 R2-based computer”

10/21/2009

No.

KB975354

“A Hyper-V update rollup package is available for a computer that is running Windows Server 2008 R2”

11/10/2009

Yes, if you are running a backup or restore solution.

KB975530

“Stop error message on an Intel Xeon 5500 series processor-based computer that is running Windows Server 2008 R2 and that has the Hyper-V role installed: "0x00000101 – CLOCK_WATCHDOG_TIMEOUT"

11/20/2009

Yes, if you are running Hyper-V on the affected hardware.

KB974672

“Virtual machines stop responding (hang) during startup and the Vmms.exe process crashes on a Windows Server 2008 R2 computer that has the Hyper-V role installed“

10/14/2009

No.

KB977894

“MS10-010: Vulnerability in Windows Server 2008 Hyper-V could allow denial of service”

2/9/2010

Yes.

KB980856

“Stop error in Windows Server 2008 R2: "0x000000CA PNP_DETECTED_FATAL_ERROR"”

3/12/2010

Yes, if you store VHDs on non-PNP disks.

KB981618

“The computer stops responding or restarts during the Hyper-V Live Migration process in Windows Server 2008 R2” (relates to AMD Errata 383)

3/27/2010

Yes, if you are running Hyper-V on AMD processors.

KB 981836

“Network connectivity for a Windows Server 2003-based Hyper-V virtual machine is lost temporarily in Windows Server 2008 R2”

4/28/2010

Yes, if the server running Hyper-V has a virtual machine that is running Windows Server 2003.

KB981791

“"STOP: 0x0000001a" error message on a computer that has an Intel Westmere processor together with the Hyper-V role installed on Windows Server 2008 or on Windows Server 2008 R2”

5/5/2010

Yes, if you are running Hyper-V on Intel Westmere processors.

Source: http://technet.microsoft.com/en-us/library/ff394763(WS.10).aspx

VMware Server 2.0.1

VMware heeft buildnummer 156745 van zijn virtualisatie software Server 2.0.1 uitgebracht. Dit pakket doet zijn werk onder Linux en Windows en is in staat om via een virtuele machine diverse besturingssystemen op de hostcomputer te laten draaien. Voor de gast computer kan je gebruikmaken van verschillende BSD-varianten, diverse Linux-distributies, Solaris en Windows. Voor meer informatie verwijzen we jullie door naar deze pagina en deze handleiding in pdf-formaat. De lijst met veranderingen voor versie 2.0.1 ziet er als volgt uit:

What’s New
Server 2.0.1 is a maintenance release that resolves security as well as some known issues. With this release of VMware Server, certain new features and support have been added.
Support for New Guest Operating Systems
VMware provides support for the following operating systems for Server 2.0.1:

  • Asianux Server 3.0 Service Pack 1
  • CentoOS 4.7
  • CentOS 5.2
  • Windows Essential Business Server (EBS) and Small Business Server (SBS) 2008
  • Windows Small Business Server 2003 Service Pack 2
  • Windows XP Service Pack 3
  • Windows Vista Service Pack 1

Security Fixes:

  • VMnc codec heap overflow vulnerabilities
    The VMnc codec assists in record and replay of sessions which are records of the dynamic virtual machine state over a period of time. Two heap overflow vulnerabilities might allow a remote attacker to execute arbitrary code on VMware hosted products. For an attack to be successful, the user must visit a malicious Web page or open a malicious video file. The Common Vulnerabilities and Exposures project has assigned the names CVE-2009-0909 and CVE-2009-0910 to these issues.
  • A VMCI privilege escalation on Windows-based hosts or Windows-based guests
    The Virtual Machine Communication Interface (VMCI) provides fast and efficient communication between two or more virtual machines on the same host and between a virtual machine and the host operating system. A vulnerability in vmci.sys might allow privilege escalation on Windows-based machines. This might occur on Windows-based hosts or inside Windows-based guest operating systems. Current versions of ESX Server do not support the VMCI interface and hence they are not affected by this vulnerability. The Common Vulnerabilities and Exposures project has assigned the name CVE-2009-1147 to this issue.
  • A remote denial-of-service vulnerability in authd for Windows-based hosts
    A vulnerability in vmware-authd.exe might cause a denial-of-service condition on Windows hosts. The Common Vulnerabilities and Exposures project has assigned the name CVE-2009-0177 to this issue.
  • Updated vm-support script
    This release improves data collection when the vm-support script is run by the Server administrator on request of VMware support or its support partners. The file that contains the SSL keys for communication between Server and vCenter and other applications is no longer collected. For more details, see the KB article Data Security Best Practices – SSL keys for communicating with VirtualCenter and other applications (KB 1008166).
  • Windows-based host privilege escalation in hcmon.sys
    A vulnerability in an I/O Control (ioctl) function in hcmon.sys might be used to escalate privileges on a Windows-based host. The Common Vulnerabilities and Exposures project has assigned the name CVE-2009-1146 to this issue. New releases of hosted products address a denial-of-service problem described in CVE-2008-3761, which can only be exploited by a privileged Windows account.
  • Denial-of -service vulnerability in a virtual device
    A vulnerability in a guest virtual device driver might allow a guest operating system to cause the host and consequently any virtual machine on that host to fail. The Common Vulnerabilities and Exposures project has assigned the name CVE-2008-4916 to this issue.

Miscellaneous Fixes:

  • Mount installer option mounts current CD-ROM image instead of VMware Tools installer image
    If a CD-ROM image is mounted to a virtual machine with VMware Tools installed, the Mount installer option in the Web UI incorrectly mounts the CD-ROM image instead of the VMware Tools image. The issue is resolved in this release.
  • Unable to install the latest version of VIX API on Server 2.0.x
    You cannot install VMware VIX API 1.6.2 of due to an issue with the MSI installer for VIX API. This issue is resolved in this release.
  • The default VI Web Access HTTP connection port is 8222 and the default HTTPS port is 8333. If you use these defaults, or any values other than 80 (HTTP) and 443 (HTTPS), you must specify the port number when you connect to VMware Server using VI Web Access. You must also allow connection to these ports through your firewall. An example URL to connect to VI Web Access is http://server_host:8222 If you want to use ports 80 (HTTP) and 443 (HTTPS), override the default values during installation. Note: If you are running IIS or Apache web server on the default ports, specify alternate HTTP and HTTP ports when prompted by the Windows installer or vmware-config.pl. Alternatively, stop IIS’s default Web site or any other Web site running on these ports. On Linux, shut down Apache or any other application using these ports and make sure they are not configured to restart automatically. This issue is resolved in this release.
Translate »