Wednesday, December 23, 2009

Microsoft delivers massive Patch Tuesday, fixes 34 flaws

Microsoft today delivered a record 13 security updates that patched 34 vulnerabilities in every version of Windows, including the not-yet-for-sale Windows 7, as well as in Internet Explorer (IE), Office, SQL Server and other parts of its software portfolio.
The 34 flaws were also a record number for Microsoft, the most holes patched in one sitting since Microsoft switched to a regular monthly update schedule six years ago. The closest competitor was December 2008, when the company quashed 28 bugs.
"To anyone following Apple, this isn't a big surprise," said Andrew Storms, director of security operations at nCircle Network Security, referring to Microsoft's operating system rival, which typically issues security updates that include scores of fixes. "But this is certainly an unprecedented month for Microsoft."
Microsoft ranked 8 of the 13 updates and 21 of the 34 vulnerabilities as "critical," the top rating in its four-step scoring system. The remainder of the bulletins were judged "important," the next threat level down, while nine of the flaws were also pegged important, and the final 4 were tagged as "moderate."
Among today's patches were several for zero-day vulnerabilities -- bugs for which exploit code had already gone public. One of the zero-day vulnerabilities was undisclosed until today.
Microsoft patched three vulnerabilities in SMB (Server Message Block) 2, a Microsoft-made network file- and print-sharing protocol that ships with Windows; two bugs in the FTP server that's included with older editions of its Internet Information Services (IIS) Web server; and two in the Windows Media Runtime. The flaws in SMB 2 and IIS had been public knowledge since early September, but the Windows Media vulnerabilities included one that Microsoft said was already in the wild, but had not leaked to the usual public sources, such as security mailing lists.
For that reason, Storms urged everyone to deploy the MS09-051 update, which patches the Windows Media bugs, as soon as possible. "At first glance, [MS09-]051 should be patched immediately," he said. "What's interesting today is that we're learning it's in the wild. More important, it can be exploited in drive-by attack situations, just be getting people to go to a [malicious] Web site."
Early last month, Microsoft revealed the SMB 2 vulnerability, but although attack code went public, security researchers have not seen any actual attacks. The flaw affects Windows Vista, Windows Server 2008 and preview releases of Windows 7, but not the final edition slated for retail release next week.
The FTP flaw, on the other hand, was disclosed by Microsoft Sept. 1, when the company confirmed that its security team was investigating attack code that hit the street on the last day of August.
Microsoft also fixed a slew of flaws today that go back to a programming error in one of its code "libraries," Active Template Library (ATL). The company had acknowledged the error last summer. Today's patches quashed three ATL-related bugs in Office and set "kill bits" to disable four or more Microsoft-made ActiveX controls for Windows Live Mail, the MSN Photo upload tool, and various Office document viewers used by Internet Explorer (IE) to display spreadsheets, charts and databases on the Web.
"And we have the token IE patches today, too," noted Storms, talking about MS09-054, which plugs four holes, all critical, in Microsoft's browser. Included in the four, said Storms, was one apparently accidently disclosed at the Black Hat security conference several months ago.
As part of today's record update, Microsoft also patched eight vulnerabilities in GDI+, (Graphics Device Interface), a component that debuted in Windows XP and is a core part of Windows Vista and Windows 7, as well as the server-side operating systems, Windows Server 2003 and Windows Server 2008.
Hackers could exploit the GDI+ bugs by sending specially-crafted image files in a variety of formats -- including BMP, PNG, TIFF and WMF -- to a user via e-mail, or by convincing users to visit sites that contain malicious image files. By triggering the vulnerabilities, attackers could then follow up with additional malware to hijack a system or steal data.
Storms, however, discounted exploits of the GDI+ vulnerabilities. The audio codec bugs [in MS09-051] will be so much easier to exploit," he reasoned.
"I would put the two items in the public domain, MS09-050 [the SMB 2 flaws] and MS09-053 [the FTP bug in IIS] at the top of the list," said Storms. "And then MS09-051 and the IE updates, the latter because those kind of client-side bugs get a lot of attention from attackers."
This month's security updates can be downloaded and installed via the Microsoft Update and Windows Update services, as well as through Windows Server Update Services.
Via Computerworld

Monday, December 14, 2009

15 Task Manager tips for a faster PC Fix poor performance and crashes in Windows 7 and Vista


At first glance Task Manager looks like nothing more than a geeky way to tell you what you already know, the names of the programs running on your PC.
Explore out favourite Task Manager tricks, though, and you'll find all kinds of options for monitoring your system, detecting and resolving problems, especially in its most modern Windows Vista/Windows 7 incarnation. Here's what you need to know.
1. Browse your processes
Press Ctrl+Shift+Esc to launch Task Manager. By default the first thing you'll see is the Applications tab, but this is misleadingly named and of little much use as it just lists top-level windows. If you want to see what's actually running on your PC then click the Processes tab, click "Show processes from all users", and scroll down the list. If you don't know what a process is then right-click it and select Properties to get more information, such as the folder where it's stored, which will usually offer additional clues.
2. Troubleshoot startup problems
Windows Media Player is known to crash from time to time (you may have noticed this). Occasionally it'll crash without having any visible window, though, so you won't see there's a problem. Then, when you come to restart the program, nothing will happen because it's blocked by the crashed copy in RAM.
If you find Windows Media Player won't launch, then, fire up Task Manager, click the Processes tab and look for a WMPlayer.exe process. If you find one, and there's no window, then it's probably crashed. Right-click it in Task Manager, select End Process, and once it's shut down you should be able to start Media Player as normal.
Much the same problem can happen with other applications, so if something won't start, or is just misbehaving, then it's always a good idea to look for previous instances of the program. Don't use the "End Process" on anything unless you're 110% sure that it's safe to do so, though - terminating something system-critical can lock up or crash your PC immediately.
3. View memory use
It's often interesting to see which programs are using all your RAM. To find out, click the Processes tab, then click View > Select Columns, and ensure Memory - Working Set and Memory - Private Working Set are checked. You'll now see two estimates for your processes use of RAM.
The first, "Memory - Working Set" shows you how much physical memory is currently being taken up by each process. Some of this RAM may be shared by other processes, though (shared DLLS, for instance) so this figure tends to overestimate memory use.
The second, "Memory - Private Working Set" shows you how much physical memory this process alone is using (that is, it can't shared with anyone else). It will almost certainly consume additional RAM, though, so this figure tends to underestimate memory use. It's a little more reliable than the Working Set alone, but really you need to see both.
Now click the "Memory (Private Working Set)" column header so the largest figures are at the top. You'll immediately get a good feel for where your RAM is going, and which programs (if any) you need to close or tweak to get some of it back.


RAM HOGS: Find out which programs are hogging your RAM in seconds
4. Identify RAM-hogging services
Your list of processes should contain many called svchost.exe (if not, then you've not clicked "Show processes from all users"). This is the service host, a process that's used to run several Windows services. But what if this turns out to be grabbing large amounts of RAM? Which services might be to blame?
To find out more, right-click a particular svchost.exe and select Go To Services. Task Manager will open the Services tab and all the services managed by this particular instance of svchost.exe will be highlighted. Task Manager has no way to tell you how much each RAM each of the services are consuming individually, unfortunately, but this does at least greatly reduce your options. (And a hint: in most Windows Vista installations, ReadyBoost is by far the greatest resource-hogging service.)
5. Diagnose disk thrashing
Ever wondered exactly why your hard drive's been thrashing for ages, even though there's no-one at the PC? Click the Task Manager Processes tab, then click View > Select Columns, and check I/O Read Bytes and I/O Write Bytes. Click OK.
The new columns will show you the total amount of data read or written by a process, which applies to network activity as well as your hard drive. The busiest processes will have the largest figures, and if a process is active now then its totals will tick up as you watch.
6. Spot resource leaks
Sometimes processes grab more and more Windows resources, without ever quite getting around to releasing them. 32-bit Windows in particular has only a limited supply, and if this goes on for too long then your PC will become unreliable, then eventually lock up or crash.
Task Manager can help you spot a resource leak, though. Click the Processes tab, then click View > Select Columns, check Handles, User Objects and GDI Objects, and click OK. Now check these occasionally, along with the memory figures we mentioned earlier. Some of these may rise dramatically, on occasions - an antivirus tool will use many more handles when scanning, for instance, as they're used when accessing files - but if a particular resource figure is high, keeps rising, and never falls back to its starting point, then you may have a problem.
7. Stop a runaway process
If a particular process has gone rogue, using all your CPU time and reducing everything else to a crawl, then Task Manager may be able to help.
First, press Ctrl+Shift+Esc and wait for Task Manager to appear. If your runaway process is completely tying up the CPU then this can take a while, but if you don't want to reboot (you've an application with unsaved data, say) then be patient. We'd give it at least 10 or 15 minutes.
When Task Manager appears, look for the process consuming all your CPU time (click Processes, then click View > Select Columns and check CPU if that column isn't displayed). If you want to kill the process completely, then you could right-click it, select End Process and it'll die (most of the time).
This doesn't always work out as you expect, though. If the process is system-critical, maybe a Windows component, then terminating it may crash your system immediately (and it always introduces a risk of system instability). If you've data you need to save elsewhere then it may be better to try and slow down the rogue process, reduce its grab on your resources, so you can use other programs again and close everything down properly. Fortunately Task Manager can help here, too.
Right-click your CPU-hogging process, select Set Priority > Low, and Windows should immediately give more CPU time to just about everything else on your PC. The program will still be running, it just shouldn't interfere with other apps to the same degree, and they should be accessible again.
If there are still problems, right-click the process and select Set Affinity. This option lets you decide which CPU cores a process can use. If you clear one of these then that core will become available to other applications, which should significantly improve their performance.
8. Understand CPU utilisation
Occasionally your PC will seem slow, as though something is using all your CPU time, but the regular CPU column won't display an obvious candidate. So what's going on?
Launch Task Manager, and click the Performance tab to see a graph of your CPU Usage History: it's pretty, but there's more to it than that. Click View and select Show Kernel Times (so it's checked). What you'll now see is two graph lines: one green, representing total CPU utilisation, and one red, representing the time consumed by the kernel.
When the green peaks are high, red peaks low then the culprit is a user mode process, probably just a regular application. But if the red peaks are consistently high then that shows your CPU time is being grabbed by something in the kernel, probably a driver, but perhaps also a Windows component, maybe even some deeply embedded malware.

FIND THE CULPRIT: Is a buggy driver grabbing too much CPU time? The Performance graph can offer useful clues
9. Create a dump file
If a program has locked up then you may able to use the Windows Debugging Tools to find out why.
Launch Task Manager first, click the Processes tab, right-click the hung process and select Create Dump File. When the process file has been written then Task Manager will give you its name and location.
Then launch the debugger WinDbg, and click File > Open Crash Dump File. Entering the analyze -hang command may tell you more about why a program has locked up, and if not then you can always use other debugger commands to tell you more about the process, its use of RAM, and so on (see the debugger documentation for details).
10. Control your services
If you need to stop or start a Windows service then you could launch the Services applet (services.msc). But why bother? In Windows Vista or 7 it's much quicker to do it from Task Manager. Just click the Services tab, right-click the service you need, and choose the Start or Stop option.
Be careful, though - stopping a critical Windows service can result in your PC locking up immediately (and tinkering with some third-party services is almost as serious). Don't try this unless you know exactly what you're doing.
11. Restart Explorer
Have the taskbar and desktop disappeared for no apparent reason? Explorer has probably crashed: press Ctrl+Shift+Esc and press the Processes tab to check for yourself. If Explorer.exe isn't listed then click File > New Task, type Explorer.exe and click OK to restart it.
Or, if Explorer won't start, your system is generally trashed and you'd like to reboot gracefully, then enter the command shutdown -r and your system should restart.
12. Discover system information
Launching Task Manager and clicking the Performance tab will reveal the total amount of RAM installed in your PC (check the Total in the Physical Memory box).
And the Up Time figure in the System Box tells you how long it's been since you last restarted Windows. The longer this is, the more likely that resource leaks or other issues will begin to cause problems. If your PC's been running for several days, and you're noticing odd behaviour, then consider rebooting - it just might help.
13. Monitor network utilisation
Click the Task Manager Networking tab and you'll see a graph that tracks your current network use over time. This can be useful if you've a network-hogging process that fires on a regular basis, for instance, as you should see a spike on the chart.
Click Options > Tab Always Active if you want Task Manager to keep collecting network usage data, even when the tab isn't displayed. Click View > Update Speed > Low to reduce the sampling time, which allows you to squeeze more minutes of activity onto a single screen. And click View > Network Adapter History to choose exactly what you'd like to graph: the bytes sent, received, or their total.
14. Talk to network users
If you're working on a networked PC then you may want to warn anyone browsing your system that you're about to reboot, close a process or do something else potentially dodgy. Click the Users tab to see who else is connected to your PC right now. By default you'll only see their user name - click Options > Show Full Account Name to see their network PC name, too. Then right-click a user and select Send Message to issue a warning, or Disconnect to kick them off immediately.
15. Use something better
Learning the Task Manager basics is important, as they'll let you diagnose problems on just about any PC. But the tool can only take you so far, and for really in-depth information and control over your applications you'll want to use something better. Process Explorer is the best known alternative and an excellent tool, but Process Hacker is also worth a look - if anything, it's even more powerful.

PRO TOOL: Process Hacker provides great control over everything running on your PC
Via:Techradar

Tuesday, December 8, 2009

Supplies Of Windows 7 Family Pack Start Running Short


When Microsoft earlier confirmed the Windows 7 Family Pack pricing, it made the comment that the Family Pack would be available "while supplies last." In the U.S, at least, those supplies are running out fast.

The Windows 7 Family Pack is a 3-PC installation package of Windows 7 Home Premium. As confirmed by WindowsITPro, the $149 three-pack is already sold out in many place. For example, look at Amazon.com and you'll see only third-party resellers are selling it, and those have pricing $100 more more above the $149 MSRP (it's called supply-and-demand).

Even with those prices, the three-pack pricing is slightly below buying three of the Windows 7 Home Premium Update packages (at $119.99 MSRP).

Despite popular demand and competition, Microsoft has never had a family pack option that's been more than a promotion, as here. Meanwhile, Apple has consistently offered a family pack for Mac OS Xsince 2002. That version covers a more generous five computers.

Via:
WindowsITPro