Jul 05

Willkommen

SG IT-Dienstleistungen – Stefan Geiger – Gerokstraße 1 – 71332 Waiblingen

Startseite – IT-Beratung – IT-LösungenIT-SupportIT-SicherheitImpressumKontakt


Sie befinden sich auf einem Mobilgerät und sehen hier folgend nur BLOG-Beiträge.

Gehen Sie oben über das Menu auf die entsprechenden Seiten die Sie bei uns interessieren.

 

Permanentlink zu diesem Beitrag: http://geigercom.de/willkommen-bei-sg-it-dienstleistungen/

Jun 08

auch ständig auf der Suche nach dem passenden Kabel ?

Kabelmeister, the Cable Company! – das ist nicht nur ein Spruch !

234x60 Kabelmeister 1
Ich war auf der Suche nach einem hochwertigen 2,5m HDMI Kabel.Aber 2.5 Meter zu bekommen ist fast unmöglich. Kabelmeister hat mir geholfen endlich Schluss mit dem Kabelsalat hinter dem Fernseher zu machen. Im Shop selbst habe ich es nicht gefunden.

Ein Anruf und das Kabel war schon fast auf dem Weg. Die Jungs machen es einfach kurz passend.

Speziallängen, Meterware, was benötigt wird.

 

Mehr von Kabelmeister:

Kabelmeister ist ein Spezialanbieter für Kabel aller Art aus den Bereichen Netzwerk, Computer, Audio/Video und Home Entertainment, spezialisiert auf eine große Auswahl an Längen und Farben und ist seit über 12 Jahren erfolgreich am Markt vertreten.

Das Sortiment wird abgerundet von den entsprechenden Adaptern, wie auch diversem Zubehör und Komponenten für den Computer und das Netzwerk.

 

234x60 Kabelmeister 1

Permanentlink zu diesem Beitrag: http://geigercom.de/auch-staendig-auf-der-suche-nach-dem-passenden-kabel/

Mai 07

MSDN Channel 9

MSDN Channel 9

Permanentlink zu diesem Beitrag: http://geigercom.de/msdn-channel-9/

Mai 06

Windows 8 / Server 2012 R2: Autostart – So legen Sie Programme in den Autostart-Ordner

Nachdem Sie zu Windows 8 gewechselt sind, fehlen Ihnen einige der bekannten Funktionen am ModernUI. Um Features wie zum Beispiel in Windows 8 Autostart-Programme zu verwalten zu reaktivieren, befolgen Sie  einfach unsere hier aufgelistete Anleitung. Sie haben sich mit den meisten Änderungen von Windows 7 oder einer anderen Vorgängerversion auf Windows 8 arrangiert (oder haben es sich mit unseren anderen Windows 8 Ratgebern konfiguriert), es fehlt aber definitiv der Ordner für Autostart-Programme? Wir zeigen Ihnen, wie Sie vorgehen müssen, um die Funktion wiederherzustellen:

 

Autostart in Windows 8  / Server 2012 R2 einrichten

Es gibt mehrere unterschiedliche Wege, in Windows 8 zum Autostart-Ordner zu gelangen. Wir erklären Ihnen die drei gängigsten Methoden.

1. Autostart über den Ausführen-Dialog

Mit dem ModernUI ist das klassische Startmenü in Windows 8 abgelöst worden. Dabei ist aber leider ein übersichtlicher Ordner für Autostart-Programme verloren gegangen. Denn der Ordner ist keineswegs weg, er ist nur, wie vieles bei Windows 8, nicht mehr so leicht zugänglich.

  1. Drücken Sie (Windows)+(R), um in das Ausführen-Menü zu gelangen.
  2. Tippen Sie nun „shell:startup“ ein, woraufhin sich schon der gewünschte Ordner öffnet.
  3. Legen Sie hier alle Verknüpfungen der Programme an, die bei einem Neustart automatisch ausgeführt werden sollen.
  4. Starten Sie den Rechner neu und testen das Ergebnis selbst.

 

2. Der Autostart-Ordner auf der Festplatte

Liegt Ihnen das Hantieren mit Windows 8 Tastaturkürzeln nicht, sondern geht ihr lieber den Weg über den Verzeichnispfad der Festplatte, können Sie ebenfalls so vorgehen. Wie in Windows 7 und Vista auch, befindet sich der Ordner für den Autostart in Windows 8 nach wie vor im Pfad:

Benutzer/(Benutzername)/AppData/Roaming/Microsoft/Windows/Startmenü/Programme/Autostart

Erstellt ihr häufig neue Verknüpfungen für Autostart-Programme, könnt ihr euch auch einen Shortcut legen, um schnell hierher zurückzukehren.

3. Autostart im Windows 8-Explorer anzeigen lassen

Wem der Weg über den Explorer vorgeht und hier noch keine Änderungen vorgenommen hat, wird sich hier wundern. Denn Windows 8 zeigt Systemdateien und –ordner voreingestellt nicht an.

So lassen Sie den Autostart-Ordner wieder im Explorer anzeigen:

  1. Öffnen Sie  den Explorer
  2. Gehen Sie über Ansicht > Optionen > Ordner- und Suchoptionen ändern zu den Ordneroptionen
  3. Wechseln Sie in das Register „Ansicht
  4. Wählen Sie nun unter Versteckte Dateien und Ordner die Option Ausgeblendete Dateien, Ordner und Laufwerke anzeigen
  5. Bestätigen Sie die Warnung von Windows 8 und schließen die Ansicht

 

 

Permanentlink zu diesem Beitrag: http://geigercom.de/windows-8-autostart-so-legen-sie-programme-in-den-autostart-ordner/

Apr 17

Windows Server 2012 R2 Editionsunterschiede

Microsoft Windows Server 2012 ist ein Betriebssystem der Windows Serie und das Nachfolgeprodukt von Windows Server 2008 R2. Es ist die Server-Version von Windows 8 und seit September 2012 erhältlich. Die Weiterentwicklung Windows Server 2012 R2 ist im Oktober 2013 erschienen.

Dieser Artikel zeigt die die Unterschiede zwischen den einzelnen Windows Server 2012 Editionen. Preisinformationen zum Windows Server 2012 R2 können Sie bei uns anfragen.

 

Editionen

Microsoft Windows Server 2012 ist in 4 Editionen erhältlich:

  • Foundation
  • Essentials
  • Standard
  • Datacenter

Die Editionen eignen sich für die folgenden Einsatzgebiete:[1]

Edition Ideal für… High Level Feature-Vergleich Lizenzierungsmodell Memory Limit[2]
Foundation Kostengünstiger Allzweck-Server Grundlegende Server-Funktionalität ohne Virtualisierungsrechte Server (Beschränkung auf 15 Benutzerkonten) 32 GB RAM
Essentials Umgebungen in kleinen Unternehmen Einfache Benutzeroberfläche, voreingestellte Konnektivität zu Cloud-basierten Diensten; keine Virtualisierungsrechte Server (Beschränkung auf 25 Benutzerkonten) 64 GB RAM
Standard Geringfügig oder nicht-virtualisierte Umgebungen Vollständige Windows Server-Funktionalität mit zwei virtuellen Instanzen Prozessor + CAL* 4 TB RAM
Datacenter Stark virtualisierte Private & Hybrid Cloud-Umgebungen Vollständige Windows Server-Funktionalität mit unbegrenzten virtuellen Instanzen Prozessor + CAL* 4 TB RAM
(*) CALs sind erforderlich für jeden Nutzer bzw. für jedes Gerät, das direkt oder indirekt auf einen Server zugreift. Informieren Sie sich zu diesem Thema ausführlich im Bereich Server-Zugriffslizenzen – Client Access License bei Microsoft.

Hardwaremindestanforderungen für Windows Server 2012

Beschreibung Mindestanforderung
Prozessorarchitektur x64
Prozessorgeschwindigkeit 1,4 GHz
Speicher (RAM) 512 MB
Speicherplatz auf der Festplatte 32 GB *
(*) Wenn der Server über mehr als 16 GB RAM verfügt, ist mehr Festplattenspeicherplatz erforderlich.

Editionsunterschiede anhand der physikalischen / virtuellen Instanzen

Windows Server 2012 Instanzen können entweder in einer physischen Betriebssystemumgebung (POSE) oder einer virtuellen Betriebssystemumgebung (VOSE) betrieben werden:[3][4]

Edition Laufende Instanzen in POSE Laufende Instanzen in VOSE
Foundation 1 0
Essentials 1** 1**
Standard 1* 2
Datacenter 1 Unbegrenzt
(*) Wenn ein Kunde alle zulässigen virtuellen Instanzen ausführt, kann die physische Instanz nur zur Verwaltung und Pflege der virtuellen Instanzen genutzt werden.
(**) Essentials kann in einer physischen oder virtuellen Betriebssystemumgebung „1 oder 1“ ausgeführt werden.

Editionsunterschiede anhand der Serverrollen

Die Windows Server 2012 Editionen unterscheiden sich in folgenden Server-Rollen:[3][4]

Serverrolle Datacenter/Standard Essentials Foundation
AD Certificate Services X automatisch installiert/konfiguriert (1) limitiert (1)
AD Domain Services X automatisch installiert/konfiguriert (2) X (3)
AD Federation Services X X X
AD Lightweight Directory Services X X X
AD Rights Management Services (4) X (4) X (4) X (4)
Application Server X X X
DHCP Server X X X
DNS Server X automatisch installiert/konfiguriert X
Fax Server X X X
File Services X automatisch installiert/konfiguriert (5) limitiert (5)
Hyper-V X
Network Policy & Access Services X automatisch installiert/konfiguriert limitiert
Print & Document Services X X X
Remote Access X automatisch installiert/konfiguriert (6) limitiert (6)
Remote Desktop Services (7) X (7) – (7)(8) limitiert (7)(9)
UDDI Services X X X
Web Server (IIS) X automatisch installiert/konfiguriert X
Windows Deploy Services X X X
Windows Server Update Services X
(1) Begrenzt auf die Einrichtung von Zertifizierungsstellen – andere Funktionen der Active Directory-Zertifikatdienste (Network Device Enrollment Services, Online Responder Service) sind nicht verfügbar. Mehr Informationen finden Sie in der Beschreibung der ADCS-Rolle in TechNet.
(2) Muss der Stamm einer ADDS-Gesamt- und Domänenstruktur sein und alle Betriebs­ Masterrollen haben.
(3) Falls die ADDS-Rolle installiert ist, muss der Server der Stamm einer ADDS-Gesamt- und Domänenstruktur sein und alle Betriebsmasterrollen haben.
(4) Für den Zugriff wird eine zusätzliche AD RMS CAL benötigt.
(5) Die Datendeduplizierung ist nicht verfügbar.
(6) Beschränkt auf 50 RRAS-Verbindungen und 50 IAS-Verbindungen; DirectAccess und VPN werden unterstützt.
(7) Zum Zugriff ist eine zusätzliche RDS CAL erforderlich (Ausnahme: Verwendung der Remotewebzugriffs-Funktion der Essentials Edition).
(8) Nur der RD-Gateway-Rollendienst ist installiert und konfiguriert, andere Rollendienste der Remotedesktopdienste (einschließlich RD-Sitzungshost) werden nicht unterstützt.
(9) Begrenzt auf 50 Remotedesktopdienste-Verbindungen.

Informationen zur Installation der Serverrollen finden Sie im Artikel Windows Server 2012 Serverrollen und Features installieren.

Editionsunterschiede anhand der Features

Feature Datacenter / Standard Essentials Foundation
BranchCache X X X
Benutzeroberfläche & Infrastruktur (Server Core) X
Server Manager X X X
Windows Power Shell X X X

Einzelnachweise

 

 

Weitere Informationen

  • Windows Server 2012 Products and Edition Comparison (download.microsoft.com)

Permanentlink zu diesem Beitrag: http://geigercom.de/windows-server-2012-r2-editionsunterschiede/

Apr 17

Windows Server 2008 R2 Editionsunterschiede

Editionen

Editionen anhand der Produktbezeichnung

Den Windows Server 2008 R2 gibt es aktuell in 7 Editionen

  • Windows Server 2008 R2 Web
  • Windows Server 2008 R2 Standard
  • Windows Server 2008 R2 Enterprise
  • Windows Server 2008 R2 Datacenter
  • Windows Server 2008 R2 Itanium
  • Windows Server 2008 R2 Foundation
  • Windows Server 2008 R2 HPC

Editionsunterschiede anhand der Server Rollen

Rolle Web Standard Enterprise Datacenter Itanium Foundation HPC
Active Directory Certificate services X 1 X X X 1 X 1
Active Directory Domain Services X X X X X
Active Directory Federation Services X X
Active Directory Lightweight Directory Services X X X X
Active Directory Rights Management Services X X X X
Application Server X X X X X
DHCP Server X X X X X
DNS Server X X X X X X
Fax Server X X X X
File Services X 2 X X x 2 X 2
Hyper-V X X X X
Network Policy and Access Services X 3 X X X 5 X 3
Print and Document Services X X X X
Remote Desktop Services X 4 X X X 6 X 4
Web Services(IIS) X X X X x X X
Windows Deployment Services X X X X X
Windows Server Update Services(WSUS) X X X X X

1 Limited to creating Certificate Authorities – no other ADCS features (NDES, Online Responder Service). See ADCS role documentation on TechNet for more information.

2 Limited to 1 standalone DFS root.

3 Limited to 250 RRAS connections, 50 IAS connections and 2 IAS Server Groups.

4 Limited to 250 Remote Desktop Services Gateway connections.

5 Limited to 50 RRAS connections, 10 IAS connections.

6 Limited to 50 Remote Desktop Services connections.

Editionsunterschiede anhand der Technischen Spezifikationen

Spezifikation Web Standard Enterprise Datacenter Itanium Foundation HPC
Cross-File Replication(DFS-R) X X X
Failover Cluster Nodes(Nodes) 16 16 8
Fault Tolerant Memory Sync X X X
Hot Add Memory X X X
Hot Add Processors X X
Hot Replace Memory X X
Hot replace Processors X X
Network Access Connections(IAS) 50 Unlimited Unlimited 2 10
Network Access Connections(RRAS) 250 Unlimited Unlimited 50 250
Remote Desktop Admin Connections 2 2 2 2 2 2 2
Remote Desktop Services Gateway 250 Unlimited Unlimited 50
Virtual Images Use Rights Guest Host + 1 VM Host + 4 VM Unlimited Unlimited Host + 1 VM
Max RAM 32 GB 32GB 2TB 2TB 2TB 8GB 128GB
Max CPU Sockets 4 4 8 64 64 1 4

Lebenszyklus

Hier bekommt man Informationen zum Lebenszylus bzw. zu den Ablaufdaten des Windows Server 2008 R2:

Man kann selbstverständlich auch nach anderen Microsoft Produkten filtern.

Weitere Informationen

  • http://www.microsoft.com/windowsserver2008/en/us/r2-compare-roles.aspx
  • http://www.microsoft.com/windowsserver2008/en/us/r2-compare-specs.aspx

Quellen

  • http://www.microsoft.com/windowsserver2008/en/us/r2-compare-roles.aspx
  • http://www.microsoft.com/windowsserver2008/en/us/r2-compare-specs.aspx

Permanentlink zu diesem Beitrag: http://geigercom.de/windows-server-2008-r2-editionsunterschiede/

Apr 13

April 2015 Microsoft Security Bulletin Release

What is the purpose of this alert?
This alert is to provide you with an overview of the new security bulletins being released on April 14, 2015. New security bulletins are released monthly to address product vulnerabilities.
New Security Bulletins
Microsoft is releasing the following 11 security bulletins for newly discovered vulnerabilities:
Bulletin ID Bulletin Title Max Severity Rating Vulnerability Impact Restart Requirement Affected Software
MS15-032 Cumulative Security Update for Internet Explorer (3038314) Critical Remote Code Execution Requires restart Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11 on affected Microsoft Windows clients and Windows servers.
MS15-033 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3048019) Critical Remote Code Execution May require restart All supported editions of Microsoft Office 2007, Office 2010, Office 2013, Office 2013 RT, Office for Mac, Word Viewer, Office Compatibility Pack, SharePoint Server 2010, SharePoint Server 2013, Office Web Apps 2010, and Office Web Apps 2013.
MS15-034 Vulnerability in HTTP.sys Could Allow Remote Code Execution (3042553) Critical Remote Code Execution Requires restart All supported editions of Microsoft Windows 7, Windows Server 2008 R2, Windows 8, Windows 8.1, Windows Server 2012, and Windows Server 2012 R2.
MS15-035 Vulnerability in Microsoft Graphics Component Could Allow Remote Code Execution (3046306) Critical Remote Code Execution May require restart All supported editions of Microsoft Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
MS15-036 Vulnerabilities in Microsoft SharePoint Server Could Allow Elevation of Privilege (3052044) Important Elevation of Privilege May require restart All supported editions of Microsoft SharePoint Server 2010, SharePoint Server 2013, and SharePoint Foundation 2013.
MS15-037 Vulnerability in Windows Task Scheduler Could Allow Elevation of Privilege (3046269) Important Elevation of Privilege Does not require restart All supported editions of Microsoft Windows 7 and Windows Server 2008 R2.
MS15-038 Vulnerabilities in Microsoft Windows Could Allow Elevation of Privilege (3049576) Important Elevation of Privilege Requires restart All supported releases of Microsoft Windows.
MS15-039 Vulnerability in XML Core Services Could Allow Security Feature Bypass (3046482) Important Security Feature Bypass May require restart All supported editions of Microsoft Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
MS15-040 Vulnerability in Active Directory Federation Services Could Allow Information Disclosure (3045711) Important Information Disclosure May require restart Active Directory Federation Services 3.0.
MS15-041 Vulnerability in .NET Framework Could Allow Information Disclosure (3048010) Important Information Disclosure May require restart Microsoft .NET Framework 1.1 Service Pack 1, Microsoft .NET Framework 2.0 Service Pack 2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4, Microsoft .NET Framework 4.5, Microsoft .NET Framework 4.5.1, and Microsoft .NET Framework 4.5.2 on affected releases of Microsoft Windows.
MS15-042 Vulnerability in Windows Hyper-V Could Allow Denial of Service (3047234) Important Denial of Service Requires restart Microsoft Windows 8.1 and Windows Server 2012 R2.
Summaries for new bulletin(s) may be found at https://technet.microsoft.com/library/security/ms15-apr.
The Malicious Software Removal Tool and Non-Security Updates
  • Microsoft is releasing an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Server Update Services (WSUS), Windows Update (WU), and the Download Center. Information on the Microsoft Windows Malicious Software Removal Tool is available at https://support.microsoft.com/kb/890830.
  • High priority non-security updates Microsoft releases to be available on Microsoft Update (MU), Windows Update (WU), or Windows Server Update Services (WSUS) will be detailed in the KB article found at https://support.microsoft.com/kb/894199.
Rereleased Security Bulletin
Microsoft rereleased one security bulletin on April 14, 2015. Here is an overview of this rereleased security bulletin:
MS14-080 Cumulative Security Update for Internet Explorer (3008923)
Executive Summary and Recommended Actions To comprehensively address issues with the 3008923 security update, customers running Internet Explorer 11 on either Windows 7 or Windows Server 2008 R2 should also install the 3038314 security update released on April 14, 2015. For more information, see MS15-032.
More Information https://technet.microsoft.com/library/security/MS14-080
New Security Advisory
Microsoft published one new security advisory on April 14, 2015. Here is an overview of this new security advisory:
Security Advisory 3045755 Update to Improve PKU2U Authentication
Executive Summary Microsoft on April 14, 2015, is announcing the availability of a defense-in-depth update that improves the authentication used by the Public Key Cryptography User-to-User (PKU2U) security support provider (SSP) in Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1. The improvement is part of ongoing efforts to bolster the effectiveness of security controls in Windows.
Available Updates Microsoft released an update (3045755) for all supported editions of Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1. The update is available on the Download Center as well as the Microsoft Update Catalog for all affected software. It is also offered via automatic updating and through the Microsoft Update service. For more information, see Microsoft Knowledge Base Article 3045755.

Synopsis of functionality added by the update:
The update improves certain authentication scenarios for PKU2U. After applying this defense-in-depth update, PKU2U will no longer authenticate to a Windows Live ID (WLID) if an initial authentication attempt fails.
More Information https://technet.microsoft.com/library/security/3045755
Rereleased Security Advisory
Microsoft rereleased one security advisory on April 14, 2015. Here is an overview of this rereleased security advisory:
Security Advisory 3009008 Vulnerability in SSL 3.0 Could Allow Information Disclosure
What Has Changed? Microsoft is announcing that with the release of security update 3038314 on April 14, 2015, SSL 3.0 is disabled by default in Internet Explorer 11. Microsoft is also announcing that SSL 3.0 will be disabled across Microsoft online services over the coming months.
Recommended Actions Microsoft recommends that customers migrate clients and services to more secure security protocols, such as TLS 1.0, TLS 1.1 or TLS 1.2.

See the “Suggested Actions” section of the advisory for workarounds to disable SSL 3.0. Microsoft recommends customers use these workarounds to test their clients and services for the usage of SSL 3.0 and start migrating accordingly.
More Information https://technet.microsoft.com/library/security/3009008
New Security Bulletin Technical Details
In the following tables of affected and non-affected software, software editions that are not listed are past their support lifecycle. To determine the support lifecycle for your product and edition, visit the Microsoft Support Lifecycle website at http://support.microsoft.com/lifecycle/.
Bulletin Identifier Microsoft Security Bulletin MS15-032
Bulletin Title Cumulative Security Update for Internet Explorer (3038314)
Executive Summary This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

The security update addresses the vulnerabilities by modifying the way that Internet Explorer handles objects in memory and by helping to ensure that affected versions of Internet Explorer properly implement the ASLR security feature.
Severity Ratings and Affected Software This security update is rated Critical for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11 on affected Windows clients, and Moderate for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11 on affected Windows servers.
Attack Vectors Memory Corruption Vulnerabilities:

An attacker could host a specially crafted website that is designed to exploit these vulnerabilities through Internet Explorer, and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements by adding specially crafted content that could exploit these vulnerabilities. An attacker would have to convince users to take action, typically by getting them to click a link in an instant messenger or email message that takes users to the attacker’s website, or by getting them to open an attachment sent through email.
CVE-2015-1661:
An attacker could use this ASLR bypass vulnerability in conjunction with another vulnerability, such as a remote code execution vulnerability, that could take advantage of the ASLR bypass to run arbitrary code.
Mitigating Factors Microsoft has not identified any mitigations for these vulnerabilities.
Restart Requirement This update requires a restart.
Bulletins Replaced by This Update MS15-018
Full Details https://technet.microsoft.com/library/security/MS15-032

Bulletin Identifier Microsoft Security Bulletin MS15-033
Bulletin Title Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3048019)
Executive Summary This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user.

The security update addresses the vulnerabilities by correcting how Microsoft Office parses specially crafted files, by correcting how Office handles files in memory, and by helping to ensure that SharePoint Server properly sanitizes user input.
Severity Ratings and Affected Software This security update is rated Critical for all supported editions of the following software:

  • Microsoft Word 2007, Microsoft Office 2010, Microsoft Word 2010
  • Microsoft Word Viewer, Microsoft Office Compatibility Pack
  • Word Automation Services on Microsoft SharePoint Server 2010
  • Microsoft Office Web Apps Server 2010
This security update is rated Important for all supported editions of the following software:
  • Microsoft Word 2013
  • Microsoft Office for Mac 2011, Microsoft Word for Mac 2011, Outlook for Mac for Office 365
  • Word Automation Services on Microsoft SharePoint Server 2013
  • Microsoft Office Web Apps Server 2013
Attack Vectors CVE-2015-1641, CVE-2015-1649, CVE-2015-1650, and CVE-2015-1651:

Exploitation of these vulnerabilities requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario an attacker could exploit the vulnerabilities by sending a specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerabilities.
CVE-2015-1639:
Exploitation of this vulnerability requires that a user views specially crafted content, which then could run a script in the context of the user. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains specially crafted content that is designed to exploit the vulnerability. An attacker would have to convince users to visit an affected website, typically by getting them to click a link in an instant messenger or email message, and then convince them to open the specially crafted file.
Mitigating Factors Microsoft has not identified any mitigating factors for these vulnerabilities.
Restart Requirement This update may require a restart.
Bulletins Replaced by This Update MS14-081 and MS15-022
Full Details https://technet.microsoft.com/library/security/MS15-033

Bulletin Identifier Microsoft Security Bulletin MS15-034
Bulletin Title Vulnerability in HTTP.sys Could Allow Remote Code Execution (3042553)
Executive Summary This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends a specially crafted HTTP request to an affected Windows system.

The security update addresses the vulnerability by modifying how the Windows HTTP stack handles requests.
Severity Ratings and Affected Software This security update is rated Critical for all supported editions of Windows 7, Windows Server 2008 R2, Windows 8, Windows 8.1, Windows Server 2012, and Windows Server 2012 R2.
Attack Vectors To exploit this vulnerability, an attacker would have to send a specially crafted HTTP request to the affected system.
Mitigating Factors Microsoft has not identified any mitigating factors for this vulnerability.
Restart Requirement This update requires a restart.
Bulletins Replaced by This Update None
Full Details https://technet.microsoft.com/library/security/MS15-034

Bulletin Identifier Microsoft Security Bulletin MS15-035
Bulletin Title Vulnerability in Microsoft Graphics Component Could Allow Remote Code Execution (3046306)
Executive Summary This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker successfully convinces a user to browse to a specially crafted website, open a specially crafted file, or browse to a working directory that contains a specially crafted Enhanced Metafile (EMF) image file. In all cases, however, an attacker would have no way to force users to take such actions; an attacker would have to convince users to do so, typically by way of enticements in email or instant messages.

The security update addresses the vulnerability by correcting how Microsoft Windows processes EMF files.
Severity Ratings and Affected Software This security update is rated Critical for all supported editions of Microsoft Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
Attack Vectors In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince users to view the website. This could also include compromised websites or websites that accept or host user-provided content or banner advertisements; such websites could contain specially crafted content that is designed to exploit the vulnerability. An attacker would have to convince users to visit an affected website, typically by getting them to click a link in an email or instant message request.

In an email attack scenario, an attacker could exploit the vulnerability by sending Outlook users a specially crafted email, or sending them a specially crafted Office document as an attachment, and convincing the user to read the message or open the file.
An attacker could also exploit this vulnerability by hosting a malicious image file on a network share and convincing users to navigate to the folder in Windows Explorer.
Mitigating Factors Microsoft has not identified any mitigating factors for this vulnerability.
Restart Requirement This update may require a restart.
Bulletins Replaced by This Update None
Full Details https://technet.microsoft.com/library/security/MS15-035

Bulletin Identifier Microsoft Security Bulletin MS15-036
Bulletin Title Vulnerabilities in Microsoft SharePoint Server Could Allow Elevation of Privilege (3052044)
Executive Summary This security update resolves vulnerabilities in Microsoft Office server and productivity software. The vulnerabilities could allow elevation of privilege if an attacker sends a specially crafted request to an affected SharePoint server. An attacker who successfully exploited the vulnerabilities could read content that the attacker is not authorized to read, use the victim’s identity to take actions on the SharePoint site on behalf of the victim, such as change permissions and delete content, and inject malicious content in the victim’s browser.

The security update addresses the vulnerabilities by helping to ensure that Microsoft SharePoint Server properly sanitizes user input.
Severity Ratings and Affected Software This security update is rated Important for supported editions of Microsoft SharePoint Server 2010, Microsoft SharePoint Server 2013, and Microsoft SharePoint Foundation 2013.
Attack Vectors An authenticated attacker could exploit these vulnerabilities by sending a specially crafted request to an affected SharePoint server. The attacker who successfully exploited these vulnerabilities could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim’s identity to take actions on the SharePoint site on behalf of the victim, such as change permissions and delete content, and inject malicious content in the victim’s browser.
Mitigating Factors Microsoft has not identified any mitigating factors for this vulnerability.
Restart Requirement This update may require a restart.
Bulletins Replaced by This Update MS14-022 and MS15-022.
Full Details https://technet.microsoft.com/library/security/MS15-036

Bulletin Identifier Microsoft Security Bulletin MS15-037
Bulletin Title Vulnerability in Windows Task Scheduler Could Allow Elevation of Privilege (3046269)
Executive Summary This security update resolves a vulnerability in Microsoft Windows. An attacker who successfully exploited the vulnerability could leverage a known invalid task to cause Task Scheduler to run a specially crafted application in the context of the System account. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

The security update addresses the vulnerability by ensuring that the known invalid Windows Defender task is either not present on or removed from affected systems.
Severity Ratings and Affected Software This security update is rated Important for all supported editions of Microsoft Windows 7 and Windows Server 2008 R2.
Attack Vectors To exploit the vulnerability, an attacker would first have to log on to the target system and determine whether or not the known invalid task was present on the system. If present, the attacker could then engineer the task to execute a specially crafted application in the context of the System account.
Mitigating Factors Microsoft has not identified any mitigating factors for this vulnerability.
Restart Requirement This update does not require a restart.
Bulletins Replaced by This Update None
Full Details https://technet.microsoft.com/library/security/MS15-037
Bulletin Identifier Microsoft Security Bulletin MS15-038
Bulletin Title Vulnerabilities in Microsoft Windows Could Allow Elevation of Privilege (3049576)
Executive Summary This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application. An authenticated attacker who successfully exploited these vulnerabilities could acquire administrator credentials.

The security update addresses the vulnerability by correcting how Microsoft Windows validates impersonation events.
Severity Ratings and Affected Software This security update is rated Important for all supported releases of Microsoft Windows.
Attack Vectors To exploit these vulnerabilities, an attacker would first have to log on to the system. An attacker could then run a specially crafted application designed to increase privileges.
Mitigating Factors Microsoft has not identified any mitigating factors for these vulnerabilities.
Restart Requirement This update requires a restart.
Bulletins Replaced by This Update MS15-025 and MS15-031.
Full Details https://technet.microsoft.com/library/security/MS15-038

Bulletin Identifier Microsoft Security Bulletin MS15-039
Bulletin Title Vulnerability in XML Core Services Could Allow Security Feature Bypass (3046482)
Executive Summary This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if a user opens a specially crafted file.

The security update addresses the vulnerability by correcting how Microsoft XML Core services enforces the same-origin policy in a document type declaration (DTD) scenario.
Severity Ratings and Affected Software This security update for Microsoft XML Core Services 3.0 is rated Important for all supported editions of Microsoft Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
Attack Vectors In an email attack scenario, an attacker could exploit the vulnerability by sending a specially crafted file to the user and by convincing the user to open the file. In a web-based attack scenario, an attacker could host a website that contains a file that is used to attempt to exploit the vulnerability. An attacker would have to convince users to open the file, typically by way of an enticement in an email or instant message.
Mitigating Factors Microsoft has not identified any mitigating factors for this vulnerability.
Restart Requirement This update may require a restart.
Bulletins Replaced by This Update MS14-067
Full Details https://technet.microsoft.com/library/security/MS15-039

Bulletin Identifier Microsoft Security Bulletin MS15-040
Bulletin Title Vulnerability in Active Directory Federation Services Could Allow Information Disclosure (3045711)
Executive Summary This security update resolves a vulnerability in Active Directory Federation Services (AD FS). The vulnerability could allow information disclosure if a user leaves their browser open after logging off from an application and an attacker reopens the application in the browser immediately after the user has logged off.

The security update addresses the vulnerability by ensuring that the logoff process properly logs off the user.
Severity Ratings and Affected Software This security update is rated Important for AD FS 3.0 when installed on x64-based editions of Microsoft Windows Server 2012 R2.
Attack Vectors An attacker who successfully exploited this vulnerability could gain access to a user’s information by reopening an application from which the user has logged off. Since the logoff actually fails an attacker is not prompted to enter a username or password. An attacker could then use this vulnerability to discover information to which an AD FS user has access.
Mitigating Factors Microsoft has not identified any mitigating factors for this vulnerability.
Restart Requirement This update may require a restart.
Bulletins Replaced by This Update None
Full Details https://technet.microsoft.com/library/security/MS15-040

Bulletin Identifier Microsoft Security Bulletin MS15-041
Bulletin Title Vulnerability in .NET Framework Could Allow Information Disclosure (3048010)
Executive Summary This security update resolves a vulnerability in Microsoft .NET Framework. The vulnerability could allow information disclosure if an attacker sends a specially crafted web request to an affected server that has custom error messages disabled. An attacker who successfully exploited the vulnerability would be able to view parts of a web configuration file, which could expose sensitive information.

The security update addresses the vulnerability by removing file content details from the error messages that were facilitating the information disclosure.
Severity Ratings and Affected Software This security update is rated Important for Microsoft .NET Framework 1.1 Service Pack 1, Microsoft .NET Framework 2.0 Service Pack 2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4, Microsoft .NET Framework 4.5, Microsoft .NET Framework 4.5.1, and Microsoft .NET Framework 4.5.2 on affected releases of Microsoft Windows.
Attack Vectors To exploit this vulnerability, an attacker could a send a specially crafted web request to an affected server with the intention of eliciting an error message that could disclose information pertaining to the source line that originated the exception. Ultimately, this could disclose information that was not intended to be accessible.
Mitigating Factors Only IIS servers that serve verbose error messages are affected; production servers are unlikely to be affected.
Restart Requirement This update may require a restart.
Bulletins Replaced by This Update MS14-009
Full Details https://technet.microsoft.com/library/security/MS15-041

Bulletin Identifier Microsoft Security Bulletin MS15-042
Bulletin Title Vulnerability in Windows Hyper-V Could Allow Denial of Service (3047234)
Executive Summary This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow denial of service if an authenticated attacker runs a specially crafted application in a virtual machine (VM) session. Note that the denial of service does not allow an attacker to execute code or elevate user rights on other VMs running on the Hyper-V host; however, it could cause other VMs on the host to not be manageable in Virtual Machine Manager.

The security update addresses the vulnerability by correcting how Virtual Machine Manager validates user input.
Severity Ratings and Affected Software This security update is rated Important for Microsoft Windows 8.1 for x64-based Systems and Windows Server 2012 R2.
Attack Vectors An authenticated attacker runs a specially crafted application in a virtual machine (VM) session.
Mitigating Factors Microsoft has not identified any mitigating factors for this vulnerability.
Restart Requirement This update requires a restart.
Bulletins Replaced by This Update None
Full Details https://technet.microsoft.com/library/security/MS15-042

Permanentlink zu diesem Beitrag: http://geigercom.de/april-2015-microsoft-security-bulletin-release/

Jan 25

RegKey bei W2k12R2 Essentials under Win8.1

Falls bei einem 2012R2 essentials System der Client schon in der Domain registriert ist und nur nochmals dem Essentials Service bekannt gemacht werden soll:

 

reg add „HKLM\SOFTWARE\Microsoft\Windows Server\ClientDeployment“ /v SkipDomainJoin /t REG_DWORD /d 1

Permanentlink zu diesem Beitrag: http://geigercom.de/regkey-bei-w2k12r2-essentials-win8-1/

Dez 10

Für unsere Lenovo-Kunden – Wichtig bei Notebook-Netzteilen

Rückrufaktion von Lenovo !

3-pol Stecker-Kabel an den Netzteilen der Mobiles bitte prüfen:  http://www.heise.de/newsticker/meldung/Lenovo-ruft-Stromkabel-zurueck-2485836.html

Permanentlink zu diesem Beitrag: http://geigercom.de/fuer-unsere-lenovo-kunden-wichtig-bei-notebook-netzteilen/

Dez 10

Nach Stuttgart21 – nun Baggersee21 in Stuttgart – Folgen von S21

Die Neuplanungen sind abgeschlossen.
Nach Stuttgart21 geht die Planung nun weiter.
Die Überflutung von Stuttgart ist eine Folge der Ausgrabungen zu S21.
Also hat die Stadt folgerichtig entschieden und wird Stuttgart zur Segel und Badezone erklären.

Sie glauben das nicht ? Hier die aktuellen Bilder: >>>>KLICK<<<<

Permanentlink zu diesem Beitrag: http://geigercom.de/nach-stuttgart21-nun-baggersee21-stuttgart-folgen-von-s21/

Load more

%d Bloggern gefällt das: