Brian Johnson's Startup Developer Blog

September, 2004


    Action for Devs around MS04-028

    Today we released two new security bulletins. MS04-028 is marked critical and there's specific action that Visual Studio users need to take with regards to this bulletin. Developers should read over the bulletin carefully and download and install the patches specific to Visual Studio .NET and the .NET Framework. Microsoft Security Bulletin Summary for September, 2004
    Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987)

    A remote code execution vulnerability exists in the processing of JPEG image formats that could allow remote code execution on an affected system.

    Note This vulnerability might require the installation of several security updates. Review the entire column in the Affected Software and Download Locations summary table for the MS04-028 bulletin identifier to verify the updates that you have to install, based on the programs or components that you have installed on your system.

    Platform SDK Update with Windows XP SP2 Support


    I saw on Mitch Walker's blog that the Windows XP SP2 Platform SDK has been added to the SDK Update site. You can download it from this page: Microsoft Platform SDK

    Click on the Windows XP SP2 link on the left of that page to get to the XPSP2 Platform SDK download:

    Microsoft Windows XP SP2 Platform SDK
    The Platform SDK – Windows XP Service Pack 2 contains the information you need to develop applications for Microsoft Windows XP Service Pack 2.

    Use this SDK to ensure that you have the latest documentation, samples, and SDK build environment (header files, libraries, and tools) for the release of Windows XP Service Pack 2. The documentation includes updated information for Windows Server 2003 as well, but does not replace your existing build environments for Windows Server 2003. A new custom install allows you to select components you wish to install on a more granular level. Choose “custom” instead of “typical” to utilize this feature.

    Star Wars Battlefront

    OK, so yesterday my wife picked up a copy of Battlefront for me at Target. My kids love this game and I've spent a few hours playing online. What I find most amazing about this game is that it really makes you feel like you're in one of the movies.

    Scoble links to Robert Weller, who has the absolute best reason for buying this game. (I also discovered this right away and thought exactly the same thing.)

    Visual C++ 2005 Tools Refresh Updated

    We posted a new drop of the Visual C++ 2005 compiler for the Visual Studio 2005 Beta and the Visual C++ 2005 Express Beta. The version number is 40904. This update should fix all the problems that the previous tools release had with mismatched libraries because it includes the matched import libs for non-pure managed CRT.

    I've updated the download page with the new installer and some extra information in the Installation Instructions and the Additional Information sections. (Please note that the version information doesn't seem to be showing up correctly on the Download Center page. The download is 40904, but the version number on the page still says 40809. I've updated the page, but that specific change hasn't propagated to the the Web yet.)

    So as before, this is beta code that's outside of our regular beta release, so use it with caution. We would love to get feedback from you about these tools. Please submit bugs and comments through the MSDN Product Feedback Center.
    Visual C++ 2005 Tools Refresh

    Updated: September 10, 2004

    Thanks for using the Visual C++ 2005 Beta. The Visual C++ compiler team has done a lot of work that is not available in the Beta 1 release. The refresh program is for users of the Visual C++ 2005 Beta who want to try out the latest development builds.

    Xbox HDTV Support

    This week I bought a widescreen monitor for my PC that also supports HDTV. I've got this hooked to my Xbox and so I was looking for the 1080i games to test things out. I found a great list here at HDTVArcade that shows the different resolutions supported by each game.

    Port Reporter Tools

    Tim Rains let me know that they posted a Port Reporter Parser utility to the Microsoft Download Center. The Port Reporter Parser Utility makes it much easier to review your port reporter logs. There's a bunch of stuff to look at if you're interested in using these tools, so I'll list them out here:
    Microsoft KB article explaining Port Reporter

    Port Reporter Utility

    Port Reporter Parser Utility
    Here are some features of the Port Reporter Parser tool:

    PR-Parser helps to identify data that is “interesting” and/or “suspicious”:
    • Identifies ports of interest that are used on the system.
    • Identifies “suspicious” processes running on the system.
    • Identifies “suspicious” modules (.dlls, .drvs, etc) loaded on the system.
    • Identifies “interesting” user accounts that are active on the system.
    • Helps to determine when IP addresses, fully qualified domain names (FQDNs), or computer names of interest are found communicating with the system.
    • Attempts to identify when a process using the name of a legitimate process is run from the wrong directory on a system. 

    PR-Parser provides some log analysis data as well.  This data can help profile the system and/or how users use the system.  This data includes:

    • Local TCP port usage - % of time a TCP port is used
    • Local process usage – what % of time each process is used
    • Remote IP address usage – how often the local system communicates with each remote host
    • User context usage – how often each user account is used to start local processes
    • Port usage by hour of the day – helps identify peek usage times for a Windows system
    • Svchost.exe enumeration – see all the services hosted by every instance of svchost.exe running on a system
    • Internet Explorer usage by user – see all the sites or firewalls that every user visits via Internet Explorer
    Tim mentioned that there's a readme.doc file that's included with the Porter Reporter Parser utility that really explains how to use that utility in depth. I've been looking through it today and it's definitely worth reviewing as you start using these tools.

    XPSP2 at O'Reilly

    Chris sent me a link to Mitch Tulloch's nice little summary article on Windows XP SP2 deployment. You can find it on O'Reilly's
    Deploying SP2--Or Not
    To deploy, or not to deploy: that is the question: Whether 'tis nobler in the mind to suffer The slings and arrows of outrageous security enhancements, Or to take arms against a sea of incompatible applications, And by opposing SP2 deployment, end them?

    Upgrading COM Applications to .NET with Visual C++ 2005

    Just a quick reminder that this chat is today at 12:00 PM (PST) (19:00 GMT). Here's a link to the chats page and this link will add a reminder to your Outlook calendar.

    New CodeWise Community Page

    There's a new CodeWise Community Page up on MSDN. This is a great place to go to find links to developer sites all over the net.
    About CodeWise
    The Code Wise Community site is your resource for third-party tips, code samples, advice, and news from independent experts on the Microsoft .NET Framework and Microsoft Visual Studio .NET.

    Security Hands-On Lab

    Microsoft Learning has posted a new security hands-on lab for IT pros. You can find out more here:
    Hands-On Lab 2811: Applying Microsoft® Security Guidance Training

    This hands-on lab allows students to apply information and guidance that can help improve security in a network based on Microsoft Windows®. Students can perform tasks related to security update management and implementing security on Microsoft Windows® server and client computers.
    If you haven't done so, be sure to check out the other free security offerings from MS Learning. You can find these on the Microsoft Security E-Learning page.
Page 1 of 2 (16 items) 12