Windows Enterprise Desktop


December 23, 2011  4:26 PM

Safari iFRAME Exploit Leads to Zero-Day BSOD, Possible Remote Execution at Kernel Level

Ed Tittel Ed Tittel Profile: Ed Tittel

Secunia posted Advisory SA47327 earlier this week, which explains that a specially-crafted Web page instantly crashes 64-bit Windows 7 Professional running the Apple Safari Web browser for Windows. According to the advisory “The vulnerability is caused due to an error in win32.sys and can be exploited to corrupt memory via e.g. a specially crafted web page containing an iFRAME with an overly large “height” attribute viewed using the Apple Safari browser.” The bulletin goes onto say that “successful exploitation may allow execution of arbitrary code with kernel-level privileges, presumably in the form of some post-crash recovery executable. The original discovery (and an instance of an “overly large value” appears in a Twitter post from 12/18/2011 by @w3bd3vil aka “webdevil”).

Here’s a novel workaround for those concerned about this vulnerability until Apple comes out with a fix: turning on Developer Tools in Safari apparently eliminates iFRAME support (see this Apple Support Communities discussion: “iFrame works until I turn on developer tools in Safari…” for more information and instructions). OTOH, hackademix.net states that “Safari can’t be secured 100% against clickjacking” so one had better hope that this workaround truly turns off iFRAME altogether (hurry up testing on my three PCs with Safari installed appear to confirm this, albeit in a very small sample).

December 21, 2011  5:17 PM

More Windows Troubleshooting Stories

Ed Tittel Ed Tittel Profile: Ed Tittel

OK, so lately I’ve been both a little miffed, and more than a little curious, because my Windows 7 problem reporting hasn’t been working properly. The error message information to explain why not is pretty darn cryptic and turned up a big, fat goose egg — precisely nothing, that is — when I attempted to run the problem down. Here’s what I mean:

Interesting to see group policy mentioned on a non-AD Windows client

Interesting to see group policy mentioned on a non-AD Windows client

The diagnostics program helpfully offers the options to change error reporting settings, but they’re all greyed-out because they’re not user accessible. So off I go, haring into gpedit.msc, to see if jacking around with Local Computer Policy will help. Following tips on the Internet apparently related to this problem (‘Windows Error Reporting Doesn’t Work” or “Group Policy error on Windows error reporting”) I try changing settings in Administrative Templates \ Windows Components \ Windows Error Reporting. Nothing helps.

More Internet research tells me that the start-up and troubleshooting management tool, Soluto (which I use and have blogged about here repeatedly), might be at fault. Because a new update to the Soluto software is now available — which makes it smart for me to uninstall the old version before trying out a new one, as I’ve learned to do from previous major revs of their software — I try running the “Check for Solutions” item in System Center \ Maintenance with Soluto installed, and then again, without it installed.

Bingo! That difference also makes the difference between Windows error reporting (and Check for Solutions) working when Soluto is absent, and presenting the Group Policy error screen when Soluto is present. Very interesting! I certainly hope Soluto is aware of this issue and planning to fix it soon–hopefully in their upcoming first commercial release, scheduled for later this year.

[Follow-up note 12/22/2011: Checked a couple of 64-bit Windows 7 machines also running Soluto, but not the latest version: one rev back. No issues with MS problem reporting or solution lookup on any of these machine. Even more interesting! I'm going to update one of these machines and see if the problem is specific to the 32-bit version only, or affects both 32- and 64-bit machines.]

[Second follow-up 12/23/2011: Just installed the latest rev on two of my 64-bit test machines. Prior to the rev, MS Problem reporting and solution lookup worked fine. After the rev, it showed the same group policy error that also appeared on my 32-bit machine as well. Ladies and Gentlemen: we appear to have a genuine culprit!]


December 19, 2011  4:31 PM

Microsoft’s Move Toward iOS

Ed Tittel Ed Tittel Profile: Ed Tittel

On December 15, 2011, Paul Thurrott of Supersite for Windows appeared on Windows Weekly 239 with Mary-Jo Foley (another regular commenter on Microsoft and Windows operating systems and technologies). My specific area of interest here is the company’s release of iOS apps for Skydrive, Lync, and an update for OneNote 1.3 for the iPad (iOS apps for Kinectimals, Bing, and an iOS connector for email are also available as well).

Paul and Mary Jo ponder the strange synergy between MS and iOS

Paul and Mary Jo ponder the strange synergy between MS and iOS

Of course, it’s still the case that the deepest and most effective support for MS applications occur on Windows Mobile platforms (but because this occurs at the OS level) sometimes the non-Windows mobile platforms get such support sooner than major Microsoft releases can manage. As Thurrott points out, Microsoft is not to tightly aligned that it can push out mobile OS releases in synch with features under development in various part of the company. Some Windows enthusiasts (bigots?) have expressed displeasure that iOS in general (and iPad in particular) have gathered features and functions that might not yet have appeared on mobile Windows platforms. That’s why it’s still the case that Xbox Live is better integrated into Windows mobile platforms, as is the entire Windows Office suite.

It’s going to be interesting to see how this unfolds. Given the increasing importance of mobile apps, and the proliferation of platforms (and the inescapable popularity of iOS) it’s ever more likely that MIcrosoft will reach out to competitive platforms at the same time as it makes apps to run on those selfsame platforms.


December 16, 2011  8:02 PM

MS AMD Bulldozer Performance Fix Up and Down in 24 Hours

Ed Tittel Ed Tittel Profile: Ed Tittel

On Thursday, December 15, MS released a hotfix to “optimize the peformance of AMD Bulldozer CPUs…” for Windows 7 or Windows Server 2008 R2 (KB2592546). Seems that the original code base wasn’t properly set up to take full advantage of multi-threading in the Bulldozer architecture. According to some hurry-up benchmarking work from X-bit Labs, the hotfix could boost performance anywhere from 2-10 percent, depending on the actual application involved — but only if that application is designed to run in multi-threaded fashion.

Now you see it, now you do not!

Now you see it, now you do not!

This morning, however, VR-Zone posted a story entitled “Microsoft Pulls Down the AMD Bulldozer Multi-Threaded Patch,” citing reports of user problems and peformance decreases for the reversal in course. While you can visit the Hotfix page for KB2592546, you’ll immediately notice that the download links on this page are no longer live.

Later rather than sooner?

Later rather than sooner?

I’m guessing that a development team is working feverishly to address whatever gotchas popped up following the inital drop of this release onto the Microsoft Support pages. I imagine we’ll see a round two on this stuff as soon as it’s judged to be “really working this time.”

Very interesting!

[Note on 12/19: HardOCP has since explained that the initial hotfix was incomplete, and got pulled because it demonstrated a negative effect -- that is, decreased performance -- on enough Bulldozer systems that MS apparently decided it was better off pulling the code than leaving it up for download.]


December 14, 2011  6:08 PM

PSI Flags Interesting Silverlight Issue

Ed Tittel Ed Tittel Profile: Ed Tittel

As anybody who reads this blog regularly knows, I use and endorse Secunia’s excellent Personal Software Inspector (PSI) software on my notebook and desktop PCs. This program takes a look at the OS, applications, and helper software components to check release versions and dates, then compares it to its voluminous database of current OS patches and fixes, application updates, and more, to determine what elements of a particular install are out-of-date and need to be made current. It’s a peachy program (a corporate version called CSI is also available for business and commercial use) and one that I  regard as essential in helping me keep my machines secure and up-to-date.

This morning, when I logged in I saw various security update bulletins that induced me to run the PSI scan on my primary desktop, it reported that my Microsoft Silverlight installation (and Google Chrome) needed updates. This struck me as odd because Patch Tuesday just hit yesterday, and I’d already updated that system. As it happens, Silverlight has just been updated to a new major version (5), but this update is not yet being distributed through Windows Update itself. Here’s what clued me into the situation:

Silverlight 4.x is now end-of-life (obsolete)

Silverlight 4.x is now end-of-life (obsolete)

It’s weird to find oneself in a situation where a piece of Microsoft software displays this kind of warning, even in the face of Windows Update. That’s how I figured out that Silverlight 5 hasn’t yet fallen under the WU umbrella (as also happens with OS Service Packs, which must be manually downloaded and installed until some time after their official release).

So now that I knew what I was dealing with, I jumped over the the Silverlight page at www.microsoft.com/silverlight, where I beheld the following welcome:

The Silverlight home page checks and reports on what version you have

The Silverlight home page checks and reports on what version you have

So indeed an upgrade was needed. And once it was applied no more warnings, and everything was once again up-to-date. This is just what PSI is designed to do, and this time it made me extremely happy for it it do it for me: otherwise, I might not have realized Silverlight needs a manual update until after some no-doubt heinous exploit had already been foisted!


December 12, 2011  8:12 PM

Not everyone buys my “Heck no, we won’t go” argument for Win8

Ed Tittel Ed Tittel Profile: Ed Tittel

In my last blog — entitled “Heck No, We Won’t Go! (from Windows 7 to Windows 8, that is)” — I argued that given how happy most folks are with Windows 7, and how little non-touch machines gain from the upgrade, that many satisfied Windows 7 users are unlikely to upgrade existing machines to the new OS after it ships. Unsurprisingly, not everybody agrees with me: I’ve received email (and one comment) from a handful of readers advancing these arguments:

  • A certain class of PC user is inclined to use the latest and greatest, no matter what it may be in the interests of keeping up
  • Another class of PC user (including your humble author) is required to work with (and in some cases like mine, write about) the latest Windows version  even now, as it’s in pre-beta status

I have to concede that some people will indeed do the upgrade for all kinds of good reasons. But my argument is more along the lines of “those who don’t HAVE to probably won’t” rather than “nobody’s going to do it at all.” Of course, I also cheerfully confess that my previous post’s headline is a bit lurid and exaggerated, so I am probably overdue for a little “constructive feedback.”

For another interesting take on the interested in upgrading side of this discussion, check out Matt Egan’s very nice article for PC Advisor this morning (12/12/2011) entitled “Why 2012 will be the year of Windows 8.” His argument is worth reading, but my thumbnail sketch is that he believes that users are more interested in shared and common access to services and data, and that Windows 8′s ability to integrate apps and info across tablets, smartphones, and desktop is an unbeatable proposition that is also necessary to keep MS In the same league as Apple and Google.

Headline for "Year of Win8" story

Headline for Year of Win8 Story

FWIW, I agree. But I also observe that the only way you get these advanced Windows 8 features is on new PCs with UEFI BIOS and with iX class CPUs with SLAT (or the AMD equivalent). Thus I believe this is a case where I can have my cake and eat it, too — because my previous argument is about UPGRADING from Windows 7 to Windows 8, not about buying new systems that support the full panoply of Windows 8′s advanced features. I stick by my argument having now had more time to realize that without these razzle-dazzle features, users will either stick with Windows 7 on older hardware or bite the bullet and buy new Windows 8 capable systems. I’m already speccing-out one such system myself! I’ll probably upgrade (or dual boot) some of my older systems with Win7/8 just to see how that works, and to better understand how far behind the curve pre-2010 PCs will be in a Windows 8 world.


December 9, 2011  6:55 PM

Heck No! We won’t go! (From Windows 7 to Windows 8, that is)

Ed Tittel Ed Tittel Profile: Ed Tittel

Here’s a cheery bit of news from our friends over at MaximumPC. The story’s headline “IDC: Happy Windows 7 PC Users Won’t Switch to Windows 8” pretty much says it all. Quoting from ZDNet’s Mary-Jo Foley, the operative phrase is that “Windows 8 will be ‘largely irrelevant’ to traditional PC users.” The interior quotes are from an actual IDC report, which costs $3,500 and should therefore explain why none of us underpaid Windows hounds have the necessary scratch to obtain and quote directly from the real source. It’s entitled “Worldwide System Infrastructure Software 2012 Top 10 Predictions” from which IDC VP Al Gillen tweeted the net-net items on December 2:

01. Customer Face Confusing Choices as Virt, Cloud System SW and Information Automation SW Converge.
02. Private Clouds Will Grow Like Gangbusters, One Use Case at a Time.
03. 2012 Will Be VMware’s Last Year as King ot the Hill. Competition Starts Squeezing Hard in 2013. No More Green Field for VMware.
04. Operational Complexity Will Drive Demand for Predictive Analytics and APM.
05: Consumerization of IT Will Create New Management Challenges and Solutions.
06. Platform as a Service Will Ramp Up Slowly Due to Lock-in Fears.
07. Battle Royale Will Be Waged to Establish Linux Kernel of Cloud Computing.
08. Enterprises Will Reconsider Benefits of Infrastructure Heterogeneity.
09. There will be Layers for the Masses, Stacks for the Few.
10. Expect big success for WS8, Win Client 8 a skip-over for desktop users. Uphill battle for WC8 mobile space.

Item 10, of course, is what caught MJF’s eye and produced this magnificent quote from the actual report: “Windows 8 will be largely irrelevant to the users of traditional PCs, and we expect effectively no upgrade activity from Windows 7 to Windows 8 in that form factor.” IDC believes that Windows 8 will become generally available no later than August 2012, at which point PCs with Win8 pre-installed may be sold. I take this to mean that while new PCs may come bearing Win8, users won’t be lining up at midnight to buy the upgrade media at retail outlets, or clogging the Internet to download the new OS when the floodgates open.

At the enterprise level, of course, things will lag further behind. With many organizations in the middle of migrating to Windows 7, or having just completed same in the past 12 months, enterprises aren’t exactly eager to gird their loins and “do it again.” It’s typical for early enterprise adopters to jump on new OSes about a year after release, and for the main pack to slink onto the platform a year or two after that.

And with most regular, non-enterprise users pretty happy with Windows 7 on current PCs, there aren’t a lot of obvious and compelling reasons visible just yet to propel them to upgrade. This should be an interesting launch to watch–especially for Microsoft!


December 7, 2011  3:44 PM

Windows 8 Folds Upgrade Advisor into OS Install

Ed Tittel Ed Tittel Profile: Ed Tittel

OK, I cheerfully confess that I glossed over the November 21 Building Windows 8 blog posting by Christa St. Pierre of the Windows 8 Setup and Deployment team, thinking that because I’ve gone through a couple of Windows 8 pre-release installs that I didn’t really need to read it from stem to stern. I was wrong, not because I had some experience and thus also, some appreciation for how it works and how it compares to Windows 7,  but because that decision to “just skip it” deprived me of some valuable background information and insight into how the Windows 8 install process has been redesigned. Perhaps I should have paid closer attention to that posting’s title: “Improving the setup experience.”

But thanks to Jon Brodkin over at Ars Technica (one of my favorite sources for inside information, insight, and breaking Windows news and rumors) I started to understand more about what was going on with this part of the Windows 8 experience. The title of his article, in fact, points to some incredibly salient points–namely “Windows 8 gets faster installation, 11-click upgrade for casual users.” So, plowing through this piece I discovered information about how the Windows 8 process has been substantially streamlined so that what required multiple downloads and 4 programs to complete, and involved working through 60 screens of information, is now condensed into a single program that might require working only 11 screens. By itself, that’s pretty remarkable (and this is coming from somebody who’s had to write up detailed install descriptions and instructions for every version of Windows since 3.1 way back in the mid-1990s).

There’s also a fascinating discuss of the upgrade process (Windows 7 to Windows 8, in this case) that explains how the number of files and applications installed can affect overall install completion time. Because Windows 7 stages files for upgrading, it ends up copying files twice during that process, even though the bulk of such moves start and end in the very same folder! Simply put, Windows 8 moves what it has to more expeditiously at the folder lever when moves are required, skips unnecessary moves, and uses hard links to move things logically in the file system without actually moving stuff around on disk. This cuts upgrade time for large complex installations from 188 minutes to 46 minutes on systems with 430K files and 90 apps (about a 75% improvement)  and from 513 minutes to 52 minutes on systems with 1.44M files and 120 apps (almost 90% better). Wow!

The blog goes on to explain how Web delivery has been optimized, through better compression, elimination of duplicate OS files, and smarter download behaviors. It closes with a nice overview of the Windows 8 ADK (Assessment and Deployment Kit, which replaces the old Windows Automated Installation Kit or WAIK), along with some best practices info on building Answer Files to automate bulk and remote installs.

This post is definitely worth reading, and pondering carefully, as you start thinking about test lab, pilot, and ultimately, production roll-outs of Windows 8. Be sure to check it out!


December 5, 2011  5:55 PM

Windows 8 Beta Rumors Popping

Ed Tittel Ed Tittel Profile: Ed Tittel

The word on the street is apparently out, and it’s claiming that we’ll see a large-scale beta release of Windows 8 sometime in January or February 2012.This is not too ridiculous to believe, by any means, considering that the developer preview made its debut around September 14. Among many publications proffering such guesstimates, PC World’s story “Windows 8 Beta Expected in Early 2012” gets my vote.

PC World Win8 Beta Headline

PC World Win8 Beta Headline

I’m glad to have an approximate time-frame for this upcoming release, because I want to build a new PC with a UEFI BIOS and a touchscreen in time to install the Windows 8 beta shortly after it’s let go. Looks like I’ve still got some time left to put together a new configuration. I’m guessing a lot of other readers who like to keep up with Microsoft’s release schedule may be thinking the same thing!


December 5, 2011  4:16 PM

Storage+ Will Take Over for SNIA Certified Storage Professional

Ed Tittel Ed Tittel Profile: Ed Tittel

With the impending release of the CompTIA Storage+ credential on January 18, 2012, the Storage Networking Industry Association (SNIA) has announced the withdrawal and impending retirement of its SNIA Certified Storage Professional (SCSP) credential the day before. In fact the SCSP home page currently starts out this way:

Out with the old and in with the new!

Out with the old and in with the new!

I’d wondered how the old entry level SNIA credential (sometimes known as “Storage Foundations” or “Foundations” after the name of the associated exam) would compare to the new and presumably improved Storage+ joint effort from both CompTIA and SNIA. Now I guess we ALL know. But I look at this as a good thing, in adding more credibility to CompTIA and its industry partnerships, and in reducing potential confusion when it comes to selecting a good, solid, entry-level vendor neutral storage exam


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: