Take a look at this frequency graph from Secunia PSI: it charts the number of security updates that have been released in the past 6 months. When Microsoft dropped 18 items on my Windows 7 PCs on Tuesday, I figured this would be a big month for security updates, and the graph clearly shows my figuring was on the spot:
And sure enough, the latest Microsoft Security Bulletin (June 2011) lists 16 security updates plus other recurring entries: 9 critical (remote code execution) plus 7 important (information disclosure, remote code execution, elevation of privilege, and denial of service all appear) items make an appearance therein. At least 8 of the 9 critical items affect all modern versions of Windows desktop and server operating systems, so you’re going to want to dig into this latest security bulletin and fire up the test lab to start scheduling patch deployment sooner rather than later (for more info, see also Susan Bradley’s nice recent article on this latest Patch Tuesday, with some special emphasis on IE 9, in the Windows Secrets newsletter).
One thing’s for sure: the number of updates just spiked, and there’s some work to do in their wake. Roll up your sleeves, and get to it!
As I fired up one of my test machines yesterday after replacing a defective motherboard and Windows started to boot, I thought I might actually have gotten away with something grand and glorious. Not!! Although I was able to replace an Asus P5 Pro that had gone wonky on me with a Gigabyte GA-P43-ES3G and get Windows to start seemingly OK, further analysis revealed that I’d been bitten by an interesting pair of BIOS defaults involving:
- USB Keyboard disabled
- IDE disk controller (not AHCI)
Both the source and target systems use a built-in Intel AHCI ICH10 SATA RAID controllers, and I’d hoped to transfer the 64-bit Windows Professional AHCI installation unaltered as well. But because the BIOS refused to recognize the USB keyboard the first time the system booted (so I couldn’t enter the BIOS set-up program by hitting the DEL key), it automatically defaulted to IDE controller status and trashed all the carefully constructed AHCI setup I’d gone through on the previous incarnation.
Is it my fault that I forgot to plug in the PS/2 keyboard for that first boot-up? Technically, yes it is. But dang, nobody uses PS/2 keyboards any more and it ticks me off to no end (especially since I’m now going to have to rebuild this whole installation from the ground up) that the BIOS makers still don’t turn support for USB keyboards on as a BIOS default. C’mon guys: this was OK in the mid-90s when USB keyboards were the exception rather than the norm. But they’ve been the norm for at least 15 years now, so it’s time to change the basic set of assumptions that BIOS builders encode into their platforms to reflect a more current reality now on the ground.
I’d been so happy that Windows 7 didn’t puke on my motherboard swap and make me re-assert my license (though it did ask me to (re-)activate my license, at least I didn’t have to get on the phone to get a 25 digit activation key from somebody, which is usually a 20-minute process or so) that it took me a while to recognize that I’d munged the re-animation of this machine anyway by neglecting to hook up a PS/2 keyboard for its initial reboot. Now that I’ve been forcibly and painfully reminded of this situation once again, I won’t make this mistake for another two years or so. But again I really wish the BIOS builders would catch up with the first decade of the 21st century, rather than maintaining the status quo that prevailed at the close of the last millenium.
I’m waiting for some more memory, a new SSD, and a newer graphics card to replace the fanless 9600GT in this test machine before I re-do the current installation, but it’s already on my to-do list for later this month. In conclusion, all I can say is “Ouch! Ouch! Ouch! My bad…”
Interesting announcement at Cloudexpo in NYC yesterday (6/7/2011) entitled “Futurestate IT introduces AppRX and announces an agreement with App-DNA to provide Application Compatibility in the Cloud.” Seems that Canadian-based FutureState has created an environment that permits companies to assess, plan, and migrate applications to newer operating systems and platforms. App-DNA already helps to automate this process, but it is still most commonly performed on local test or laboratory platforms during an extended analysis, planning, and migration process. AppRx moves this effort into the cloud and supports Windows 7, Windows Server 2008, Microsoft App-V, and Citrix XenApp.
Over time, AppRx performs what FutureState calls “application currency management” to help organizations maintain ongoing currency, and forward planning and conversion for newer operating systems and platforms as they work through pre- and commercial release phases. The company promises reduce time for migration, lower costs for development, QA, and test efforts, improved reliability, and automation for Service Pack (SP) releases. Check it all out at FutureStateIT.com.
For organizations seeking to plan and automate Windows 7 deployments, there are few Web pages better equipped to help with that process than the TechNet Windows 7 Deployment FAQ. Not only will you find links to the various Microsoft planning, assessment, and deployment toolskits there, but you will also find issues related to Windows Server 2008 R2, recent Service Packs, and other important concerns addressed there as well. Think of it as a general clearinghouse for Windows 7 Deployment topics and you won’t be too far off the mark.
And while you’re in that part of TechNet, you’ll already be in the Windows 7 Desktop Deployment guide section as well. Be sure to check out the neighboring TechNet documents before you leave this area, including the various guides and toolkit overviews in that immediate vicinity (here’s a partial screenshot of the surrounding and relevant contents):
Although TechNet is not the be-all and end-all for Windows 7 deployment tools or information, it’s a terrific resource for learning and planning in this arena, particularly where the many and marvelous Microsoft related tools and information are concerned.
When I got back from a recent trip to the DFW area to meet with Jeff Carrell, my esteemed co-author for the upcoming revision to Guide to TCP/IP for Cengage Learning/Course Technology, I found a ginormous box waiting for me in the doorway to my office. Apparently, that’s as far as the UPS guy was willing to carry it when he dropped it off at the house while I was away.
“What the heck is that?” I thought upon seeing the 24x31x17″ container. “Oh yeah,” I remembered, “it’s the refurbished Dell 2707 WFP monitor I ordered on Monday.” I already have a 2707 that I purchased in 2007 or 2008, and had been using a Dell 2309 1080p monitor as my secondary screen for the past couple of years. With a much smaller screen and the same 1920×1080 resolution, my aging eyes had been struggling to make out the details on the smaller screen to my left for some time, with increasingly worse results over the past six months or so.
In the wake of some recent consulting work (and ensuing earnings) I decided to spring just over $550 (including shipping, handling, and sales tax) for an identical if refurbished mate to my primary 2707. I could have bought a newer 27″ monitor for about $1,000, but I decided against upping the resolution to 2560×1440, figuring that the higher resolution would cause the same squinting and muttering on the bigger screen that I was already suffering from on the smaller one I wanted to replace.
I’m very happy to report that the refurb monitor is apparently defect free, despite the black magic marker on the outside of the box that says “6 or more dead pixels.” And I’m happy to observe that I can see everything on screen number 2 as well as I can see everything on screen number 1. Having now worked with dual monitors since 1999, I’ve observed that more screen real estate translates directly into increased productivity. I can now also attest that improved visibility/legibility appears to do likewise, since the number of pixels on the smaller previous screen matches the number of pixels on its much larger replacement. Take heed, baby boomers!
As an added bonus, now that both screens use the same driver, I’m not observing the occasional and unwarranted (if only momentary) lapses that have occurred with the original 2707 as it went to sleep even though I was using the monitor and it shouldn’t have timed itself out into a lower power state. Windows 7 seems happier and less inclined to time out the driver than it was before, when I was using different drivers with each of the two monitors.
In perusing the “Born to Learn” blogs this morning, I came across an item from Julie Lary entitled “Free Microsoft Office Resource” (dated 5/30/2011). It provides a brief capsule summary of Katherine Murray’s MS Press book First Look Microsoft Office 2010, which provides an overview of the features and functions of the latest MS Office version, and includes coverage of Word 2010, Excel 2010, PowerPoint 2010, OneNote 2010, and Outlook 2010, along with a trio of chapters devoted to SharePoint WorkSpace 2010, Publisher 2010, and Access 2010. There’s even a chapter on the new security features in Office 2010 as well.
Oh yeah: you can also download this entire volume as an e-book for free! You can grab the book in XPS (27.9 MB) or PDF (10.5 MB) format, as you see fit, and read it on your PC or mobile device at your leisure. For somebody like me who’s been using Word since version 3.0 came out waaaaaaay back when (we’re up to version 14 now) it’s a perfect introduction to what’s new, what’s different, and how to find your way around changes to the UI and the various programs’ organization. Check it out!
I’m always curious when Microsoft lets another OOB update loose (OOB = out-of-band–that is, a non-Patch Tuesday update release, this time on 5/25/2011, when the company let slip KB2541014). This time, the affected software item is for the Diskdump.sys file that manages data capture whenever a kernel mode error occurs on a Windows machine. It apparently occurs on PCs that use the SCSI miniport device–a Microsoft-supplied driver that defines the interface between a SCSI miniport driver and the OS–that have trouble hibernating (their machines restart instead of going into the deepest sleep mode defined for Windows) or that fail to write a memory dump file (either to the minidump or a full-blown memory dump file) when Windows 7 experiences a kernel mode error.
Should you be concerned about this? Surprisingly the answer is “Yes,” even if your systems aren’t experiencing the problems this update is supposed to address. As it happens, many storage devices–including SSDs, USB flash drives, network storage devices, and even conventional SATA or IDE hard disks–actually include Plug and Play SCSI Miniport drivers among their Host Bus Adapter capabilities. This could be one of those surprising updates that might (or might not) cause heartburn on end-user machines. A little time with this puppy in the test lab on standard configurations is probably in order. So far, all of my test machines appear to be working OK in the wake of the update, but you can’t know about yours until you try it out in the lab.
OK, so midnight last night was the culmination of a huge project I’ve been devoting nearly every waking hour to for the past 15 days (yes, you read right: 10-plus hours a day for over two weeks). And indeed, midnight last night was also when we finally put the document that resulted from those mighty labors to bed, and called it a very late night. I hit my desk at 6 AM yesterday, so when midnight rolled around I was more than ready to crash.
And, as Murphy would have it no other way, yesterday was the day that gremlins of nearly every possible description came calling, just to make the final rough slog to completion all the more “interesting.” Here’s a list of the things that I had to deal with while already overly occupied with getting things done:
- The report that represented the fruits of my labor was in MS Word, and a draft was being passed around among a half-dozen reviewers for comments, changes, word-smithing, and so forth. It was also around 100 pages long. Man, do big Word docs with lots of revisions and “Track Changes” turned on get flaky in a hurry! Reformatting and messing with formatting weirdness consumed too much of the day yesterday.
- Members of the team were working from San Diego, Philadelphia, Pittsburgh, Houston, Salt Lake City, and Round Rock (me and Kim, my invaluable project manager and yesterday’s document coordinator). E-mail was our preferred means of communication. Wouldn’t you know it? My e-mail service provider was up and down like a yo-yo yesterday. Not only that, but I started my day with the realization that Yahoo had changed its e-mail service substantially enough that my forward from them to my spam filtering service (my primary e-mail address is at Yahoo, and I filter all of my half-dozen or so e-mail addresses through the spam filtering service for delivery to my Outlook inbox) quit working. What with all this e-mail hoopla I found myself behind the 8-ball on at least four occasions yesterday.
- Just to make things more maddening I also learned the symptoms of a loose DVI video connection on my secondary monitor yesterday. I’d been messing with my production desktop and hadn’t tightened down the screws on the DVI connector all the way into the graphics card. Sure enough, my monitor starting blinking on and off rapidly and repeatedly on several occasions. I’ve long since learned that color weirdness is the symptom of a loose VGA connector, but Murphy made sure I learned the equivalent DVI lesson yesterday — the hard way, too, of course.
Sigh. It’s enough to make you hate big hairy deadlines even more than your natural inclination might cause you to do. But now, at least, that big hairy deadline has come and gone, and things can get back to what passes for “normal” around here. Thank goodness!
On May 6 I posted a blog entitled “Windows Hardware Problem Fixed: Mystery Started” that recounts my problems with the fingerprint scanner on my HP dv6t-2300 notebook PC. In that posting, I reported that my problems were fixed by the latest round of additions to Windows Update. And indeed, that’s exactly how things looked until I took my notebook on the road for a business trip this week.
The issue with the device going off-line when the unit goes to sleep is definitely resolved. But that issue remains present when the unit hibernates. Upon its wake-up (and all subsequent wake-ups) from hibernation, the fingerprint scanner fails to be detected when Windows does device enumeration during boot-up. The only way for me to regain access to the device after that is to restart it, or to shut it down all the way, after which the device does get detected the next time I boot up the machine.
So clearly, the issue is with what happens to the driver when the device hibernates. I can live with this situation, because when I’m on wall socket power in the office using that machine, it’s set not to hibernate. Hibernation only kicks in when the unit is running off battery, as a default setting in the HP Recommended power management scheme for that machine.
It just goes to show you that not all apparent fixes are what they seem. I’d hoped all my issues with the driver for that VFS301 fingerprint sensor from Validity Sensors were over and done with, but apparently HP, Validity Sensors, or whoever’s responsible for making sure devices show up after hibernation during device enumeration, still have some work to do. But that’s life in the Windows trenches. If and when I find a fix, I’ll report back.
After the burgeoning baskets of security updates for the previous two Patch Tuesdays, May’s collection comes as something of a welcome relief. There are really only two ( or perhaps five) updates that are truly worthy of note, as this Executive Summary table from the May 2011 Microsoft Security Bulletin illustrates:
I learned about items numbered three through five from Ed Bott’s ZDNet blog for today “Patch Tuesday fixes a trio of Windows 7 SP1 glitches,” wherein he recounts that another couple of the updates in today’s collection help to address SP1 installation errors for Windows 7 and Windows Server 2008 R2 (KB2534366 and KB2533552). He also discusses KB2529072, which deals with a failure on Windows’ part to update binary files for some USB drivers after installing Windows 7 SP1 or Windows Server 2008 R2 SP1. The first two won’t have any impact except on systems where installation issues related to the specific error codes in those two KB articles come into play. The third applies when USB speeds drop down from 2.0 to 1.1 levels following an SP1 installation. And of course there were some additional customary elements, including the monthly update to the Outlook Junk Mail filter, and a May 2011 edition of the Windows Malicious Software Removal Tool.
It’s nice to have Patch Tuesday come and go without a major influx of patches and updates for a change. Enjoy the lull: it can’t last!