Earlier this week I published a post regarding a vulnerability in several versions of Microsoft Windows…
…Well the vulnerability is now being executed-there is another round of Mass SQL injections going on which has infected hundreds of thousands of websites running on the IIS platform.

Preforming a simple Google search for traces of the malicious script results in over 510,000 modified pages.

With more and more websites using a SQL back-end to make them faster and more dynamic, it also means that it’s crucial to verify what information get stored in or requested from those databases - especially if you allow users to upload content themselves which happens all the time in discussion forums, blogs, feedback forms etc. Unless that data is sanitized before it gets saved you can’t control what the website will show to the users. This is what SQL injection is all about, exploiting weaknesses in these controls.

Currently the malicious file that is being injected is 1.js however it must be noted that this could change at any stage. Visitors to this website are “treated” to 8 different exploits for many windows based applications including AIM, RealPlayer, and iTunes. DO NOTvisit sites that link to this

After months of being left in the dark after the first release of Microsoft Ultimate Extra’s for Windows Vista’s Ultimate edition Microsoft surprised us yesterday with some new content.

I admit – surprised is sort of the wrong word used to describe my feelings for the latest batch of Ultimate Extra’s…
But nonethe less - Get ready to justify Ultimate’s large price tag because today we were gifted a few cheesy Windows sound effects, some language packs and a couple more mediocre Windows Dream-scene wallpapers.

…Sure in the past we were rewarded with Texas Hold’em Poker as well as Windows Dream scene, with promises of more to come but the latest instalment has left me with a bitter taste in my mouth-I think it’s time Microsoft woke up and actually fulfilled their promise and take care of the little guy!

…But who knows, perhaps its just a Taste of whats to come?

The WoW Starts now?

Added Feature?: Windows Live Photo Show NOW appears in the list of apps to which sound events may be added. New sound effects to come?

After investigating public reports, Microsoft has published Microsoft Security Advisory 951306, which describes a vulnerability that affects multiple versions of Windows (including Windows XP Professional Service Pack 2, all supported versions and editions of Windows Server 2003, Windows Vista, Windows Vista Service Pack 1, and Windows Server 2008.)

The newly found security flaw could potentially allow a malicious local user (who has authentication) to execute specially crafted code to raise his privilege level to LocalSystem. IIS and SQL Server are the main attack vectors. But other vectors are possible, such as Microsoft Distributed Transaction Coordinator (MSDTC) on Windows Server 2003.

The vulnerability looks like it basically allows for any process that has the SeImpersonatePrivilege to execute some code and be able to impersonate LocalSystem (which has the NT AUTHORITY\SYSTEM SID and a wealth of privileges in its token). For Windows 2003 and beyond the users awarded that privilege are in the Network Services, Local Services, Local System, and Administrators groups. On Vista/Server 2008 you additionally won’t have the privilege unless you’ve elevated. That fortunately reduces the scope of this otherwise highly serious vulnerability, though it still isn’t pretty.

It must be noted however  Microsoft stated in its advisory that- “Hosting providers may be at increased

Ever since i made the change to Vista I have noticed that the browsing of network folders  on my network was slow-with OR without connecting through a domain (esp When browsing Windows Server 2003 shared folders).

When opening the network folder your computer displays straight away but there is  5-6+ second wait before other network computers & shares are displayed…

So what to do? The fix involves changing two settings from the command prompt. You need to run the command prompt as an administrator. You can do this by right-clicking and selecting run as administrator. Type in the following commands:

netsh int tcp set global autotuninglevel=disabled
netsh int tcp set global rss=disabled

You will need to restart your machine afterwards. The difference is night and day. I wonder what the reasoning was for not having Vista set like this out of the box?If you are unhappy with the changes you can restore the default settings with

netsh int tcp set global autotuninglevel=normal
netsh int tcp set global rss=enabled

 I saw this fix over at Excalibur Partners

Well it seems as though its finally happened-Service Pack 3 for every-ones favourite OS, Windows XP has been released to manufacturing (however not available to the public just yet-expect to see it on April 29th).

Service Pack 3 updates all 32-bit versions of Windows XP from Starter to XP Professional (the x64 edition of XP is based on Server 2003 and requires the Service Packs for that product). The complete package from the Download Center will reportedly be some 320 MB. Downloads via the Update function will be around 70 MB according to Microsoft’s current plans; this update can be so much smaller because only the data required for a specific XP version are downloaded, not the entire package.

Support for Windows XP without any service packs expired long ago and officially SP2 has to already be installed before SP3 can be installed, despite the fact there is no technical reason for this requirement. However Microsoft is inconsistent and SP3 can in practice be installed on XP with only SP1. Strangely, the complete SP3 contains all of the patches you need to update even a fresh base version of XP. Microsoft says that a slipstream

The following is targetting towards Malaysia residents:

So you’ve been talking and hearing about the super duper cool Start.NET program that Microsoft Malaysia is currently running….  but have you been getting the anticipated attention from your friends and colleagues? 

How? 

Read on for more details. 

 Who are we looking for? Anyone who share the passion and excitement on .NET, and do it in the most creative and interesting ways.  Someone who can create a sparkle of getting to know more about .NET!  What do you need to do? 

·         Create a VideoBlog about .NET (between 30 – 60 seconds). You may obtain the facts and information from: http://www.microsoft.com/malaysia/press/archive2007/linkpage4361.mspx·         The ending frame of your VideoBlog must include the URL: www.startdotnet.info

·         Upload the video on your blog or online

·         Email your Name, Company, Telephone number and Email Address, together with your VideoBlog URL to blogdotnet@crystaledge.net  

But… what do I VideoBlog about?

VideoBlog the coolest, slickest, cutest, or most elegant styles you have to drive the excitement of getting to know .NET.  VideoBlog about what you LIKE, who