Windows IT Pro UPDATE--Windows NT 4.0 Support Changes—December7, 2004

1. Commentary
- Microsoft Ships IE IFRAME Fix, Announces Windows NT 4.0 Support Changes

2. Hot Off the Press
- Microsoft Ships IE IFRAME Fix, Announces Windows NT 4.0 Support Changes
- And the IT Prolympics Winners Are ...

3. Resources
- Featured Thread: Six Honeypots Reveal Intrusion Patterns
- Tip: How can I install Windows System Resource Manager (WSRM)?

4. New and Improved
- Manage Security, Administration, and Configuration

==== Sponsor: Raxco's PerfectDisk– The World's #1 Defragmenter ====

New - the best defragger just got better! PerfectDisk(r) V7.0, the worldwide leader in enterprise disk defragmentation, is the only defragmenter certified by Microsoft(r) for Windows Server(r) 2003 and Windows 2000. PerfectDisk provides full integration with Active Directory(r) Group Policy Administrative Templates for easy enterprise management, a patented optimization strategy, single-pass defragging, single-pass free space consolidation for reduced rates of refragmentation, and much more. Nine out of ten enterprises choose PerfectDisk over 1990s multi-pass defragging technology. Join EDS, IBM, and thousands of others. Trust PerfectDisk. Proven. Tested. Microsoft Certified.
Free evaluation and more at http://www.raxco.com/itpro

==== 1. Commentary: Microsoft Ships IE IFRAME Fix, Announces Windows NT 4.0 Support Changes ====
by Paul Thurrott, News Editor, thurrott@windowsitpro.com

Like last week, I have several high-profile enterprise-related stories to cover this week. This includes news about Microsoft's ever-evolving support story for Windows NT 4.0, which is edging ever closer to the sunset of its life cycle, and a fix (finally) for the infamous Microsoft Internet Explorer (IE) vulnerability that spawned the Bofra attack. Also, Microsoft just today released a release candidate (RC) for Windows Server 2003 Service Pack 1 (SP1).

Microsoft Extends NT 4.0 Custom Support

This week, Microsoft announced a revised support policy for Windows NT 4.0, which will reach the end of its Extended Support phase on December 31, 2004, less than a month from now. I wrote a general news article about this event for WinInfo Daily UPDATE (see the URL below), but I want to present some information here that is more relevant to Windows IT Pro UPDATE readers.
If you're not aware of Microsoft's recent support policy changes, you need to be. The company now uses what it calls a "5+5" support lifecycle for its corporate-oriented products. This means that these products receive 5 years of Mainstream Support, in which Microsoft releases security and nonsecurity hotfixes for free, plus 5 years of Extended Support, in which only security updates are provided for free and customers can purchase an Extended Hotfix Support contract to receive nonsecurity fixes. After 10 years, products enter what Microsoft calls the Self-Help Online Support phase, which is exactly what it sounds like. I call that phase the "Migration phase," but whatever.
NT 4.0 is the first Microsoft enterprise product to reach the end of its Extended Support phase, and because it's still widely used, some people have expressed concern that existing users will be left in the lurch. Microsoft has been fairly receptive to these concerns, and although the company is adamant that NT 4.0 users should migrate to a newer Windows Server version as soon as possible, it has also extended certain deadlines over the years to give NT 4.0 users more time to do so. This week, Microsoft came through again, but I suspect this will be the last extension.
For NT 4.0 users attempting to migrate to Windows 2003 after December 31, Microsoft is offering a unique Custom Support Agreement--a fee-based service that will help NT 4.0 users remain protected while they figure out what to do. Originally scheduled to last for 1 year, Custom Support has been extended to 2 years and will now end on December 31, 2006, or roughly 10 years after Microsoft first released NT 4.0. Furthermore, customers that want to purchase the Custom Support service--which is a flat fee, regardless of the size of your NT 4.0 deployment--can now do so in 3-month chunks. Previously, you could buy only 6 months of service at a time.
The Custom Support service offers access to new critical and important security fixes for NT 4.0 during the lifetime of your contract. (Until now, Microsoft promised to provide only critical fixes.) To find out more information, the software giant recommends that you contact your Microsoft account manager or technical account manager. A similar Custom Support Agreement is being made available to Microsoft Exchange Server 5.5 customers as well.
Although I'm generally bewildered about Microsoft's lack of support for anything other than the latest version of a product, in this case, the company has a point. As Peter Houston, senior director of Windows Serviceability said, "Windows NT Server 4.0 was developed before the era of sophisticated Internet-based attacks. It has reached the point of architectural obsolescence. It would be irresponsible to convey a false sense of security by extending public support for this server product." It's time to move on, people.

IE IFRAME Vulnerability Fixed

In early November, Computer Emergency Response Team (CERT) security researchers reported a new vulnerability that affects Microsoft Internet Explorer (IE) 6.0, but not earlier versions (IE 5.0x and 5.5) or the version that Microsoft ships with Windows XP Service Pack 2 (SP2). Dubbed the IFRAME or HTML Elements vulnerability, the newly discovered security hole could let hackers construct a malicious Web page that could attack IE users who simply browsed to the page. Like many vulnerabilities these days, the IFRAME vulnerability takes advantage of a buffer overflow error to allow remote code execution.
Soon after the vulnerability was revealed, an exploit variously named MyDoom.AG, MyDoom.AH, or Bofra began making the rounds. Bofra is a worm that spreads via email attachment or Web download, and it leverages the capabilities exposed by the IFRAME vulnerability to let hackers remotely control PCs and send more copies of the worm to other uses via an embedded email engine.
By the end of November, Bofra had emerged as, perhaps, the most high profile electronic attack since the summer of 2003, when Blaster and Slammer were so damaging that Microsoft executives recast XP SP2 as a comprehensive security update. But Bofra quickly became infamous for two reasons: First, Microsoft didn't have a fix available for it for a month, but pledged that the problem was important enough that it would release one as soon as it was ready. Second, CERT, which had first published information about the vulnerability, ominously advised people to use a browser other than IE 6.0, noting, "there is no complete solution to this problem."
Yikes. Fortunately, late last week, Microsoft issued a fix. As described in Microsoft Security Bulletin MS04-040 (Cumulative Security Update for Internet Explorer), which you can find at the second URL below, finally addresses the IFRAME vulnerability and patches previously susceptible machines. You can find out more information about the Microsoft Security Web site (URL below), but this patch has also been made available via Windows Update and Automatic Updates.

Windows Server 2003 SP1 RC1

Just as this issue of Windows IT Pro UPDATE was being prepared for publication, we received word that Microsoft had released the first RC for Windows 2003 SP1. I'll have more information about this important update next week, but if you're interested in evaluating Windows 2003 SP1 RC1, you can download the public beta from the Microsoft Web site today (See the URLs below).

Microsoft Extends Olive Branch to Corporate NT 4 Users
http://www.windowsitpro.com/windowspaulthurrott/article/articleid/44677/windowspaulthurrott_44677.html

Microsoft Security Bulletin MS04-040: Cumulative Security Update for Internet Explorer
http://www.microsoft.com/technet/security/bulletin/ms04-040.mspx

Windows Server 2003 SP1 RC1 (32-bit version)
http://www.microsoft.com/downloads/details.aspx?FamilyId=AE20C29D-5C71-49CE-9091-3AEDC9E5979F

Windows Server 2003 SP1 RC1 (Itanium version)
http://www.microsoft.com/downloads/details.aspx?FamilyId=E1EC4C32-3123-4DAF-BE8F-500D0DD9699F

==== Sponsor: Free White Paper: High Availability for Windows Services ====
It is no stretch to say that Windows high availability must be a fundamental element in your short- and long-term strategic IT planning. This free white paper discusses the core issues surrounding Windows high availability, with a focus on business drivers and benefits. You'll learn about the current market solutions, technologies and real-world challenges including cost-benefit analyses. Plus, find out how to assess technical elements required in choosing a high availability solution, including the robustness of the technology, time-to-failover, and implementation difficulties. Download this white paper now!
http://www.windowsitpro.com/whitepapers/neverfail/highavailability/index.cfm?code=1207WIN_S

==== 2. Hot Off the Press ====
by Paul Thurrott, thurrott@windowsitpro.com

Intel Preps Processor Extensions to Coincide with Longhorn Release
Microprocessor giant Intel briefed reporters last week about plans to evolve its x86 products in a direction that more closely matches that of the software industry. In addition to a suite of chips designed for the enterprise market, Intel will also ship so-called designer processors that will feature new technology extensions that take advantage of the unique features in Longhorn, the next major version of Windows. To read the complete story, visit the following URL:
http://www.windowsitpro.com/article/articleid/44676/44676.html

And the IT Prolympics Winners Are ...
Congratulations to the winners of the Windows IT Prolympics. Contestants tested and showed off their Active Directory (AD) prowess by taking a written exam and participating in a virtual-lab skills test.
The gold medal went to Steven Schullo, Hixson, Tennessee. He won a trip to TechEd, a subscription to Windows IT Pro, and an AD t-shirt. Michael Royer, West Hollywood, California, took home the silver medal. He won an iPod, a subscription to Windows IT Pro, and an AD t-shirt. And Nathan Casey, Santa Rosa, California, won the bronze medal and received an xBox, a subscription to Windows IT Pro, and an AD t-shirt. You'll be able to read more about these IT Prolympians in the January issue of Windows IT Pro.
Even though the contest is over, you can still test your AD knowledge and see how you stack up against your peers. Simply go to http://www.windowsitpro.com/itprolympics, download the study guide, then take the written and virtual-lab exams. Challenge yourself and learn at the same time.

==== Announcements ====
(from Windows IT Pro and its partners)

Try a Sample Issue of Windows Scripting Solutions
Windows Scripting Solutions is the monthly newsletter that shows you how to automate time-consuming, administrative tasks by using our simple downloadable code and scripting techniques. Sign up for a sample issue right now, and find out how you can save both time and money. Plus, get online access to our popular "Shell Scripting 101" series--click here!
http://www.winscriptingsolutions.com/rd.cfm?code=fsep264cup

Windows Connections Conference Spring 2005
Mark your calendar for the Windows Connections spring 2005 conference, April 17-20, 2005, at the Hyatt Regency in San Francisco, California. Attend sessions jam-packed with tips and techniques you need to know to ensure success in today's enterprise deployments. Call 203-268-3204 or 800-505-1201 for more info and check our Web sites for updates.
http://www.devconnections.com

Get the Cliffs Notes to Migrating from Novell NDS to Windows Server 2003
Migrating from Novell NDS to Windows Server 2003 means moving from an established directory service to the latest version of Active Directory. Missing a step in the migrating process could mean real problems. Use our quick reference guide as a cheat-sheet to help you manage each step of the migration process. Download the guide now.
http://www.windowsitpro.com/essential/index.cfm?code=1206emailannc

Are You a Hacker Target?
You are if you have an Internet connection faster than 384Kbps. In this free, live Web seminar on December 14, Alan Sugano will examine two attacks (an SMTP Auth Attack and a SQL Attack) that let spammers get into the network and relay spam. Find out how to keep the hackers out of your network, and what to do if your mail server is blacklisted as an open relay. Attend and you could win an Xbox. Register now!
http://www.windowsitpro.com/seminars/antispam/index.cfm?code=1206emailannc

~~~~ Hot Release: (Advertisement) Dantz ~~~~

Free White Paper: Protecting Microsoft Exchange Server at SMBs
In the event of an emergency, a small or midsize business (SMB) must be able to quickly restore a Microsoft Exchange Server database, an individual mailbox, or a single e-mail. The most effective solution is backup software with automated technology that performs fast backups and flexible restores without requiring extensive manual intervention. To learn more, read the free Dantz white paper "Protecting Microsoft Exchange Server at SMBs".
http://www.windowsitpro.com/whitepapers/dantz/exchangeserver/index.cfm?code=1207WIN_HR

==== Instant Poll ====

Results of Previous Poll:
The voting has closed in Windows IT Pro's nonscientific Instant Poll for the question, "Have you ever participated in a Web-based seminar or Webcast?" Here are the results from the 168 votes:
- 10% No, but I plan to
- 14% No, and I have no plans to
- 71% Yes, and I plan to again
- 4%Yes, but I'll never do it again

(Deviations from 100 percent are due to rounding error.)

New Instant Poll:
The next Instant Poll question is, "Do you think the IT job market will improve in 2005?" Go to the Windows IT Pro home page and submit your vote for a) Yes, b) Probably, c) Probably not, or d) Definitely not.
http://www.windowsitpro.com/magazine

==== 4. Resources ====

Featured Thread: Six Honeypots Reveal Intrusion Patterns
Visit the Security Matters blog to join a discussion about honeypots. You'll find the blog at the following URL:
http://www.windowsitpro.com/Article/ArticleID/44640/44640.html

Tip: How can I install Windows System Resource Manager (WSRM)?
by John Savill, http://www.windows2000faq.com

Find the answer at the following URL:
http://www.windowsitpro.com/article/articleid/44629/44629.html

==== Events Central ====
(A complete Web and live events directory brought to you by Windows IT Pro: http://www.windowsitpro.com/events )

Get a Free Windows IT Pro Subscription at the Server Consolidation Roadshow
Come and join us for this free event and find out how a more strategic and holistic approach to IT planning helps organizations increase operational efficiency and facilitate the implementation of new technology. Attend and get a free 6-month digital Windows IT Pro subscription. Plus, you could win an iPod! Sign up today.
http://www.windowsitpro.com/roadshows/serverconsolidation/index.cfm?code=1206emailannc

==== 4. New and Improved ====
by Angie Brew, products@windowsitpro.com

Manage Security, Administration, and Configuration
FullArmor released IntelliPolicy for Clients, software that lets enterprises centrally manage security, administration, and configuration by extending the capability of Active Directory (AD) and Group Policy. The product lets you enhance internal security controls; simplify desktop configuration; centralize application configuration; and provision new desktops and laptops. IntelliPolicy for Clients provides Group Policy settings that create and update registry keys and values; map network drives; map printers; schedule tasks; and deploy files, folders, and shortcuts. To increase security, the product provides new settings that can lock down devices, including USB storage devices; control Local Administrator group membership; control Local Admin passwords; and manage services. For pricing, contact FullArmor at 617-457-8100.
http://www.fullarmor.com

Tell Us About a Hot Product and Get a T-Shirt!
Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a T-shirt if we write about the product in a future Windows IT Pro What's Hot column. Send your product suggestions with information about how the product has helped you to mailto:whatshot@windowsitpro.com.

==== Contact Us ====

About the newsletter -- letters@windowsitpro.com About technical questions -- http://www.windowsitpro.com/forums About product news -- products@windowsitpro.com About your subscription -- windowsitproupdate@windowsitpro.com About sponsoring UPDATE -- emedia_opps@windowsitpro.com