Category: News

This version adds support for Microsoft Office 2003, including Outlook 2003 and Windows Server 2003; Novell GroupWise 6.5; and Mac OS X 10.3 (Panther). More info: [url=http://www.pgp.com]http://www.pgp.com[/url]

The original patch (MS03-045), included in the company’s first monthly advisory, plugged a buffer overrun vulnerability in the ListBox and ComboBox controls that could lead to harmful code execution. However, after the patch was released, Microsoft learned of compatibility issues with third-party products and released a new advisory with updated patches (New patch available here). The company did not say which third-party software had compatibility issues.
“The compatibility problems only affect (certain) language versions of the patch and only those versions of the patch are being re-released,” Microsoft said, noting that the new security patches support both the Setup switches originally documented as well as a set of new Setup switches.

The first Springboard work is going into the security hardening of Windows XP in Service Pack 2, due out next year, and Windows Server 2003 in Service Pack 1, due out sometime later.

Stan Sorensen, director of product marketing for SQL Server, confirms that SQL Server 2000 will go through the process.

The date for a Springboard-related deliverable for SQL hasn’t yet been determined.

US District Judge Marilyn Hall Patel in San Francisco threw out the case after the Bush administration said it would no longer try to enforce portions of the regulations, according to parties involved in the proceedings.

More info: [url=http://news.zdnet.co.uk/business/0,39020645,39117187,00.htm]http://news.zdnet.co.uk/business/0,39020645,39117187,00.htm[/url]

Steve Ballmer briefed attendees on approximately what the update was supposed to do, but not how, in his security manifesto last week, but Paul Thurrott has some specifics, the most important being that the update to the built-in firewall will include features from Microsoft Internet Security & Acceleration Server, including outbound scanning capabilities.

Note that the two are described as complementing one another, but that’s more a case of Microsoft product positioning for the business market, and clearly doesn’t apply elsewhere.

Note also that Microsoft categorises ICF as “limited baseline protection for a home or small business network,” i.e. as it shipped in XP it was never seriously intended to do front line firewalling on its own.

If you ship a mini firewallette that by default is off and that is categorised as “baseline”, then clearly it’s not your fault if people are too dumb to get themselves proper firewalls.

But if you ship something you call a proper firewall and then it turns out not to protect users as they thought they’d be protected, it is your fault.

More info: [url=http://www.theregister.co.uk/content/55/33435.html]http://www.theregister.co.uk/content/55/33435.html[/url]

Oracle Identity Management enables system administrators to establish single sign-on for employees, partners or customers who need access to multiple business applications.

The software includes LDAP directory services to store and manage user identities and access control privileges, and integration services for connecting to an existing security and directory infrastructure, officials with the Redwood City, Calif., company said.

The software also has user provisioning services for Oracle and non-Oracle applications, and public key infrastructure services, including a certificate authority to issue digital certificates for users.

More info: [url=http://www.techweb.com/wire/story/TWB20031016S0011]http://www.techweb.com/wire/story/TWB20031016S0011[/url]