February 2007

Have you ever been in a situation so dire, so serious, so—I’m not sure which word to use here—that you couldn’t see your way out of it?  Ever been in darkness so deep that you couldn’t even see your hands in front of your face?  (Side note here:  if you’ve ever been on a tour of an underground cavern, you’ll know what I’m talking about.)  We’ve probably all been there, and according to the Bible this is only a temporary thing:

For his anger endureth but a moment; in his favour is life: weeping may endure for a night, but joy cometh in the morning. (Psalms 30:5, KJV)

Right now in my life, it is the middle of the night.  Weeping abounds.  I have lost someone near and dear to my heart, and I don’t know what comes next.  When will the morning come?  When will the night end?  How long will this last?

In my head, I can hear the Scriptures that talk about trial and tribulation.

My brethren, count it all joy when ye fall into divers temptations; knowing this, that the trying of your faith worketh patience. (James 1:2-3, KJV)

Patience?  I didn’t ask for patience.  I don’t want patience.  I just want this to end.

And we know that all things work together for good to them that love God, to them who are the called according to his purpose. (Romans 8:28, KJV)

Work together for good?  I don’t think so.  How can this be good?  How can this be part of God’s plan?  I’d like to know that.

I know that no operating system is perfect, that every operating system and application has its security flaws, and that no vendor should be casting stones at another—you know, that whole “people who live in glass houses shouldn’t throw rocks” thing.

Now, having said all that…this is just plain funny.

This past Friday, the Microsoft Security Response Center blog posted a notification about Microsoft Security Advisory 932553, which describes the specific issue and the attacks around that issue.

More information on the issue is also available from this Secunia advisory and from US-CERT.

There are two interesting things to note (interesting to me, at least):

• First, this is an Office vulnerability, not a Windows vulnerability.  Therefore, as correctly pointed out in the security advisories, Office 2004 for the Mac is also affected.
• Second, although the current attacks are targeted against Excel, this vulnerability extends to all Office documents.  This means that other forms of attack could be forthcoming in the near future until the underlying flaw is addressed.

As with some of the other zero-day attacks I’ve discussed here, it looks like the only workaround available at this time is to not open Office documents from untrusted sources.  In fact, it would probably be best not to open any unexpected and/or unsolicited Office document from any source, trusted or otherwise.

Other related links:
MS warns of Excel ‘zero-day’ attack - MacNN
New Zero-Day Threat Excels - eWeek

Based on a law signed in 2005 that is scheduled to take effect this year, DST will now start on the second Sunday in March.  This has caused some consternation in the IT community as vendors and IT professionals prepare to update servers and network equipment to properly understand the time change.

Fortunately, it appears that VMware has been pretty proactive in this regard.  Based on this KB article, it looks as if VMware ESX Server 2.5.4 and later (build 32233 or later), 3.0.0 and later (build 27701 or later), and 3.0.1 and later (build 32039 or later) are all already patched for the DST change.  This means that as long as you are running a fairly recent version of ESX Server, you’re already prepared for the upcoming change.

If you aren’t running one of those versions, patches are available to correct the DST change.  If you have multiple ESX Servers and VMotion working properly, remember that you can simply migrate guests over to a different ESX host in your farm, patch it, and then migrate the guests back—all with little or no impact to your customers.  Isn’t VMotion handy?