AltiGen Communications and Multi-Tech Systems Team Up to Deliver a Powerful Mobility Solution for the SMB Market

AltiGen’s ExtensionAnywhere mobile technology coupled with Multi-Tech Systems’ portfolio of CallFinder cellular gateways offer increased cost savings for companies with remote and mobile workers

---

 

Fremont, California, September 28, 2007 — AltiGen® Communications, Inc. (NASDAQ: ATGN), a pioneering manufacturer of VoIP business phone systems and call center solutions, and Multi-Tech Systems, Inc., a leading manufacturer of products that connect voice and data over IP networks, are teaming up to deliver a complete mobile communications solution.By bundling the Multi-Tech CallFinder® GSM and CDMA cellular gateways with the AltiGen Office and MAX1000 series of VoIP Business Phone Systems, the companies seamlessly bridge an AltiGen phone system to a cellular network. The AltiGen – Multi-Tech Systems product combination enables businesses to save telecommunications costs by taking advantage of lower cost cellular networks for routing calls rather than traditional landlines. By utilizing the AltiGen ExtensionAnywhere™ feature to route calls through a cellular network, the CallFinders will provide toll-free calling between headquarters and cell phones in the field. The CallFinder gateways can also provide back-up communications, including emergency 911 services, in the event of central office public switched telephone network (PSTN) failure.

According to Dan Nelson, Vice President of Sales, North America for Multi-Tech Systems, “The ExtensionAnywhere feature of AltiGen makes it possible for users to receive extension calls on their cellular phones and provides an excellent complement to the Multi-Tech CallFinder. Routing ExtensionAnywhere calls through the cellular gateway to the remote user’s cell phone results in a free in-network cellular-to-cellular call. Our product combination will bring better performing telephony at a lower cost to a wide variety of applications and vertical markets.”

“The trend toward mobile, remote and distributed workers continues to grow and our collaboration provides an exciting opportunity for AltiGen and Multi-Tech Systems,” said Jeremiah Fleming, President and COO of AltiGen. “This new bundled solution will enable companies to improve their business communications capabilities in a more efficient, cost effective way than previously possible. This further demonstrates AltiGen’s commitment to deliver the most complete Unified Communications solution.”

About Multi-Tech
Multi-Tech Systems is an ISO 9001:2000 certified global manufacturer of telephony, Internet and device networking products connecting voice and data over IP networks. Multi-Tech Systems has 75 U.S. patents and numerous international patents. Contact Multi-Tech in the U.S. at 800/328-9717 or +763/785-3500, via fax at +763/785-9874, EMEA at +(44) 118 959 7774 (UK) or +(33) 1 49 19 22 06 (France), or via fax at +(44) 118 959 7775 (UK) or +(33) 1 49 19 21 00 (France) or at http://www.multitech.com.

About AltiGen Communications
AltiGen Communications, Inc. (NASDAQ: ATGN) is a leading provider of Microsoft-based Unified Communications for Small-to-Medium Businesses (SMBs), including companies with multiple locations, corporate branch offices, and call centers. AltiGen began deploying systems in 1996 and was one of the first companies to offer VoIP solutions. AltiGen’s scalable, integrated, and easy to manage all-in-one unified communications solutions enable an array of applications like standards based SIP VoIP phones and servers, unified messaging, voicemail, call recording, conferencing, call activity reporting, and mobility solutions that leverage both the Internet and the public telephone network to take advantage of the convergence of voice and data communications. AltiGen’s systems are designed with an open architecture and are built on an industry standard platform. This adherence to widely-used standards allows our products to integrate with and leverage our partner’s and customer’s existing technology investment. For more information, call 1-888-ALTIGEN or visit the Web site at www.altigen.com.

TechSoup Stock New Product Alert – September 2007

This month, I would like to highlight the newest product from the Cisco donation program, the Cisco 24-Port Ethernet Switch.

Please read on to learn more about popular Cisco donations and eligibility requirements. In addition, two new server products from Microsoft are now available through TechSoup Stock: System Center Operations Manager Server 2007 and Office Communications Server 2007.

 

Go back to school with TechSoup Stock! We’ve created a list

(below) of some of our top donated products to help students be more successful – and have more fun – with their studies.

 

============================================

FEATURED CISCO PRODUCTS

============================================

New at TechSoup Stock this month, the Cisco 24-Port Ethernet Switch joins multiple computers or network segments together in a high-speed data network. Built-in advanced security features help protect individual devices as well as the entire network.

 

* Cisco CE500 24-Port Ethernet Switch

Admin Fee: $70 (compares to a retail value of $870) http://ga0.org/ct/C7LRaAn1QERQ/

 

The Cisco Donation Program at TechSoup Stock allows eligible organizations to select from a variety of firewalls, routers, switches, and wireless products. Four popular Cisco products

include:

 

* Cisco ASA 5505 Security Appliance – Firewall Edition Admin Fee: $136 (compares to a retail value of $1695) http://ga0.org/ct/CdLRaAn1QERP/

 

* Cisco 24-Port Gigabit Ethernet Switch Admin Fee: $264 (compares to a retail value of $3295) http://ga0.org/ct/C1LRaAn1QERp/

 

* Cisco 802.11a/b/g Access Point

Admin Fee: $56 (compares to a retail value of $699) http://ga0.org/ct/ZdLRaAn1QER8/

 

View all Cisco product donations:

http://ga0.org/ct/KdLRaAn1QERU/

 

ELIGIBILITY: U.S. 501(c)(3) nonprofits with additional restrictions. Eligible nonprofit organizations may request donated products with admin fees totaling up to $1,200 per fiscal year.

 

Please note that some of the program rules have recently

changed:

* As of March 16, 2007, certain direct-service nonprofits with budgets of up to $10 million are now eligible.

* On December 15, 2006, additional nonprofits focused on basic human needs services, including affordable housing, became eligible. These nonprofits must satisfy all other participation guidelines as outlined in the Cisco eligibility requirements.

 

View complete eligibility restrictions:

http://ga0.org/ct/1dLRaAn1QERT/

 

Learn more at TechSoup: “Networks 101: What is a Network?”

http://ga0.org/ct/K1LRaAn1QERE/

 

============================================

TWO NEW MICROSOFT SERVER PRODUCTS

============================================

TechSoup Stock recently added two Microsoft products to help your organization monitor its IT services and communicate more

effectively:

 

* System Center Operations Manager Server 2007 See a comprehensive view of the health of your organization’s IT environment with Microsoft System Center Operations Manager Server 2007, a powerful server application for monitoring IT services across an organization. The successor to Operations Management Server 2005, Operations Manager 2007 offers many new features and rebuilt components, designed for greater scalability and customizability.

 

Learn more and place your product request:

http://ga0.org/ct/VpLRaAn1QER0/

 

* Office Communications Server 2007 Standard Edition This new product provides instant messaging, conferencing, presence (status information such as online, busy, away, on the phone, or out to lunch), and VoIP (voice over IP) telephony in a fully integrated, unified communications solution. This offering is the standard edition, which can support up to 5,000 users.

 

Learn more and place your product request:

http://ga0.org/ct/CpLRaAn1QERR/

 

ELIGIBILITY: U.S. 501(c)(3) nonprofits and Canadian charitable and nonprofit organizations. For details on eligibility requirements, visit http://ga0.org/ct/11LRaAn1QERY/

 

============================================

BACK TO SCHOOL WITH TECHSOUP STOCK

============================================

Does your nonprofit organization or public library work with youth?

 

We’ve selected some of our top donated products to help students be more successful in school, now available through TechSoup

Stock:

 

* Microsoft Student with Encarta 2008 (admin fee $2 vs. retail value $50)

- Nonprofits:

http://ga0.org/ct/ZpLRaAn1QERk/

- Public libraries:

http://ga0.org/ct/V7LRaAn1QERl/

 

* Microsoft Encarta 2008 (admin fee $3 vs. retail value $50)

- Nonprofits:

http://ga0.org/ct/Z7LRaAn1QERi/

- Public libraries:

http://ga0.org/ct/VdLRaAn1QERo/

 

* Microsoft Math (admin fee $2 vs. retail value $20) http://ga0.org/ct/V1LRaAn1QER9/

 

* UltraKey 5.0 typing instruction software (admin fee $15 vs.

retail value $150)

http://ga0.org/ct/Z1LRaAn1QERn/

(available for both nonprofits and public libraries)

 

* Norton 360 (admin fees of $15 to $24 vs. retail values from $70 to $240) http://ga0.org/ct/K7LRaAn1QERy/

 

============================================

TELL A FRIEND

============================================

As a nonprofit helping other nonprofits get the technology they need, TechSoup Stock depends on your referrals to reach organizations that might not know about our service. I encourage you to take a moment and forward this email to nonprofits and libraries you know that could benefit from access to these products and savings. Since 2002, TechSoup Stock has helped over 50,000 nonprofits and public libraries take advantage of product donations.

 

============================================

QUESTIONS?

============================================

If you have questions about our donation programs that were not addressed by this email or the program pages on our Web site, please feel free to contact our Customer Service Department via email at newproducts@techsoup.org or call us at 1-800-659-3579, extension 700. TechSoup Stock Customer Service is available Monday-Friday, from 8 a.m. to 5 p.m. Pacific time. In addition, you can get answers to your questions at our online Email and Answer Center at http://ga0.org/ct/KpLRaAn1QERh/.

 

Sincerely,

 

Rebecca Masisak

Co-CEO, CompuMentor/TechSoup

http://www.techsoup.org/stock

http://www.techsoup.org/stock/libraries (libraries start here)

Partner News: The Six Most Important Changes in Fireware 9.1

What’s New in Fireware 9.1: Spam Quarantine – spamBlocker customers can create a safe, full-featured quarantine for spam, bulk mail, and suspect email messages. Granular control allows the system administrator to configure preferences for mail disposition, storage allocations, and other parameters. POP3 Proxy – This new proxy protects POP3 users against multitudes of email-borne threats for even greater zero day protection. Unlimited File Size Scanning for AntiVirus – A new anti-virus scanning engine eliminates limits on the size of attachments and downloads scanned for viruses by customers using Gateway AV/IPS. AV Scanning for FTP – Gateway AV/IPS customers can also apply AV scanning to all inbound and outbound files transferred via FTP, adding granular defense against many different types of malware. This works in tandem with the existing FTP proxy to boost protection in this critical attack area.   Server Load Balancing (Fireware Pro users only) – Server load balancing allows the Firebox to distribute requests for a company’s URL or other public-facing content to a “server farm” or group of servers. Multiple algorithms offer tailored traffic distribution to the specific server environment. Fireware 9.1 also detects server outages and automatically routes requests to the remaining servers until the offline server is back online. Beginning today, new Firebox X Core appliances will ship with Fireware 9.1, while new Peak appliances come with Fireware Pro 9.1. Existing customers who have current LiveSecurity Service subscriptions can download 9.1 for free.

Help Core and Peak Customers Get the Upgrade  To make it easy for your current customers to get the benefits of the Fireware/Fireware Pro upgrade – as well as the Firebox X Edge 8.6 upgrade released last month – visit the Partners site and follow the links to 8.6 and 9.1 Launch Central.

REMINDER: Special GrantStation Offer at TechSoup Stock — This Wednesday, September 19

Here’s a friendly reminder about our special GrantStation offer this Wednesday, September 19. Learn more about this promotion and GrantStation’s powerful online fundraising tools at:

http://www.techsoup.org/stock/promo

 

Eligible nonprofits and public libraries will be able to place orders for specially discounted one-year GrantStation memberships for only $99 (a savings of $300). After the special offer ends, our usual discounted administrative fee of

$399 will apply. This limited-time offer is available thanks to the extra-generous discount offered by GrantStation.

Organizations may renew their existing memberships with this special offer.

 

This offer will be open on September 19 for 10 hours only, from

7 am to 5 pm Pacific time (10 am to 8 pm Eastern time).

 

ELIGIBILITY: U.S. 501(c)(3) nonprofits and Canadian Registered Charities; U.S. and Canadian public libraries. View eligibility

restrictions:

http://www.techsoup.org/stock/restrictions.asp#grantstation

 

ABOUT GRANTSTATION MEMBERSHIP

* Access to online resources that will help you identify potential grantmakers for any given program or project at your nonprofit or public library.

* Easy online access: you do not need to download or install any software to use GrantStation.

* Online tutorials on how to write compelling letters of inquiry and grant requests.

* An informative weekly bulletin, The GrantStation Insider.

 

HOW TO PLACE YOUR PRODUCT REQUEST

Visit http://www.techsoup.org/stock/promo and place your product request at TechSoup Stock on September 19 for 10 hours only, from 7 am to 5 pm Pacific time (10 am to 8 pm Eastern time).

 

IMPORTANT: Make sure your organization’s email address is up-to-date in our records — you will receive your product access information via email. Follow the instructions on this Web page to view or update your organization’s profile:

http://www.techsoup.org/stock/faq.asp#q10_8

 

Organizations must complete TechSoup Stock’s qualification process within 30 days of requesting a GrantStation membership to receive the specially discounted administrative fee.

 

SPREAD THE WORD

Tell your colleagues about the GrantStation special promotion so that even more nonprofits and public libraries can benefit from these savings.

 

On behalf of TechSoup Stock and GrantStation, I look forward to your participation in our September 19 special event!

 

Sincerely,

 

Rebecca Masisak

Co-CEO, CompuMentor/TechSoup

Ad-Aware Releases Update Supporting Vista

For Immediate Release:

Gothenburg, Sweden (August 28, 2007)

Pioneer anti-spyware company Lavasoft today announced the release of the Microsoft Vista^TM compatible version of Ad-Aware 2007.

“Many of our customers have already made the transition to the Windows Vista^TM operating system, and they depend on Ad-Aware to continue to protect them from online threats,” said Lavasoft’s CEO Jason King. “Vista is great for consumer usability, but like its predecessors, it comes with security flaws, leaving computer users vulnerable to cyber threats and crime.”

In July, Microsoft COO Kevin Turner announced that Vista had already sold 60 million copies since the launch at the end of January 2007. This latest version of Ad-Aware provides compatibility for Vista^TM (32 bit). To ensure that the product was compatible without relying solely on the self-interpretation of ‘works with Windows Vista^TM’, developers at Lavasoft took advantage of the Vista-Ready program offered at the Microsoft headquarters.

“We traveled to the United States to develop from within the Microsoft offices, which gave us a great advantage with quick turnaround for any Vista compatibility questions we posed,” stated senior developer at Lavasoft, Lennart Lundqvist. “The team at Microsoft is focused on transitioning software applications for the Vista platform, and as a result we have a compatible product to respond to our own customer’s needs.”

The Vista version is available to existing customers through the web update program within Ad-Aware 2007. New customers can visit www.lavasoft.com for more information.

About Lavasoft

Founded in 1999, Lavasoft is “the original anti-spyware company”, with over a quarter of a billion downloads worldwide for the Ad-Aware product. A private company headquartered in Gothenburg, Sweden, Lavasoft provides security solutions for individual consumers and enterprise clients alike. Lavasoft has 4,000 partners in 120 countries.

For further information, please contact Michael Helander, Director of Communications at Lavasoft, at +46 733 18 45 63 or at press@lavasoft.com.

Motion Case Studies: The New Jersey Motor Vehicle Commission – Not your ordinary DMV

The NJMVC is the first government agency in New Jersey to use pen tablet PCs

The Background:

The New Jersey Motor Vehicle Commission (NJMVC) aims to be the model for excellence in motor vehicle services.

Long waits and slow service are never fun, but many customers have come to accept it as a fact of life when visiting their local motor vehicle departments around the country.

In 2003, the NJMVC began overhauling its operations and image in an effort to better serve customers. One critical tool it’s using to improve the customer experience is tablet PCs from Motion Computing. The point-of-entry service made possible by tablet PCs has made a major impact on the way the Commission serves customers.

The Challenge:

The NJMVC made the decision to deploy the tablets in three areas: driver license renewal, new driver licensing, and vehicle inspections.

For years, customers waited in line for hours, only to find out that they didn’t have the appropriate identification. Following the enactment of New Jersey’s Motor Vehicle Security and Customer Service Act in 2003, the newly created Motor Vehicle Commission began requiring new and renewing drivers to produce six points of identification in order to obtain a digital driver license. Rather than wasting customers’ time by making them wait in line, the NJMVC wanted to help people as soon as they walked through the door. They imagined an electronic, handheld device used to check identification and fill out preliminary forms that would save each driver time and improve the overall experience.

The NJMVC’s IT team first explored PDAs, but the functionality of these devices was limited. Laptops also were evaluated, but they lacked agility and didn’t have the handwriting recognition capabilities necessary to fill out forms. Tablet PCs emerged as the most appropriate solution. After reviewing various devices, Motion Computing’s ultra-mobile, pen-and-ink enabled tablet PCs emerged as the right fit for the NJMVC.

“Once we decided that tablets were the most beneficial solution, all signs pointed to Motion Computing as the tablet PC provider of choice,” says Woody Sisco, NJMVC’s management information systems coordinator.

The NJMVC began implementing Motion’s tablet PCs and soon realized that they would be useful in other areas of the organization – particularly with the mobile workforces of Inspection Services and Driver Testing examiners, who evaluate first-time drivers.

The Solution:

In early 2004, the commission designated greeters at each of its agencies and equipped them with Motion M1400 tablet PCs, 200 tablets in total. In the fall of 2006, they purchased approximately 300 LE1600 tablet PCs, and will eventually upgrade all of the M1400s currently in use. The tablet’s mobility enabled greeters to provide customer service beyond the counter, significantly expediting the customer’s Motor Vehicle Commission experience.

While drivers wait in line to be served at the counter, greeters review and verify identification documents. Customers can ask questions, find out what forms they need to fill out, and take care of preliminary issues, all while they wait. The NJMVC purchased extended batteries that enable greeters to go most of the day without having to swap out the batteries every few hours.

The Division of Inspection Services is responsible for evaluations at inspection stations, as well as mobile inspections of charter and school buses and taxi cab fleets. They use Formulizer software that is ink-enabled and uses Optical Character Recognition (OCR) to transfer handwriting to searchable text. The software creates a back-end database that is searchable and quite useful for statistical reporting. The inspectors can search all content entered in the form fields and save forms with “ink” intact and in text format.

Driver Testing examiners now score new drivers’ parallel parking and left-hand turning skills with the help of the tablets. The minute the test car is put into park, scores are entered directly into the system and the newly-minted driver just has to pick up his/her provisional license. There is no additional paperwork to fill out.

The Results:

The tablets have been fully deployed by greeters working in motor vehicle agencies and are in the process of being implemented by the vehicle inspection personnel and Driver Testing examiners who will be moving to a paperless environment. According to Sisco, “the applicability for vehicle inspections and Driver Testing examiners was obvious. We knew the tablets would be an incredible tool for them and couldn’t wait to get them in their hands.”

The Motion tablet’s View Anywhere® Display, which allows for easy viewing in any light, is especially useful to the vehicle inspectors, who are often working outdoors to conduct inspections. The View Anywhere feature eliminates glare on the screens and allows for viewing at any angle. They’ve also recently begun using the pen-and-ink tool to conduct evaluations via customized online forms.

A mobile workforce, the Enhanced Inspections Group has incorporated CDMA wireless technology, which allows them to send and receive e-mails instantly while in the field. They also use the tablet to take pictures during site investigations, and take notes directly on top of the image.

Sisco says the purchase of the Motion tablets was “very easy to justify.”

MSN Messenger Buffer Overflow Makes Webcam Sessions Dangerous

Severity: Medium

11 September, 2007

Summary:

Today, Microsoft released a bulletin describing an important security vulnerability affecting MSN Messenger and Windows Live Messenger. By enticing one of your users into accepting a malicious webcam invite, an attacker could exploit this vulnerability to potentially gain complete control of that user’s computer. If you use MSN Messenger or Windows Live Messenger in your network, you should download, test, and deploy the latest version as soon as possible.

Exposure:

Microsoft’s security bulletin describes a vulnerability affecting MSN Messenger 6.2, 7.0, 7.5, and Windows Live Messenger 8.0. The flaw stems from a heap buffer overflow vulnerability in the code used to handle webcam and video chat sessions. We mentioned this vulnerability in an August Wire post, but Microsoft hadn’t patched it at that time. If an attacker can entice one of your users into accepting a specially crafted webcam invite, she can exploit this flaw to execute code on the user’s computer, with that user’s privileges. As always, if your users have local administrative privileges, attackers could exploit this vulnerability to gain complete control of their machines.

Solution Path

Microsoft has released new versions of MSN Messenger and Windows Live Messenger to fix this vulnerability. If you use either of these instant messaging clients, download and deploy the latest version of Messenger as soon as you can.

• MSN Messenger 7.0.0820
• Windows Live Messenger 8.5

WatchGuard does not recommend the use of normal (insecure, unencrypted) Instant Messenger clients. If your organization does not require MSN Messenger, but users keep sneaking it in, check the Workarounds section of Microsoft’s bulletin for techniques you can use to block all Messenger traffic. In our experience, these workarounds are not 100 percent effective, but they might prove useful enough to discourage your unauthorized Messenger users.

For All WatchGuard Users:

If you allow MSN Messenger connections through your firewall, this flaw affects you and we recommend you download, test and install the patch above. However, you can also configure your WatchGuard Firebox to deny MSN Messenger traffic and thereby mitigate the risk of this vulnerability. For more details on blocking MSN Messenger traffic with your Firebox, read this FAQ.

Status:

Microsoft has released patches correcting these issues.

References:

• Microsoft Security Bulletin MS07-054

AltiGen Communications to Present at Kaufman Brothers 10th Annual Investor Conference on September 6, 2007

Fremont, CA – August 27, 2007 – AltiGen Communications, Inc. (Nasdaq: ATGN), a leading provider of next generation IP-PBX phone systems, today announced it plans to present at the Kaufman Brothers 10th Annual Investor Conference at the W Hotel in New York City on September 6, 2007 at 9:10 a.m. ET. Presenting from management will be Jeremiah Fleming, president and COO and Phil McDermott, chief financial officer.

A live webcast of management’s presentation will be accessible from the company’s website: www.altigen.com. In addition, a replay of the webcast will be available.

About AltiGen Communications
AltiGen Communications, Inc. (Nasdaq: ATGN) is a leading manufacturer of VoIP telephony solutions. AltiGen designs, manufactures and markets advanced, IP-PBX telephone systems and IP call centers that leverage both the Internet and the public telephone network. These products enable an array of applications that take advantage of the convergence of voice and data communications to achieve superior business results. AltiGen Communications products are available from independent authorized resellers and strategic partners. AltiGen’s AltiServ™ family of telephony solutions has been recognized for excellence with more than 40 industry awards since 1996. Focused on the small to mid sized and multi-site businesses, AltiGen customers benefit from integrated solutions that protect their existing investments, while providing new ways to be more competitive, productive and to save money.

For more information, call 1-888-ALTIGEN or visit the Website at www.altigen.com

Critical Flaw Makes Windows 2000 Component a “Double Agent”

Severity: Medium

11 September, 2007

Summary:

Today, Microsoft released two security bulletins describing vulnerabilities that affect Windows and components shipping with it. A remote attacker could exploit the worst of these flaws to execute code on your Windows 2000 PC, potentially gaining complete control of it. For a table briefly summarizing which vulnerabilities affect which versions of Windows, see Microsoft’s Security Bulletin Summary for September and expand the section, “Affected Software and Download Location.” If you manage a Windows network, you should download, test, and deploy the appropriate Windows patches throughout your network as soon as possible.

Exposure:

Microsoft’s two security bulletins detail vulnerabilities found in, or affecting, components of Windows. Each vulnerability affects different versions of Windows to a different extent. The summary below lists the vulnerabilities from highest to lowest severity. (Note: As we published this alert, Microsoft was having difficulty keeping some of these links active. The bulletins were appearing and disappearing. We trust the problem will be resolved.)

MS07-051: Microsoft Agent Remote Code Execution Vulnerability in Win2K

Microsoft Agent is a Windows software component providing user interactions to help people learn how to use their computer. If you recall the irritating animated paperclip character, Clippy, in Microsoft Office, that Office agent is similar to the Microsoft Agents available in Windows.

The Agent component that ships with Windows 2000 suffers from an unspecified vulnerability involving the way it handles certain specially crafted URLs. By tricking one of your users into visiting a malicious web page, an attacker can exploit this vulnerability to execute code on your user’s computer, inheriting your user’s privileges. If your user has local administrator privileges, the attacker gains full control of the computer. Despite the severity of this vulnerability, it only affects Windows 2000 users. If you do not use 2000 in your network, you have nothing to worry about.
Microsoft rating: Critical.

MS07-053: Window Service for UNIX Vulnerability

Window Service for UNIX and Subsystem for UNIX-based Applications are optional components that provide interoperability services for integrating Windows with existing UNIX-based environments. Windows does not install these services by default. However, they ship on some versions of the Windows installation disc.

Microsoft warns that some files installed by Services for UNIX run with overly-permissive privileges. A local attacker with valid Windows login credentials could exploit these misconfigured files to gain elevated privileges on a Windows machine that runs the UNIX services. Microsoft doesn’t specify the exact level of privileges the attacker would gain. However, we assume the attacker would gain SYSTEM privileges since the alert statest, “administrative users are not less impacted then guest users.” This means the attack yields greater than administrative privileges. However, since this vulnerability relies on components that few administrators use, and requires that the attacker already have valid login credentials, we consider it a low risk.
Microsoft rating: Important.

Solution Path

Microsoft has released patches for Windows to correct these vulnerabilities. You should download, test, and deploy the appropriate patches throughout your network immediately.

Note: Microsoft no longer officially supports Windows NT 4.0, 98, ME or XP with SP1. If you manage any of these operating systems, Microsoft suggests you migrate to supported versions to prevent potential exposure to vulnerabilities. You can learn more about Microsoft’s Product Life-Cycle here.

MS07-051:

• 2000

MS07-053:

• Windows 2000
  • Windows Services for UNIX 3.0
  • Windows Services for UNIX 3.5
• Windows XP
  • Windows Services for UNIX 3.0
  • Windows Services for UNIX 3.5
• Server 2003
  • Windows Services for UNIX 3.0
  • Windows Services for UNIX 3.5
  • Subsystem for UNIX-based Applications
• Server 2003 x64
  • Subsystem for UNIX-based Applications
• Windows Vista
  • Subsystem for UNIX-based Applications
• Windows Vista x64
  • Subsystem for UNIX-based Applications

For All WatchGuard Users:

Attackers could exploit MS07-051 via normal HTTP traffic, which you must allow for your users to browse the web. Attackers can only exploit MS07-053 in a local (internal) attack that does not pass through the firewall. Because of the diversity of attack scenarios these vulnerabilities present, your best defense is to apply the patches above.

Status:

Microsoft has released patches correcting these issues.

References:

• Microsoft Security Bulletin MS07-051
• Microsoft Security Bulletin MS07-053

TechSoup Stock New Product Alert – September Special Offer

Mark September 19 on your calendar! TechSoup Stock and GrantStation will offer a special one-day discount of $300 on a GrantStation membership (http://ga0.org/ct/tdLRaAn1p4om/),

which is designed to help you boost fundraising efforts using their comprehensive database of grant opportunities. This offer is now available for U.S. and Canadian public libraries, in addition to nonprofit organizations. If you have colleagues at a nonprofit or public library that could benefit from this special offer, please take a minute to forward this information to them.

 

Also this month, we have two valuable products from Symantec now available through TechSoup Stock to help keep your computer protected. Norton Confidential 2007 helps guard against identity theft, phishing attacks, and malicious software. You can also request Norton Save & Restore 2.0 for all of your organization’s computers to make sure your data is backed up in case of a hard drive failure.

 

If your nonprofit works with students, you’ll be interested to learn that Microsoft Math is now available through TechSoup Stock to help teach mathematical concepts from pre-algebra through calculus. Finally, we’re featuring several toolkits on TechSoup with valuable links to information on keeping your organization’s computers safe and secure.

 

============================================

GRANTSTATION SPECIAL EVENT: SEPTEMBER 19 ============================================

Boost your fundraising efforts with GrantStation! For only 10 hours on September 19, specially discounted one-year GrantStation memberships will be available to eligible nonprofits and public libraries for only $99, thanks to an extra-generous discount offered by GrantStation. This offer will be open from 7 a.m. to 5 p.m. Pacific time (10 a.m. to 8 p.m.

Eastern time) on September 19; after 5 p.m., our usual discounted administrative fee of $399 will apply. Organizations may renew their existing memberships with this special offer.

 

GrantStation membership includes:

* Access to online resources that will help you identify potential grantmakers for any given program or project at your nonprofit or public library.

* Easy online access: you do not need to download or install any software to use GrantStation.

* Online tutorials on how to write compelling letters of inquiry and grant requests.

* An informative weekly bulletin, The GrantStation Insider.

 

Visit TechSoup Stock and place your request on September 19 (7 a.m. to 5 p.m. Pacific time)!

 

Learn more about this special offer and GrantStation:

http://ga0.org/ct/tdLRaAn1p4om/

 

UPDATE: U.S. and Canadian public libraries are now eligible for the GrantStation program!

 

Organizations must complete TechSoup Stock’s qualification process within 30 days of requesting a GrantStation membership to receive the specially discounted price.

 

ELIGIBILITY

U.S. 501(c)(3) nonprofits and Canadian Registered Charities; U.S. and Canadian public libraries. View eligibility

restrictions:

http://ga0.org/ct/t7LRaAn1p4oE/

 

============================================

STAY SAFE ONLINE WITH NEW NORTON CONFIDENTIAL ============================================

Protect yourself from identity theft with Norton Confidential 2007, now available through TechSoup Stock. Norton Confidential protects passwords and other personal information so you can conduct business online while staying safe. The software helps protect you in a variety of ways:

 

* Anti-Phishing Toolbar: Norton Confidential identifies and blocks known phishing Web sites using a toolbar it installs in Microsoft Internet Explorer.

 

* Crimeware Tracker: This tool continually searches for evidence that crimeware is recording keystrokes or taking screen captures. If found, the crimeware will be disabled.

 

* InfoVault: Store login and password information for Internet Explorer using InfoVault and easily retrieve it using a master password.

 

Norton Confidential 2007 is available through TechSoup Stock for administrative fees of $15 to $70 (compared to retail values from $50 to $1000), thanks to a generous donation from Symantec. The software comes in packages of 1, 5, 10, and 25 licenses.

 

Learn more and place your donation request:

http://ga0.org/ct/5dLRaAn1p4oI/

 

Browse all Symantec products and learn more about Symantec donation programs here:

http://ga0.org/ct/51LRaAn1p4oW/

 

ELIGIBILITY

U.S. 501(c)(3) nonprofits, Canadian Registered Charities, and U.S. 501(c)(3) libraries. Review the Symantec donation program

restrictions:

http://ga0.org/ct/g1LRaAn1p4oy/

 

============================================

BE PREPARED: NORTON SAVE & RESTORE NOW AVAILABLE ============================================

Would you be protected if your hard drive suddenly failed?

Norton Save & Restore 2.0 helps prepare for this and other emergencies by creating a backup copy of your entire hard drive or any folders you choose.

 

One advantage of Norton Save & Restore is that it can perform backups on the fly without interrupting your work or restarting the computer. Or, you can schedule a backup at certain times, when a user logs off, when new software is installed, or based on other events. Your data can be saved to a wide variety of media, including CD-R/RW, DVD-R/RW, USB and FireWire storage devices, and network drives.

 

Norton Save & Restore 2.0 is available through TechSoup Stock for administrative fees of $15 to $70 (compared to retail values from $50 to $1000), thanks to a generous donation from Symantec. The software comes in packages of 1, 5, 10, and 25 licenses.

 

Learn more and place your donation request:

http://ga0.org/ct/57LRaAn1p4o7/

 

Browse all Symantec products and learn more about Symantec donation programs here:

http://ga0.org/ct/51LRaAn1p4oW/

 

ELIGIBILITY

U.S. 501(c)(3) nonprofits, Canadian Registered Charities, and U.S. 501(c)(3) libraries. Review the Symantec donation program

restrictions:

http://ga0.org/ct/g1LRaAn1p4oy/

 

============================================

DO THE MATH: SAVE ON NEW EDUCATIONAL PRODUCT FROM MICROSOFT ============================================

Microsoft Math can help students solve problems and gain a better understanding of mathematical concepts from pre-algebra through calculus. The primary tool in Microsoft Math is a full-featured scientific calculator with extensive graphing and equation-solving capabilities to deepen students’ knowledge of complex mathematics. An animated slider lets students make changes to an equation and see the effect on the graph.

 

The other tools include:

* The Step-by-Step Equation Solver, which coaches students to develop problem-solving skills

* The Formulas and Equations Library, with more than 100 common equations and formulas

* The Triangle Solver, a graphing tool to help students explore relationships between different components of triangles

* The Unit Conversion Tool, which makes it easy for students to convert units of measure

 

Microsoft Math is available through TechSoup Stock for an administrative fee of $2 (as compared to a retail value of $20). Learn more and place your donation request:

http://ga0.org/ct/t1LRaAn1p4oj/

 

ELIGIBILITY

U.S. 501(c)(3) nonprofits and Canadian charitable and nonprofits organizations. View eligibility restrictions:

http://ga0.org/ct/tpLRaAn1p4oU/

 

============================================

STAY SAFE AND SECURE WITH TECHSOUP TOOLKITS ============================================

In addition to the right software, nonprofits today need the know-how to keep their computers safe and secure. Visit these TechSoup toolkits to find links to essential information on recovering from disk failure and other disasters, combating spam and spyware, and preventing viruses.

 

* Disaster Planning and Recovery Toolkit:

http://ga0.org/ct/gpLRaAn1p4o8/

 

* Spam Prevention Toolkit:

http://ga0.org/ct/b1LRaAn1p4oi/

 

* Anti-Spyware Toolkit:

http://ga0.org/ct/gdLRaAn1p4oh/

 

* Virus-Prevention Toolkit:

http://ga0.org/ct/g7LRaAn1p4on/

 

============================================

TELL A FRIEND

============================================

As a nonprofit helping other nonprofits get the technology they need, TechSoup Stock depends on your referrals to reach organizations that might not know about our service. I encourage you to take a moment and forward this email to nonprofits and libraries you know that could benefit from access to these products and savings. Since 2002, TechSoup Stock has helped over 50,000 nonprofits and public libraries take advantage of product donations.

 

============================================

QUESTIONS?

============================================

If you have questions about our donation programs that were not addressed by this email or the program pages on our Web site, please feel free to contact our Customer Service Department via email at newproducts@techsoup.org or call us at 1-800-659-3579, extension 700. TechSoup Stock Customer Service is available Monday-Friday, from 8 a.m. to 5 p.m. Pacific time. In addition, you can get answers to your questions at our online Email and Answer Center at http://ga0.org/ct/5pLRaAn1p4ou/.