AltiGen provides technical support for the current release of MAXCS and for the immediate prior release.
Beginning today, when a new version of MAXCS becomes available, AltiGen will continue to support that
prior release for another 90 days. After that, support for releases older than the latest two will be limited to
software upgrades – a question or issue directly related to upgrading to a supported release.
AltiGen has been supporting the latest release, 6.0, and the release prior to 6.0, which was 5.2. Release
6.5 was made available on 10/1/2009, so AltiGen is now supporting release 6.5 and the immediate prior
release, 6.0. Release 5.2 will be supported for an additional 90 days, until 1/1/2010.

Three Vulnerable ActiveX Controls Plague Microsoft Office and Visio
SEVERITY: HIGH
13 October, 2009
SUMMARY:
 This vulnerability affects: All current versions of Microsoft Office (also affects Visio)
 How an attacker exploits it: By luring your users to a malicious web page
 Impact: An attacker can execute code on your user’s computer, potentially gaining control of it
 What to do: Install the appropriate Microsoft Patch as soon as possible, or let Windows Update download your patches automatically
EXPOSURE:
Today, Microsoft released a security bulletin describing three vulnerable ActiveX controls that ship with most versions of Microsoft Office. The flawed controls also come with Visio.
In previous LiveSecurity alerts [ 1 / 2 ], we’ve described Microsoft’s Active Template Library (ATL), which is a collection of programmatic templates that help developers create ActiveX controls. Many Microsoft products, including Office and Visio, ship with ActiveX controls created with the ATL library. Unfortunately, a previous version of ATL suffered from security vulnerabilities that led to the creation of many vulnerable ActiveX controls. Since then, Microsoft has continued to find legacy ActiveX controls that suffer from these vulnerabilities.
Today’s Office bulletin essentially fixes three more vulnerabilities associated with ATL issues. The three flaws differ technically, but share the same scope and impact. By enticing one of you users to a specially crafted website, an attacker could exploit any of these vulnerabilities to execute code on that user’s computer, with that user’s privileges. If your users have local administrative privileges, attackers could leverage this type of flaw to gain full control of their computers.
SOLUTION PATH
Microsoft has released patches that correct these vulnerabilities. You should download, test, and deploy the appropriate patches throughout your network immediately.
 For Office XP
 Microsoft Outlook 2002
 For Office 2003
 Microsoft Office Outlook 2003
 For 2007 Microsoft Office System
 Microsoft Office Outlook 2007
 For Other Microsoft Software
 Microsoft Office Visio Viewer 2007
FOR ALL WATCHGUARD USERS:
Many of these attacks travel as normal-looking HTTP traffic, which you must allow if your network users need to access the World Wide Web. Therefore, the patches above are your best solution.
STATUS:
Microsoft has released patches for these vulnerabilities.

Six of Eleven Windows Vulnerabilities Rated Critical
BULLETINS AFFECT SMB2, WINDOWS MEDIA PLAYER, IIS FTP, AND MORE
SEVERITY: HIGH
13 October, 2009
SUMMARY:
 These vulnerabilities affect: All current versions of Windows and components that ship with it – also the .NET Framework and Silverlight
 How an attacker exploits them: Multiple vectors of attack, including sending specially crafted packets or enticing your users to view malicious media
 Impact: Various results; in the worst case, an attacker can gain complete control of your Windows computer
 What to do: Install the appropriate Microsoft patches immediately, or use Windows’ automatic update features to download these patches automatically
EXPOSURE:
Today, Microsoft released eleven security bulletins describing 27 vulnerabilities that affect Windows and components that ship with it. Each vulnerability affects different versions of Windows to varying degrees. Some of the flaws also affect other Microsoft products, such as Silverlight, SQL Server, Office, and Microsoft’s Developer Tools. A remote attacker could exploit the worst of these flaws to gain complete control of your Windows PC. The summary below lists the vulnerabilities, in order from highest to lowest severity.
 MS09-050: SMBv2 Code Execution Vulnerabilities
The SMB2 service is a newer version of Microsoft’s Server Message Block (SMB) protocol service that Windows uses to share files, printers, and other resources. SMBv2 only ships with Windows Vista, Windows 7, and Server 2008. Last Month, a researcher discovered a zero day vulnerability in the SMBv2 service. Other researchers confirmed this flaw, and verified that attackers could exploit it to execute code on Windows machines. By sending specially crafted SMBv2 requests, an attacker could exploit this flaw to gain complete control of your Windows users’ computers. That said, most administrators do not allow SMB traffic through their firewall. So this flaw primarily poses an internal threat. Microsoft’s bulletin finally fixes this SMBv2 flaw and two others like it. You can read our earlier Wire posts about this zero day SMBv2 flaw here and here. Finally, while SMBv2 does ship with Windows 7, this vulnerability only affects the Release Candidate (RC) version of Windows 7; not the Release To Manufacturing (RTM) build that is sold to the public. Windows 7 RTM users are not vulnerable to these SMBv2 flaws.
Microsoft rating: Critical.
 MS09-051: Two Windows Media Runtime Code Execution Vulnerabilities
Windows Media Runtime is a component that provides information and tools Windows and other applications need to play or view media content. This component suffers from two vulnerabilities: a memory corruption vulnerability involving how it handles certain compressed audio files, and a code execution vulnerability that has to do with how it handles ASF media files that make use of Window’s Media Speech codec. Both vulnerabilities share the same scope and impact. By enticing one of you users to view or play a specially crafted media file, an attacker could leverage either of these vulnerabilities to execute code on that user’s computer, with that user’s privileges. If you users have local administrator privileges, the attacker gains complete control of their computers.
Microsoft rating: Critical.
 MS09-052: Windows Media Player Buffer Overflow Vulnerability
Windows Media Player is the digital media player program that ships with Windows, and plays various audio and video files. It suffers from a buffer overflow vulnerability that has to do with how it processes ASF files. If an attacker can convince one of your users to play a specially crafted ASF file, he can leverage this flaw to execute code on your user’s computer, with that user’s privileges. As with most Windows vulnerabilities, if your user has local administrator privileges the attacker gains complete control of their machines.
Microsoft rating: Critical
 MS09-062: Multiple GDI+ Code Execution Vulnerabilities
Windows’ Graphic Device Interface (GDI+) is the core operating system component used to render graphical objects to output devices like your monitor or printer. GDI+ contains eight buffer overflow or memory corruption vulnerabilities that attackers could exploit to execute malicious code. The flaws all differ technically, but share the same scope and impact. If an attacker can entice one of you users to view a malicious image, open a malicious document, or visit a malicious web page, he could exploit one of these vulnerabilities to gain control of that user’s computer. Microsoft’s bulletin makes it difficult to know whether or not the attacker immediately gains complete control of the user’s system, or only the victim user’s level of control. In some parts of their bulletin they say, “complete control.” Yet, in other parts they mention the attacker’s level of privilege depends on the victim user. That said, since most Windows users have local administrative privileges anyway, we suspect most attacks leveraging these vulnerabilities would give attackers complete control of your Windows computers. Note: Besides affecting Windows, these flaws also affect:
 .NET Framework
 Internet Explorer
 Microsoft Office and other Office software
 SQL Server
 Developer Tools
 and Forefront Client Security.
Be sure to patch all the affected Microsoft products.
Microsoft rating: Critical.
 MS09-055: Cumulative ActiveX Killbit Update
Microsoft’s Active Template Library (ATL) is a collection of programmatic templates that help developers create ActiveX controls. Windows ships with many different components that have ActiveX controls created with the ATL library. Unfortunately, Microsoft has found another vulnerability in one of the ActiveX controls created with the ATL library. If an attacker can entice one of your users to a malicious web page, he could exploit this vulnerability to execute code on that user’s computer, with that user’s privileges. As is the case with most Windows flaws, if your user has local administrative privileges, the attacker gains complete control of his machine. This bulletin sets the killbit for this vulnerable ActiveX control, and all past vulnerable ActiveX controls. This new ActiveX vulnerability is very similar to the ones we described in a past, out-of-cycle Microsoft LiveSecurity Alert. While some of these ATL vulnerabilities only affect Windows components, others could also affect third party ActiveX controls created with the vulnerable Microsoft ATLs.
Microsoft rating: Critical.
 MS09-061: Three .NET Framework Code Execution Flaws.
The .NET Framework is software framework developers can use to create new Windows applications. Unfortunately, the .NET Framework suffers from three complicated remote code execution vulnerabilities that allow attackers to gain inappropriate privileges on your Windows systems. Though the flaws differ technically, they share the same scope and impact. If an attacker can get you to run a maliciously crafted .NET application, he can exploit any of these flaws to execute code on that user’s computer, with that user’s privileges. If your users have local administrative access, the attacker gains full control of their PCs. The .NET application can run both locally, and over the web, so simply visiting a malicious website could trigger this vulnerability.
Microsoft rating: Critical
 MS09-053: IIS FTP Service Remote Code Execution and DoS Vulnerability.
Microsoft’s Internet Information Services (IIS) is one of the most popular web server services used on the Internet. IIS also provides an FTP service as well. All server versions of Windows come with IIS, though some of its services may not start by default. In a previous LiveSecurity alert, we described a zero day IIS FTP service vulnerability that attackers could leverage to either crash your IIS server, or gain complete control of it. The attacker only had to connect to your FTP server, and send it a specially crafted command to leverage this flaw. Today’s IIS FTP bulletin fixes that previously unpatched flaw.
Microsoft rating: Important.
 MS09-058: Three Windows Kernel Elevation of Privilege Vulnerabilities
The Windows kernel suffers from three elevation of privilege (EoP) vulnerabilities. All three of the EoP flaws differ technically, but share a similar scope. By running a specially crafted program on one of your Windows computers, an attacker can gain complete control of that system, regardless of his original user privileges. However, the attacker needs to have local access to one of your computers in order to run his malicious program. So these vulnerabilities primarily pose an internal risk.
Microsoft rating: Important.
 MS09-057: Indexing Service Memory Corruption Vulnerability
The Windows Indexing services catalogs content within your files and directories to speed up the searching process. An ActiveX control that ships with the Indexing services suffers from an unspecified memory corruption vulnerability involving the way it handles specially crafted web content. By luring one of your users to a web page with malicious code, an attacker can exploit this vulnerability to execute code on that user’s computer, with that user’s privileges. As is the case with most Windows flaws, if your user has local administrative privileges, the attacker gains complete control of his machine.
Microsoft rating: Important
 MS09-059: LSASS Denial of Service (DoS) Vulnerability
The Local Security Authority Subsystem Service (LSASS) is a Windows component that handles authentication and enforces security policies. LSASS suffers from an integer underflow flaw that results in a Denial of Service (DoS) vulnerability. By sending maliciously crafted packets during the authentication process, an attacker could exploit this flaw to cause your Windows computer to reboot. However, most administrators don’t allow authentication traffic to pass beyond their local network. This flaw only poses a marginal internal risk.
Microsoft rating: Important.
 MS09-056: CryptoAPI Spoofing Vulnerabilities
CryptoAPI is the component that provides basic cryptographic services to Windows, such as encryption, authentication, and digital certificate handling. CryptoAPI suffers from two vulnerabilities which could allow an attacker to create a digital certificate that impersonates another user or system. For instance, the attacker could leverage this flaw to create a certificate that appeared to belong to www.paypal.com, when in reality it belongs to the attacker. By either enticing you to his malicious website, or leveraging some other DNS vulnerability that forwards you to his website, an attacker could leverage this certificate spoofing vulnerability to convince you that his malicious site really belongs to some trusted entity.
Microsoft rating: Important.
SOLUTION PATH:
Microsoft has released patches for Windows which correct all of these vulnerabilities. You should download, test, and deploy the appropriate patches throughout your network immediately.
MS09-050:
 Windows Vista
 Windows Vista x64
 Windows Server 2008
 Windows Server 2008 x64
 Windows Server 2008 Itanium
MS09-051:
 Microsoft Windows 2000
 DirectShow WMA Voice Codec
 Windows Media Audio Voice Decoder
 Audio Compression Manager
 Windows XP
 DirectShow WMA Voice Codec
 Windows Media Audio Voice Decoder for SP2
 Windows Media Audio Voice Decoder for SP3
 Audio Compression Manager
 Windows XP Professional x64
 DirectShow WMA Voice Codec
 Windows Media Audio Voice Decoder
 Windows Media Audio Voice Decoder in Windows Media Format SDK 9.5 x64 Edition
 Windows Media Audio Voice Decoder in Windows Media Format SDK 11
 Audio Compression Manager
 Windows Server 2003
 DirectShow WMA Voice Codec
 Windows Media Audio Voice Decoder
 Audio Compression Manager
 Windows Server 2003 x64
 DirectShow WMA Voice Codec
 Windows Media Audio Voice Decoder
 Windows Media Audio Voice Decoder in Windows Media Format SDK 9.5 x64 Edition
 Audio Compression Manager
 Windows Vista
 Windows Media Audio Voice Decoder
 Windows Vista x64
 Windows Media Audio Voice Decoder
 Windows Server 2008
 Windows Media Audio Voice Decoder
 Windows Server 2008 x64
 Windows Media Audio Voice Decoder
MS09-052:
 Windows Server 2000
 Microsoft Windows Media Player 6.4
 Windows XP
 Microsoft Windows Media Player 6.4
 Windows XP x64
 Microsoft Windows Media Player 6.4
 Windows Server 2003
 Microsoft Windows Media Player 6.4
 Windows Server 2003 x64
 Microsoft Windows Media Player 6.4
Note: These vulnerabilities do not affect any other versions of Windows.
MS09-062:
 Windows XP
 Windows XP x64
 Windows Server 2003
 Windows Server 2003 x64
 Windows Server 2003 Itanium
 Windows Vista
 Windows Vista x64
 Windows Server 2008*
 Windows Server 2008 x64*
 Windows Server 2008 Itanium
* As mentioned in the Exposure section above, these GDI+ vulnerabilities affect many other Microsoft products, including Office and SQL Server. We highly recommend you visit the “Affected and Non-Affected Software” section of Microsoft’s GDI+ bulletin to find and download any other relevant patches for your organization.
MS09-055:
 Windows 2000
 Windows XP
 Windows XP x64
 Windows Server 2003
 Windows Server 2003 x64
 Windows Server 2003 Itanium
 Windows Vista
 Windows Vista x64
 Windows Server 2008
 Windows Server 2008 x64
 Windows Server 2008 Itanium
 Windows 7
 Windows 7 x64
 Windows Server 2008 R2 x64
 Windows Server 2008 R2 Itanium
MS09-061:
We recommend you see the “Affected Software” section of this Microsoft bulletin to find all the potential .NET framework patches. With all the different versions of .NET Framework, combined with the different Windows and Framework Service Pack variants, there are actually many confusing possibilities for which patches to apply. If it fits your organization’s policy, we highly recommend you use Windows’ automatic update feature to download the right patch.
MS09-053:
 Windows 2000
 IIS 5.0 (FTP Service 5.0)
 Windows XP
 IIS 5.1 (FTP Service 5.1)
 Windows XP x64
 IIS 5.1 (FTP Service 5.1)
 Windows Server 2003
 IIS 6.0 (FTP Service 6.0)
 Windows Server 2003 x64
 IIS 6.0 (FTP Service 6.0)
 Windows Server 2003 Itanium
 IIS 6.0 (FTP Service 6.0)
 Windows Vista
 IIS 7.0 (FTP Service 6.0)
 Windows Vista x64
 IIS 7.0 (FTP Service 6.0)
 Windows Server 2008
 IIS 7.0 (FTP Service 6.0)
 Windows Server 2008 x64
 IIS 7.0 (FTP Service 6.0)
 Windows Server 2008 Itanium
 IIS 7.0 (FTP Service 6.0)
MS09-058:
 Windows 2000
 Windows XP
 Windows XP x64
 Windows Server 2003
 Windows Server 2003 x64
 Windows Server 2003 Itanium
 Windows Vista
 Windows Vista x64
 Windows Server 2008
 Windows Server 2008 x64
 Windows Server 2008 Itanium
MS09-057:
 Windows 2000
 Windows XP
 Windows XP x64
 Windows Server 2003
 Windows Server 2003 x64
 Windows Server 2003 Itanium
MS09-059:
 Windows XP
 Windows XP x64
 Windows Server 2003
 Windows Server 2003 x64
 Windows Server 2003 Itanium
 Windows Vista
 Windows Vista x64
 Windows Server 2008
 Windows Server 2008 x64
 Windows Server 2008 Itanium
 Windows 7
 Windows 7 x64
 Windows Server 2008 R2 x64
 Windows Server 2008 R2 Itanium
MS09-056:
 Windows 2000
 Windows XP
 Windows XP x64
 Windows Server 2003
 Windows Server 2003 x64
 Windows Server 2003 Itanium
 Windows Vista
 Windows Vista x64
 Windows Server 2008
 Windows Server 2008 x64
 Windows Server 2008 Itanium
 Windows 7
 Windows 7 x64
 Windows Server 2008 R2 x64
 Windows Server 2008 R2 Itanium
FOR ALL WATCHGUARD USERS:
By default, your WatchGuard Firebox blocks the network traffic associated with many of these attacks. However, attackers leverage some of the attacks locally, or by sending normal-looking HTTP traffic. Therefore, the patches above are your best solution.
STATUS:
Microsoft has released patches correcting these issues.
REFERENCES:
 Microsoft Security Bulletin MS09-050
 Microsoft Security Bulletin MS09-051
 Microsoft Security Bulletin MS09-052
 Microsoft Security Bulletin MS09-053
 Microsoft Security Bulletin MS09-055
 Microsoft Security Bulletin MS09-056
 Microsoft Security Bulletin MS09-057
 Microsoft Security Bulletin MS09-058
 Microsoft Security Bulletin MS09-059
 Microsoft Security Bulletin MS09-061
 Microsoft Security Bulletin MS09-062

October’s Critical IE Cumulative Update Corrects Four Code Execution Flaws
SEVERITY: HIGH
13 October, 2009
SUMMARY:
 This vulnerability affects: Internet Explorer 8 and earlier versions, running on all current version of Windows
 How an attacker exploits it: By enticing one of your users to visit a web page or link containing malicious code
 Impact: In the worst case, the attacker can execute code on your user’s computer, gaining complete control of it
 What to do: Deploy the appropriate Internet Explorer patches immediately
EXPOSURE:
In a security bulletin released today as part of its monthly patch update, Microsoft describes four new vulnerabilities in Internet Explorer (IE) 8.0 and earlier versions, running on all current versions of Windows (including Windows 7 and Windows Server 2008).
Although the four vulnerabilities differ technically, they share the same general scope and impact. Most of them involve memory corruption flaws having to do with how IE handles various HTML objects or data streams. If an attacker can lure one of your users to a web page containing malicious web code, he can exploit these vulnerabilities to execute code on that user’s computer, inheriting that user’s privileges. Typically, Windows users have local administrative privileges. In that case, the attacker could exploit these flaws to gain complete control of the victim’s computer.
Keep in mind, today’s attackers commonly hijack legitimate web pages and booby-trap them with malicious code. They do this via hosted web ads or through SQL injection attacks. Even recognizable and authentic websites could pose a risk to your users if hijacked in this way.
If you’d like to know more about the technical differences between these flaws, see the “Vulnerability Information” section of Microsoft’s bulletin. Technical differences aside, all of these IE flaws pose significant risk, you should download and install the IE cumulative patch as soon as possible.
SOLUTION PATH:
These patches fix serious issues. You should download, test, and deploy the appropriate IE patches as soon as possible.
 Internet Explorer 5.01
 For Windows 2000
 Internet Explorer 6.0
 For Windows 2000
 For Windows XP
 For Windows XP x64
 For Windows Server 2003
 For Windows Server 2003 x64
 For Windows Server 2003 Itanium
 Internet Explorer 7.0
 For Windows XP
 For Windows XP x64
 For Windows Server 2003
 For Windows Server 2003 x64
 For Windows Server 2003 Itanium
 For Windows Vista
 For Windows Vista x64
 For Windows Server 2008 *
 For Windows Server 2008 x64 *
 For Windows Server 2008 Itanium
 Internet Explorer 8.0
 For Windows XP
 For Windows XP x64
 For Windows Server 2003
 For Windows Server 2003 x64
 For Windows Vista
 For Windows Vista x64
 For Windows Server 2008 *
 For Windows Server 2008 x64 *
 For Windows 7
 For Windows 7 x64
 For Windows Server 2008
 For Windows Server 2008 x64
* Note: These flaws do not affect Windows Server 2008 administrators who installed using the Server Core installation option.
FOR ALL WATCHGUARD USERS:
These attacks travel as normal-looking HTTP traffic, which you must allow if your network users need to access the World Wide Web. Therefore, the patches above are your best solution.
STATUS:
Microsoft has released patches to fix these vulnerabilities.
REFERENCES:
 MS Security Bulletin MS09-054

We are pleased to introduce the October Service Update for Microsoft Online Services, which includes several new features and enhancements designed to improve the service experience for both administrators and users. The Service Update is currently being deployed into production data centers.

Many of these service enhancements are the result of customer and partner feedback. We are pleased to deliver this Service Update in our effort to continually improve your experience with Microsoft Online Services.

Upgrades and Enhancements
The following features and capabilities are included in the October Service Update:

Bulk Activation of Users
PowerShell commandlets will be added to streamline the activation process, enabling administrators to easily automate the activation of a set of users. Most commonly, these commandlets will be used to activate a set of users that have been migrated from an Active Directory forest to Microsoft Online Services via the Directory Synchronization Tool. Previously, administrators were required to activate users one-by-one with the User Administration tools in the Microsoft Online Services Administration Center.
Commandlets added in this Service Update are:
• Enable-MSOnlineUser
• Get-MSOnlineSubscription
• Set-MSOnlineUserPassword
A new version of the Microsoft Online Services Transporter Tool supporting these commandlets will be available for download at the Microsoft Download Center upon completion of the deployment of the October Service Update into production data centers for all regions.

POP Mail Clients
Supported e-mail clients for Exchange Online are being expanded to include POP-based clients. Previously, Exchange Online supported only Microsoft Office Outlook 2003 and 2007.

To enable POP e-mail client support for your organization, have your administrator contact Microsoft Online Services Technical Support to open a Service Request.

Please note: Service Requests for POP enablement will be accepted upon completion of the deployment of the October Service Update into production data centers for all regions. Please reference the Microsoft Online Services Team Blog for deployment updates.

Support for 30,000 Users
The Microsoft Online Services Administration Center will support as many as 30,000 users, improving management and administration for larger organizations. Previously, Microsoft Online Services supported up to 10,000 users.

Please note that SharePoint Online will retain previously established limits (e.g., 20 sites per site collection, 50 gigabytes (GB) per site, and 1 terabyte (TB) per company).

Enhanced Support for Mac OS
The October Service Update includes several enhancements that will provide a more efficient communication and collaboration experience for organizations with Mac users.

A new Sign-In Client for the Mac OS provides a single sign-in experience and auto-configuration of Office for Mac applications and the Safari browser for use with Microsoft Online Services.

Other Mac features in this Service Update include:
• Support for Entourage 2008 Exchange Web Services (EWS), including Global Address List (GAL), Calendar Free/Busy Lookup, and Out-of-Office notifications
• Global Address List support for Entourage 2004 and 2008 when using the Sign-In Client for Mac
• SharePoint Online support for Document Connection for Mac to improve the collaboration experience for users
• Improved Firefox and Safari support for My Company Portal
The Sign-In Client for Mac will be available for download at the Microsoft Download Center upon completion of the deployment of the October Service Update into production data centers for all regions. Please reference the Microsoft Online Services Team Blog for updates on the availability of the Sign-In Client for Mac.

Timeline
Deployment of the October Service Update into production data centers has started, with deployment to all regions anticipated to be complete by mid-October.

The deployment schedule is subject to change. Updates to the deployment schedule will be announced via the Microsoft Online Services Team Blog as well as the RSS Feed from the Microsoft Online Services Administration Center.

Additional Information
All service upgrades in the October Service Update will be performed on your behalf. These changes are a mandatory upgrade for all users, so it is important that you are aware of them and understand how they may impact you.

If you have additional questions, there are several resources at your disposal. Click here for information about how to contact Microsoft Online Services Support. You can also read the Microsoft Online Services Team Blog for the latest news about the October Service Update, or participate in technical discussions on the Microsoft Online Services TechNet Forums.

Thank you!
Thank you for choosing Microsoft Online Services to host your business productivity applications. We look forward to delivering additional enhancements and capabilities that improve your service experience and help you focus on your core business initiatives.

Sincerely,
Microsoft Online Services

Bardissi Enterprises Newswire

AltiGen Communications, Inc. (NASDAQ: ATGN), the leading provider of 100% Microsoft-based VoIP business phone systems and Unified Communications solutions announced today the availability of the Max Communications Server 6.5.
Technology Enhancements:

-SNMP Management feature

-QoS enhancement (802.1p and 802.1q)

-Secured VoIP connection (TLS/SRTP)

-Enhanced 3rd party IP phone support

PBX and Voice Messaging Enhancements:

-Microsoft Exchange 2007 Integration enhancements

-Release Conference Bridge when number of participants is reduced to two

-Support 120 MeetMe conference members in one bridge (HMCP/Softswitch only)

-SIP Trunk enhancements

-Mobile Extension over SIP trunk and Mobile Extension trunk group configuration

-Import and export an extension list from or to a CSV file

Multi‐site Enterprise Manager Enhancements:

-Global extension rerouting over PSTN when WAN connection is down

-Redirect an AltiGen IP phone to an alternate server when its home server is down

Licensing Changes

The following licensing changes should be noted before you upgrade to the 6.5 release.

1. New Concurrent Session Licenses – the 6.5 release supports a dual‐mode licensing model. In addition to SEAT based licenses, the following concurrent SESSION licenses are new in the 6.5 release.

∙MaxCommunicator Session

∙MaxAgent Session

∙MaxSupervisor Session

∙IPTalk Session

2. AltiConsole Licensing Model – The AltiConsole license is changed to a concurrent session based license in the 6.5 release. This change will affect 6.0 system upgrading to 6.5. AltiConsole license is removed from the “Client SEAT License Management” configuration.

3. License Converting rules:

∙5.x version of AltiConsole, AltiView, AltiAgent, AltiSupervisor, and IPTalk concurrent SESSION licenses will be converted to 6.5 version of concurrent SESSION licenses.

∙6.0 AltiConsole SEAT license will be converted to 6.5 concurrent SESSION license.

∙6.0 version of MaxCommunicator, MaxAgent, MaxSupervisor, and IPTalk SEAT license will be kept the same.

MAXCS 6.5 sends SNMP traps to report the following events to a Network Management System:

-Server memory, CPU, or hard disk exceeds defined limits

-MAXCS Switching service is initialized, stopped, or restarted

-PRI trunk goes down or reconnects

-Gateway server loses connection or restarts

-The master or a member server in the Enterprise VoIP domain goes down or reconnects

-IP phone server service goes down or restarts

-Voice mail service goes down or restarts

-CTI service (CT Proxy) goes down or restarts

-Softswitch redundancy switchover occurs

-Enterprise manager redirects IP phone to an alternate server when the home server for the IP phone is not available

QOS Enhancements

-Release 6.5 supports layer2 802.1p (class of service priority) and 802.1Q (VLAN) in the server

and AltiGen IP phones.

Secured VoIP Connection (TLS/SRTP)

This feature allows secured SIP connections and encrypted conversations to prevent eavesdropping, tampering, and message forgery.

-Secured connection can be configured for connection to AltiGen IP phones and SIP‐

Tie trunks.

-SIP signaling is secured by using TLS (Transport Layer Security )

-Voice media is secured by using SRTP (Secured Real Time Protocol)

Enhanced 3rd Party IP Phone Support

Release 6.5 supports standard SIP Hold, Transfer, Call Waiting, and server‐side Conference for certified 3rd party SIP phones.

Currently certified 3rd party phones are:

-Aastra 6731i, 6753i, 6755i, 6757i, 6757i‐CT

-Polycom SoundStation IP6000 Conference phone

Exchange 2007 UM Integration Enhancements

Release 6.5 expands the capability of Exchange 2007 Unified Messaging (UM) with the following new features:

-Option to enable voice mail synchronization in Bridged mode.

-Ability to return a call from Exchange voice mail

-Allow caller to “Zero out” from Exchange voice mail greeting

-Outlook 2007 user can click “Play on Phone” option to play the voice mail stored in Exchange through an IP phone

-AltiGen voicemail greeting is disabled when configured as Native mode integration. This eliminates the double ‐greeting when using Native mode.

SIP Trunk Enhancements

Release 6.5 has the following SIP trunk enhancements:

-MobileExtension Support over SIP trunks

-Ability to send the extension Transmitted Caller ID or system Calling Line Number through SIP

trunks.

-Ability to create multiple SIP trunk profiles to support different SIP trunk service parameters. SIP trunk profile can set the following variables for different SIP trunking services:

-Specify different ways of sending calling line ID in SIP protocol

-Define acceptable calling line ID range or a specific number

-Enable sending caller name

-Define incoming DID number field

Global Extension Rerouting over the PSTN

-When a user dials a global extension and the WAN connection to that server is down, the call initiating system dials the target system’s PSTN number and sends the dialed extension number

automatically when the target’s auto ‐attendant answers.

-Enterprise Manager will publish the main PSTN number of each site to all VoIP domain members for PSTN rerouting.

IP Phone Redirect to an Alternate Server

An IP phone can be configured in Enterprise Manager to automatically register to an alternate server when the phone’s home server is down. Thus, the IP phone can still work under the alternate (backup) server. When the home server is recovered, the administrator can switch IP phones back to the home server from Enterprise Manager.

New Windows OS Support

-MAXCS all‐in‐one system can now be installed on Windows 2008 32‐bit.

-HMCP Gateway can be installed on Windows 2008 32‐

bit system.

-MAXCS Softswitch can be installed on Windows 2008 32bit or 64 bit. [MAXCS Softswitch on Windows 2003 64-Bit will not be supported.]

-MaxCommunicator, MaxSupervisor, MaxAgent can be installed on Windows 2008, 2003, Vista 32 ‐bit or 64‐bit editions

The ALTI-MAX1000 server configuration is changing beginning in May 2009. The product part number for the new server is ALTI-MAX1000-B1.
The ALTI-MAX1000-B1 server uses the same CPU processor as the ALTI-MAX1000 but with the following changes:
•
1GB memory
•
Windows XP PRO operating system
Ship date for the new configuration is May 2009.

SEVERITY: HIGH
28 April, 2009
SUMMARY:
 This vulnerability affects: Adobe Reader and Acrobat 9.1 and earlier, on Windows, Mac, *nix computers
 How an attacker exploits it: By enticing your users into viewing a maliciously crafted PDF document
 Impact: An attacker can execute code on your computer, potentially gaining control of it
 What to do: Implement the workarounds described in the Solutions section of this alert
EXPOSURE:
Yesterday, SecurityFocus released an advisory describing a new zero day Adobe Reader exploit they found in the wild. The Proof of Concept (PoC) exploit — written by some calling himself “Arr1val” — seems to leverage a flaw in the Adobe Reader function called “getAnnots()”. As it turns out, Arr1val released two new zero day exploits. The second exploit leverages another Adobe Reader function called “spell.customDictionaryOpen().” Arr1val’s code suggests he confirmed these flaws using Adobe Reader 9.1 and 8.1.4 for Linux. However, we suspect the flaws may affect all current versions of Reader running on any platform.
By enticing one of your users into downloading and opening a malicious PDF document, an attacker could exploit either of these unpatched Reader vulnerabilities to execute code on your user’s computer, with that user’s privileges. If the user had root or local administrator privileges, the attacker would gain complete control of that user’s machine.
Adobe has responded to this incident in a short blog post, saying they are investigating the issue. Since exploit code is widely available and Adobe hasn’t had time to patch yet, these flaws pose a serious risk to Adobe Reader users. We recommend you implement the workarounds described below to mitigate the risk of these dangerous zero day exploits.
SOLUTION PATH
Adobe has not had time to release a patch for these zero day vulnerabilities. However, the workarounds described below should mitigate the risk posed by the exploits currently circulating in the wild.
 Inform your users of this vulnerability. Advise them to remain wary of unsolicited PDF documents arriving via email. If they don’t absolutely need the document, and don’t trust the entity it came from, they should avoid opening it until you patch Adobe Reader.
 Use antivirus (AV) software and make sure it’s up to date. AV vendors will release signatures for these new exploits, so make sure to keep your AV software up to date.
 Disable JavaScript in Adobe Reader. Disabling JavaScript in Adobe Reader could prevent these exploits from succeeding. To disable JavaScript in Adobe Reader, click Edit => Preferences => JavaScript and then uncheck Enable Acrobat JavaScript. Keep in mind, this prevents JavaScript from running in legitimate PDF documents as well.
 Use a gateway device, like your Firebox, to block PDF files. If your users can’t download PDF files, these exploits won’t affect them. Unfortunately, doing this blocks legitimate PDF files as well. Nonetheless, depending on your business needs, you may still want to block PDF files until Adobe releases a patch.
 Use an alternative PDF reader. You can mitigate the risk of these Adobe Reader vulnerabilities by using an alternative PDF reader. Keep in mind, other PDF readers may also suffer security vulnerabilities. However, attackers seem to primarily target the popular Adobe Reader. If it meets your business needs, you may try to adopt one of the alternative PDF readers listed on this site.
We will update this alert when Adobe releases a patch.
FOR ALL WATCHGUARD USERS:
Many of WatchGuard’s Firebox models can block incoming PDF files. However, most administrators prefer to allow these file types for business purposes. Nonetheless, if PDF files are not absolutely necessary to your business, you may consider blocking them using the Firebox’s HTTP and SMTP proxy until Adobe patches.
If you decide you want to block PDF documents, follow the links below for video instructions on using your Firebox proxy’s content blocking features to block .pdf files by their file extension:
 Firebox X Edge running 10.x
 How do I block files with the FTP proxy?
 How do I block files with the HTTP proxy?
 How do I block files with the POP3 proxy?
 How do I block files with the SMTP proxy
 Firebox X Core and X Peak running Fireware 10.x
 How do I block files with the FTP proxy?
 How do I block files with the HTTP proxy?
 How do I block files with the POP3 proxy?
 How do I block files with the SMTP proxy?
STATUS:
We will update you when Adobe releases a patch. Until then, implement the workarounds described above.
REFERENCES:
 SecurityFocus Adobe Reader Advisory
 Adobe blog post
 Adobe Reader getAnnots() exploit code
 Adobe Reader spell.customDictionaryOpen() exploit code

Attackers Target Zero Day PowerPoint Vulnerability

Severity: High

3 April, 2009

Summary:

§  This vulnerability affects: All current versions of Microsoft PowerPoint for Windows and Mac computers (also affects PowerPoint Viewer and Office Compatibility Packs) 

§  How an attacker exploits it: By enticing your users into opening a maliciously crafted PowerPoint presentation

§  Impact: An attacker can execute code on your computer, potentially gaining control of it

§  What to do: Implement the workarounds described in the Solution Path section of this alert

Exposure:

Yesterday, Microsoft released a security advisory warning of a very critical unpatched PowerPoint vulnerability, which attackers have already begun exploiting on the Internet. The vulnerability affects all current versions of PowerPoint for Windows and Mac, as well as the Microsoft PowerPoint Viewer and the Office Compatibility Packs. 

Since Microsoft just learned about this flaw, they don’t describe it in much technical detail. They only say that the flaw involves PowerPoint accessing an invalid object in memory. However, the advisory does tell how attackers can leverage the flaw. By enticing one of your users into downloading and opening a maliciously crafted PowerPoint document (.ppt), an attacker can exploit this vulnerability to execute code on a victim’s computer, usually inheriting that user’s level of privileges and permissions. If your user has local administrative privileges, the attacker gains full control of the user’s machine. 

With attackers actively exploiting this vulnerability in the wild, it poses a significant threat to Microsoft Office and PowerPoint users. Microsoft hasn’t had time to patch the flaw yet, but they plan to in the near future. Until then, we recommend you implement the workarounds described below to mitigate the risk of this dangerous zero day attack.

Solution Path

Microsoft has not had time to release a patch for this zero day vulnerability. However, the workarounds described below should mitigate the risk of attacks currently circulating in the wild.

§  Inform your users of this vulnerability. Advise them to remain wary of unsolicited PowerPoint (.ppt) documents arriving via email. If they don’t absolutely need the document, and don’t trust the entity it came from, they should avoid opening it until Microsoft releases a patch.

§  Use up-to-date antivirus (AV) software. AV companies are sure to release signatures that detect these malicious PowerPoint files. Make sure to update your AV regularly.

§  Use the Microsoft Office Isolated Conversion Environment (MOICE) to open an untrusted PowerPoint document.  MOICE is a Microsoft add on that provides a special environment which allows you to more securely open Word, Excel, and PowerPoint binary format files. For more details on using it, see the “Suggested Actions” section of  Microsoft’s security advisory.

§  Use a gateway device, like your Firebox, to block PowerPoint files. If your users can’t download PowerPoint files, this exploit won’t affect them. Unfortunately, doing this blocks legitimate PowerPoint files as well. Nonetheless, depending on your business needs, you may still consider blocking PowerPoint files until Microsoft releases a patch.

We will update this alert when Microsoft releases a patch.

For All WatchGuard Users:

Many of WatchGuard’s Firebox models can block incoming PowerPoint files. However, most administrators prefer to allow these file types for business purposes. Nonetheless, if PowerPoint files are not absolutely necessary to your business, you may consider blocking them using the Firebox’s HTTP and SMTP proxy until Microsoft releases a fix for this vulnerability.

If you decide you want to block PowerPoint documents, follow the links below for video instructions on using your Firebox proxy’s content blocking features to block .ppt files by their file extension:

§  Firebox X Edge running 10.x

§  How do I block files with the FTP proxy?

§  How do I block files with the HTTP proxy?

§  How do I block files with the POP3 proxy?

§  How do I block files with the SMTP proxy

§  Firebox X Core and X Peak running Fireware 10.x

§  How do I block files with the FTP proxy?

§  How do I block files with the HTTP proxy?

§  How do I block files with the POP3 proxy?

§  How do I block files with the SMTP proxy?

Status:

Microsoft plans to release a patch for this vulnerability. Until then, implement the workarounds described above.

References:

Microsoft Security Advisory