DOCSLIB.ORG

S Security Patches for January 2021 Fix 83 Security Vulnerabilities

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Microsoft's Security Patches for January 2021 Fix 83 Security Vulnerabilities Overview Microsoft released January 2021 security updates on Tuesday which fix 83 vulnerabilities ranging from simple spoofing attacks to remote code execution in various products, including .NET Repository, ASP.NET core & .NET core, Azure Active Directory Pod Identity, Microsoft Bluetooth Driver, Microsoft DTV-DVD Video Decoder, Microsoft Edge (HTML-based), Microsoft Graphics Component, Microsoft Malware Protection Engine, Microsoft Office, Microsoft Office SharePoint, Microsoft RPC, Microsoft Windows, Microsoft Windows Codecs Library, Microsoft Windows DNS, SQL Server, Visual Studio, Windows AppX Deployment Extensions, Windows CryptoAPI, Windows CSC Service, Windows Diagnostic Hub, Windows DP API, Windows Event Logging Service, Windows Event Tracing, Windows Hyper-V, Windows Installer, Windows Kernel, Windows Media, Windows NTLM, Windows Print Spooler Components, Windows Projected File System Filter Driver, Windows Remote Desktop, Windows Remote Procedure Call Runtime, Windows splwow64, Windows TPM Device Driver, Windows Update Stack, and Windows WalletService. Description of Critical and Important Vulnerabilities Some critical and important vulnerabilities are described as follows: @NSFOCUS 2021 http://www.nsfocus.com Microsoft Defender Remote Code Execution Vulnerability (CVE-2021-1647) This vulnerability was in the 0-day state and was found exploited in the wild. Its impact traces back to certain versions of Windows 2008. Remote attackers could exploit this vulnerability to execute arbitrary code on the computer. Microsoft indicated that users can protect against this vulnerability without additional update measures. The update for this vulnerability is part of updates released by Microsoft regularly for its anti-malware products. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1647 Microsoft SharePoint Remote Code Execution Vulnerability (CVE-2021-1707) Microsoft SharePoint contains several important vulnerabilities. The most noteworthy vulnerability is CVE-2021-1707 which allows attackers, by taking advantage of the logged-in user that has proper privileges, to gain access to create SharePoint websites and remotely execute arbitrary code in the kernel. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1707 Windows Win32k Privilege Escalation Vulnerability (CVE-2021-1709) The Win32k system process contains another important vulnerability (CVE-2021-1709) which requires no user interaction. Attackers could exploit this local computer for privilege escalation and execute other attacks with these privileges. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1709 Microsoft splwow64 Elevation of Privilege Vulnerability (CVE-2021-1648) Before this vulnerability CVE-2021-1648 is discovered, researchers from ZDI and Google found the vulnerability CVE-2020-0986 and submitted it to Microsoftware. After the first round of remediation of this vulnerability, researchers found that patches introduced a new out- of-bounds read condition that can lead to privilege escalation. The two vulnerabilities are fixed in patches released in January. As the @NSFOCUS 2021 http://www.nsfocus.com vulnerability CVE-2021-1648 has been exploited in the wild, it is highly likely that this vulnerability CVE-2020-0986 has also been exploited in the wild too. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1648 The following table lists these vulnerabilities. Product CVE ID CVE Title Severity Bot Framework SDK Information .NET Repository CVE-2021-1725 Important Disclosure Vulnerability ASP.NET Core and Visual Studio ASP.NET core & .NET core CVE-2021-1723 Important Denial-of-Service Vulnerability Azure Active Directory Pod Azure Active Directory Pod Identity CVE-2021-1677 Important Identity Spoofing Vulnerability Windows Bluetooth Security Microsoft Bluetooth Driver CVE-2021-1683 Important Feature Bypass Vulnerability Windows Bluetooth Security Microsoft Bluetooth Driver CVE-2021-1684 Important Feature Bypass Vulnerability @NSFOCUS 2021 http://www.nsfocus.com Windows Bluetooth Security Microsoft Bluetooth Driver CVE-2021-1638 Important Feature Bypass Vulnerability Microsoft DTV-DVD Video Microsoft DTV-DVD Video Decoder CVE-2021-1668 Decoder Remote Code Execution Critical Vulnerability Microsoft Edge (HTML-based) Microsoft Edge (HTML-based) CVE-2021-1705 Moderate Memory Corruption Vulnerability GDI+ Remote Code Execution Microsoft Graphics Component CVE-2021-1665 Critical Vulnerability Windows Graphics Component Microsoft Graphics Component CVE-2021-1696 Information Disclosure Important Vulnerability Windows GDI+ Information Microsoft Graphics Component CVE-2021-1708 Important Disclosure Vulnerability Windows Win32k Privilege Microsoft Graphics Component CVE-2021-1709 Important Escalation Vulnerability @NSFOCUS 2021 http://www.nsfocus.com Microsoft Defender Remote Code Microsoft Malware Protection Engine CVE-2021-1647 Critical Execution Vulnerability Microsoft Office Remote Code Microsoft Office CVE-2021-1711 Important Execution Vulnerability Microsoft Excel Remote Code Microsoft Office CVE-2021-1713 Important Execution Vulnerability Microsoft Excel Remote Code Microsoft Office CVE-2021-1714 Important Execution Vulnerability Microsoft Word Remote Code Microsoft Office CVE-2021-1715 Important Execution Vulnerability Microsoft Word Remote Code Microsoft Office CVE-2021-1716 Important Execution Vulnerability Microsoft SharePoint Spoofing Microsoft Office SharePoint CVE-2021-1641 Important Vulnerability Microsoft SharePoint Server Microsoft Office SharePoint CVE-2021-1707 Remote Code Execution Important Vulnerability @NSFOCUS 2021 http://www.nsfocus.com Microsoft SharePoint Privilege Microsoft Office SharePoint CVE-2021-1712 Important Escalation Vulnerability Microsoft SharePoint Server Microsoft Office SharePoint CVE-2021-1718 Important Tampering Vulnerability Microsoft SharePoint Spoofing Microsoft Office SharePoint CVE-2021-1717 Important Vulnerability Microsoft SharePoint Privilege Microsoft Office SharePoint CVE-2021-1719 Important Escalation Vulnerability Windows Remote Procedure Call Microsoft RPC CVE-2021-1702 Runtime Privilege Escalation Important Vulnerability Windows Fax Compose Form Microsoft Windows CVE-2021-1657 Remote Code Execution Important Vulnerability Windows NT Lan Manager Datagram Receiver Driver Microsoft Windows CVE-2021-1676 Important Information Disclosure Vulnerability @NSFOCUS 2021 http://www.nsfocus.com Windows Multipoint Management Microsoft Windows CVE-2021-1689 Important Privilege Escalation Vulnerability Windows Runtime C++ Template Microsoft Windows CVE-2021-1650 Library Privilege Escalation Important Vulnerability Active Template Library Privilege Microsoft Windows CVE-2021-1649 Important Escalation Vulnerability Windows WLAN Service Privilege Microsoft Windows CVE-2021-1646 Important Escalation Vulnerability Windows (modem.sys) Information Microsoft Windows CVE-2021-1699 Important Disclosure Vulnerability Windows LUAFV Privilege Microsoft Windows CVE-2021-1706 Important Escalation Vulnerability HEVC Video Extensions Remote Microsoft Windows Codecs Library CVE-2021-1644 Important Code Execution Vulnerability HEVC Video Extensions Remote Microsoft Windows Codecs Library CVE-2021-1643 Critical Code Execution Vulnerability @NSFOCUS 2021 http://www.nsfocus.com Windows DNS Query Information Microsoft Windows DNS CVE-2021-1637 Important Disclosure Vulnerability Microsoft SQL Privilege Escalation SQL Server CVE-2021-1636 Important Vulnerability Visual Studio Remote Code Visual Studio CVE-2020-26870 Important Execution Vulnerability Windows AppX Deployment Windows AppX Deployment Extensions CVE-2021-1642 Extensions Privilege Escalation Important Vulnerability Windows AppX Deployment Windows AppX Deployment Extensions CVE-2021-1685 Extensions Privilege Escalation Important Vulnerability Windows CryptoAPI Denial-of- Windows CryptoAPI CVE-2021-1679 Important Service Vulnerability Windows CSC Service Privilege Windows CSC Service CVE-2021-1652 Important Escalation Vulnerability @NSFOCUS 2021 http://www.nsfocus.com Windows CSC Service Privilege Windows CSC Service CVE-2021-1653 Important Escalation Vulnerability Windows CSC Service Privilege Windows CSC Service CVE-2021-1654 Important Escalation Vulnerability Windows CSC Service Privilege Windows CSC Service CVE-2021-1655 Important Escalation Vulnerability Windows CSC Service Privilege Windows CSC Service CVE-2021-1659 Important Escalation Vulnerability Windows CSC Service Privilege Windows CSC Service CVE-2021-1688 Important Escalation Vulnerability Windows CSC Service Privilege Windows CSC Service CVE-2021-1693 Important Escalation Vulnerability Diagnostics Hub Standard Windows Diagnostic Hub CVE-2021-1651 Collector Privilege Escalation Important Vulnerability @NSFOCUS 2021 http://www.nsfocus.com Diagnostics Hub Standard Windows Diagnostic Hub CVE-2021-1680 Collector Privilege Escalation Important Vulnerability Windows Docker Information Windows DP API CVE-2021-1645 Important Disclosure Vulnerability Windows Event Logging Service Windows Event Logging Service CVE-2021-1703 Important Privilege Escalation Vulnerability Windows Event Tracing Privilege Windows Event Tracing CVE-2021-1662 Important Elevation Vulnerability Windows Hyper-V Denial-of- Windows Hyper-V CVE-2021-1691 Important Service Vulnerability Windows Hyper-V Denial-of- Windows Hyper-V CVE-2021-1692 Important Service Vulnerability Windows Hyper-V Privilege Windows Hyper-V CVE-2021-1704
Recommended publications
  • Windows Kernel Hijacking Is Not an Option: Memoryranger Comes to The

    Windows Kernel Hijacking Is Not an Option: Memoryranger Comes to The

    WINDOWS KERNEL HIJACKING IS NOT AN OPTION: MEMORYRANGER COMES TO THE RESCUE AGAIN Igor Korkin, PhD Independent Researcher Moscow, Russian Federation [email protected] ABSTRACT The security of a computer system depends on OS kernel protection. It is crucial to reveal and inspect new attacks on kernel data, as these are used by hackers. The purpose of this paper is to continue research into attacks on dynamically allocated data in the Windows OS kernel and demonstrate the capacity of MemoryRanger to prevent these attacks. This paper discusses three new hijacking attacks on kernel data, which are based on bypassing OS security mechanisms. The first two hijacking attacks result in illegal access to files open in exclusive access. The third attack escalates process privileges, without applying token swapping. Although Windows security experts have issued new protection features, access attempts to the dynamically allocated data in the kernel are not fully controlled. MemoryRanger hypervisor is designed to fill this security gap. The updated MemoryRanger prevents these new attacks as well as supporting the Windows 10 1903 x64. Keywords: hypervisor-based protection, Windows kernel, hijacking attacks on memory, memory isolation, Kernel Data Protection. 1. INTRODUCTION the same high privilege level as the OS kernel, and they also include a variety The security of users’ data and of vulnerabilities. Researchers applications depends on the security of consider that “kernel modules (drivers) the OS kernel code and data. Modern introduce additional attack surface, as operating systems include millions of they have full access to the kernel’s lines of code, which makes it address space” (Yitbarek and Austin, impossible to reveal and remediate all 2019).
  • SLDXA /T /L1 – SLX Component List

    SLDXA /T /L1 – SLX Component List

    SLDXA /T /L1 – SLX Component List SLDXA.exe ver 1.0 Copyright (c) 2004-2006 SJJ Embedded Micro Solutions, LLC All Rights Reserved SLXDiffC.exe ver 2.0 / SLXtoTXTC.exe ver 2.0 www.sjjmicro.com Processing... File1 to TXT file. Opening XSL File Reading RTF for final conversion F:\SLXTEST\LOCKDOWN_DEMO2.SLX has the following Components Total Count is: 577 -------------------------------------------------- .NET Framework 1.1 - Security Update KB887998 Accessibility Control Panel Accessibility Core ACPI Fixed Feature Button Active Directory Service Interface (ADSI) Core Active Directory Service Interface (ADSI) LDAP Provider Active Directory Service Interface (ADSI) Windows NT Provider Active Template Library (ATL) Add Hardware Control Panel Add/Remove Programs Control Panel Administration Support Tools Administrator Account Advanced Configuration and Power Interface (ACPI) PC Analog TV Application Compatibility Core Audio Codecs Audio Control Panel Base Component Base Performance Counters Base Support Binaries CD-ROM Drive Certificate Request Client & Certificate Autoenrollment Certificate User Interface Services Class Install Library - Desk Class Install Library - Mdminst Class Install Library - Mmsys Class Install Library - Msports Class Install Library - Netcfgx Class Install Library - Storprop Class Install Library - System Devices Class Installer - Computer Class Installer - Disk drives Class Installer - Display adapters Class Installer - DVD/CD-ROM drives Class Installer - Floppy disk controllers Class Installer - Floppy disk drives
  • Leveraging Forticlient with Microsoft Defender: 6 Use Cases

    Leveraging Forticlient with Microsoft Defender: 6 Use Cases

    SOLUTION BRIEF Leveraging FortiClient with Microsoft Defender: 6 Use Cases Executive Overview A compromised endpoint can quickly infect an entire enterprise network—which FortiClient Features Include: is why endpoint devices are now a favorite target for cyber criminals. More than an endpoint protection platform that provides automated, next-generation threat nnSecurity Fabric Connector. protection, FortiClient connects endpoints with the Security Fabric. It enables Enables endpoint visibility and endpoint visibility and compliance throughout the Security Fabric architecture. compliance throughout the Combining FortiClient with OS-embedded protection, such as Microsoft Security Fabric architecture. Defender or Microsoft Defender ATP, enhances these capabilities, providing nnVulnerability scanning. an integrated endpoint and network security solution that reinforces enterprise Detects and patches endpoint defenses, reduces complexity, and enhances the end-user experience. vulnerabilities. nn Improving Protection of Endpoint Devices Anti-malware protection. Employs machine learning (ML), FortiClient provides automated threat protection and endpoint vulnerability scanning to help artificial intelligence (AI), and maintain endpoint security hygiene and deliver risk-based visibility across the Fortinet Security cloud-based threat detection Fabric architecture. As a result, organizations can identify and remediate vulnerabilities or in addition to pattern-based compromised hosts across the entire attack surface. malware detection. In some cases, customers may wish to take advantage of certain FortiClient features while nnAnti-exploit engine. Uses leaving existing third-party protections in place. For example, in instances where there are signatureless, behavior-based policies in an organization that require two different antivirus (AV) vendors on an endpoint protection against memory and for governance or compliance reasons, the need for FortiClient alongside a third-party AV fileless attacks; detects exploit solution such as Microsoft Defender is necessitated.
  • Guide to Hardening Windows 10 Technical Guide

    Guide to Hardening Windows 10 Technical Guide

    NOVEMBER 2020 Guide to Hardening Windows 10 For Administrators, Developers and Office Workers TABLE OF CONTENTS Introduction .......................................................................................................................... 4 Prerequisites ............................................................................................................................ 4 User roles ................................................................................................................................. 4 EFI (BIOS) Configuration ...................................................................................................... 5 To be enabled: ......................................................................................................................... 5 To be disabled: ......................................................................................................................... 5 Windows Defender Firewall .................................................................................................. 6 Enable logging of dropped packets ............................................................................................. 6 Disable enforcement of local rules and disable notifications .......................................................... 7 Block outbound connections by default ....................................................................................... 8 Secure potentially vulnerable protocols ......................................................................................
  • Microsoft Expands Capabilities and Platforms for Microsoft Defender ATP

    Microsoft Expands Capabilities and Platforms for Microsoft Defender ATP

    REPORT REPRINT Microsoft expands capabilities and platforms for Microsoft Defender ATP JULY 31 2020 By Fernando Montenegro The company has been pouring significant resources into growing its capabilities as a provider of security functionality. It appears to be making significant inroads into the endpoint security space, given its role behind the Windows OS and on account of its Defender ATP offering, which was recently updated. THIS REPORT, LICENSED TO MICROSOFT, DEVELOPED AND AS PROVIDED BY 451 RESEARCH, LLC, WAS PUBLISHED AS PART OF OUR SYNDICATED MARKET INSIGHT SUBSCRIPTION SER- VICE. IT SHALL BE OWNED IN ITS ENTIRETY BY 451 RESEARCH, LLC. THIS REPORT IS SOLELY INTENDED FOR USE BY THE RECIPIENT AND MAY NOT BE REPRODUCED OR RE-POSTED, IN WHOLE OR IN PART, BY THE RECIPIENT WITHOUT EXPRESS PERMISSION FROM 451 RESEARCH. ©2020 451 Research, LLC | WWW.451RESEARCH.COM REPORT REPRINT Introduction Endpoint security had been growing in importance as a key component of security architecture even before the COVID-19 health crisis. Back then, key trends such as user mobility, BYOD and increased use of encryption already meant that properly securing and capturing telemetry from endpoints was crucial for protection, detection and incident response. The COVID-19 crisis merely accelerated this as network connectivity patterns changed and corporate offices sat empty. In recent years the endpoint security market has seen significant change, including the rise in popularity of Microsoft’s offerings, particularly its Microsoft Defender Advanced Threat Protection (MDATP) component. The company has been expanding the capabilities of the product as it adds support for new environments and partners.
  • Microsoft Patches Were Evaluated up to and Including CVE-2020-1587

    Microsoft Patches Were Evaluated up to and Including CVE-2020-1587

    Honeywell Commercial Security 2700 Blankenbaker Pkwy, Suite 150 Louisville, KY 40299 Phone: 1-502-297-5700 Phone: 1-800-323-4576 Fax: 1-502-666-7021 https://www.security.honeywell.com The purpose of this document is to identify the patches that have been delivered by Microsoft® which have been tested against Pro-Watch. All the below listed patches have been tested against the current shipping version of Pro-Watch with no adverse effects being observed. Microsoft Patches were evaluated up to and including CVE-2020-1587. Patches not listed below are not applicable to a Pro-Watch system. 2020 – Microsoft® Patches Tested with Pro-Watch CVE-2020-1587 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability CVE-2020-1584 Windows dnsrslvr.dll Elevation of Privilege Vulnerability CVE-2020-1579 Windows Function Discovery SSDP Provider Elevation of Privilege Vulnerability CVE-2020-1578 Windows Kernel Information Disclosure Vulnerability CVE-2020-1577 DirectWrite Information Disclosure Vulnerability CVE-2020-1570 Scripting Engine Memory Corruption Vulnerability CVE-2020-1569 Microsoft Edge Memory Corruption Vulnerability CVE-2020-1568 Microsoft Edge PDF Remote Code Execution Vulnerability CVE-2020-1567 MSHTML Engine Remote Code Execution Vulnerability CVE-2020-1566 Windows Kernel Elevation of Privilege Vulnerability CVE-2020-1565 Windows Elevation of Privilege Vulnerability CVE-2020-1564 Jet Database Engine Remote Code Execution Vulnerability CVE-2020-1562 Microsoft Graphics Components Remote Code Execution Vulnerability
  • Activex Interface for Objectstore

    Activex Interface for Objectstore

    ACTIVEX INTERFACE FOR OBJECTSTORE RELEASE 3.0 March 1998 ActiveX Interface for ObjectStore Release 3.0, March 1998 ObjectStore, Object Design, the Object Design logo, LEADERSHIP BY DESIGN, and Object Exchange are registered trademarks of Object Design, Inc. ObjectForms and Object Manager are trademarks of Object Design, Inc. Microsoft is a registered trademark and Windows, Windows NT, OLE, and ActiveX are trademarks of Microsoft Corporation. All other trademarks are the property of their respective owners. Copyright © 1989 to 1998 Object Design, Inc. All rights reserved. Printed in the United States of America. Except as permitted under the Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system, without the prior written permission of the publisher. COMMERCIAL ITEM — The Programs are Commercial Computer Software, as defined in the Federal Acquisition Regulations and Department of Defense FAR Supplement, and are delivered to the United States Government with only those rights set forth in Object Design’s software license agreement. Data contained herein are proprietary to Object Design, Inc., or its licensors, and may not be used, disclosed, reproduced, modified, performed or displayed without the prior written approval of Object Design, Inc. This document contains proprietary Object Design information and is licensed for use pursuant to a Software License Services Agreement between Object Design, Inc., and Customer. The information in this document is subject to change without notice. Object Design, Inc., assumes no responsibility for any errors that may appear in this document. Object Design, Inc.
  • Microsoft Defender ATP.Pdf

    Microsoft Defender ATP.Pdf

    Traditional Approach THE SENSORS FABRIC WE DEPLOY Threat Intelligence (TIaaS) Data Loss Prevention Cloud (Office IP/DLP) Directory Services Malware Detection Cloud DC Management User/Entity Behavior Analytics (AAD) (Office ATP/Sonar) (ASC) (AADIP) Classification and Information Protection (AIP) Cloud Application Federation Services Security Broker (ADFS) (MCAS) User/Entity Behavior Analytics (ATA) On Premises On Premises Directory Mobile Device Management DC Management Services (Intune) (OMS) (AD) Endpoint Protection (Defender) LOCALIZED INTELLIGENCE Threat Intelligence (TIaaS) Cloud Data Loss Prevention Directory Services (Office IP/DLP) Malware Detection Cloud DC Management User/Entity Behavior Analytics (AAD) (Office ATP) (ASC) (AADIP) Classification and Information Protection (AIP) Cloud Application Federation Services Security Broker (ADFS) (MCAS) User/Entity Behavior Analytics (ATA) On Premises On Premises Directory Mobile Device Management DC Management Services (Intune) (OMS) (AD) Endpoint Protection (Defender) Microsoft Azure Windows Defender Advanced Threat Protection rules Require the device to be at or under the machine risk score: Set up a connection to Windows Defender Advanced Threat Protection Microsoft 365 ATP | Windows Machine Search for machine, user, file, IP and URL [email protected] Smith m Security operation dashboard Open incidents Statistics Attention required (41) Incidents severities Incident in-progress #1067 In progress Jon-Smith-Lap HIGH MEDIUM LOW INFORMATIONAL Golden ticket compromise: user permissions
  • Summary Report 2020 Awards, Winners, Comments

    Summary Report 2020 Awards, Winners, Comments

    Independent Tests of Anti-Virus Software Summary Report 2020 Awards, winners, comments TEST PERIOD : 2020 LANGUAGE : ENGLISH LAST REVISION : 15TH JANUARY 2021 WWW.AV-COMPARATIVES.ORG Summary Report 2020 www.av-comparatives.org Content INTRODUCTION 3 MANAGEMENT SUMMARY 5 ANNUAL AWARDS 9 PRICING 16 USER EXPERIENCE REVIEW 18 AVAST FREE ANTIVIRUS 21 AVG ANTIVIRUS FREE 24 AVIRA ANTIVIRUS PRO 27 BITDEFENDER INTERNET SECURITY 30 ESET INTERNET SECURITY 34 F-SECURE SAFE 38 G DATA INTERNET SECURITY 41 K7 TOTAL SECURITY 45 KASPERSKY INTERNET SECURITY 48 MCAFEE TOTAL PROTECTION 52 MICROSOFT DEFENDER ANTIVIRUS 55 NORTONLIFELOCK NORTON 360 DELUXE 58 PANDA FREE ANTIVIRUS 61 TOTAL AV ANTIVIRUS PRO 64 TOTAL DEFENSE ESSENTIAL ANTI-VIRUS 67 TREND MICRO INTERNET SECURITY 70 VIPRE ADVANCED SECURITY 73 FEATURELIST COMES HERE 76 COPYRIGHT AND DISCLAIMER 77 2 Summary Report 2020 www.av-comparatives.org Introduction About AV-Comparatives We are an independent test lab, providing rigorous testing of security software products. We were founded in 2004 and are based in Innsbruck, Austria. AV-Comparatives is an ISO 9001:2015 certified organisation. We received the TÜV Austria certificate for our management system for the scope: “Independent Tests of Anti-Virus Software”. http://www.av-comparatives.org/iso-certification/ AV-Comparatives is the first certified EICAR Trusted IT-Security Lab http://www.av-comparatives.org/eicar-trusted-lab/ At the end of every year, AV-Comparatives releases a Summary Report to comment on the various consumer anti-virus products tested over the course of the year, and to highlight the high-scoring products of the different tests that took place over the twelve months.
  • Programming with Windows Forms

    Programming with Windows Forms

    A P P E N D I X A ■ ■ ■ Programming with Windows Forms Since the release of the .NET platform (circa 2001), the base class libraries have included a particular API named Windows Forms, represented primarily by the System.Windows.Forms.dll assembly. The Windows Forms toolkit provides the types necessary to build desktop graphical user interfaces (GUIs), create custom controls, manage resources (e.g., string tables and icons), and perform other desktop- centric programming tasks. In addition, a separate API named GDI+ (represented by the System.Drawing.dll assembly) provides additional types that allow programmers to generate 2D graphics, interact with networked printers, and manipulate image data. The Windows Forms (and GDI+) APIs remain alive and well within the .NET 4.0 platform, and they will exist within the base class library for quite some time (arguably forever). However, Microsoft has shipped a brand new GUI toolkit called Windows Presentation Foundation (WPF) since the release of .NET 3.0. As you saw in Chapters 27-31, WPF provides a massive amount of horsepower that you can use to build bleeding-edge user interfaces, and it has become the preferred desktop API for today’s .NET graphical user interfaces. The point of this appendix, however, is to provide a tour of the traditional Windows Forms API. One reason it is helpful to understand the original programming model: you can find many existing Windows Forms applications out there that will need to be maintained for some time to come. Also, many desktop GUIs simply might not require the horsepower offered by WPF.
  • Acronyms PLUS+

    Acronyms PLUS+

    6.27.14 Acronyms PLUS+ #AXUG Twitter Handle for AXUG #AXUGSummit Twitter Handle for AXUG Summit #MSDYNAX Twitter Handle for Microsoft Dynamics AX AA Analytical Accounting ACH Automated Clearing House is a secure payment transfer system that connects all U.S. financial institutions AD Active Directory ADFS Active Directory Federated Services AIF Application Integration Framework AOS Application Object Server AOT Application Object Tree AP Accounts Payable APS Advanced Planning and Scheduling System AR Accounts Receivable AS Authentication Service ASP Active Server Pages OR Application Service Provider ATL Active Template Library AXPC Dynamics AX Parnter Connections Group, now moving to DPC AXUG Dynamics AX Users Group BI Business Intelligence BIDS Business Intelligence Development Studio BOM Bill of Materials BOO Bill of Operations BP Business Portal BPOS Business Productivity Online Standard Suite BRAP Business Ready Advantage Plan BRL Business Ready Licensing B2B Business To Business B/S Balance Sheet CAL Client Access License CAS Code Access Security CfMD Certified for Microsoft Dynamics CFS Critical Success Factor CMS Content Management Server CoA Chart of Accounts CRM Customer Relationship Management CRMUG Dynamics CRM Users Group CRP Capacity Requirements Planning CRP Conference Room Pilot CTRL Control Button on your computer DCI Dynamic Communities, Inc. DCO Dynamics Client for Office DCOM Distributed Component Object Model DDE Dynamic Data Exchange DDV Drill Down Viewer DPC Dynamics Partner Connections EAI Enterprise Application
  • Special Characters Numbers

    Special Characters Numbers

    Index ■Special Characters AddServiceEndpoint( ) member, ServiceHost type, #define, preprocessor directive, 317–319 1032 #elif, preprocessor directive, 317–318 ADO.NET #else, preprocessor directive, 317–318 additional namespaces, 763–764 #endif, preprocessor directive, 317–318 vs. ADO classic, 759–760 #endregion, preprocessor directive, 317 application configuration files, 769–770 #if, preprocessor directive, 317–318 asynchronous data access, 792–793 #region, preprocessor directive, 317 autogenerated data components, 824–825 #undef, preprocessor directive, 317–319 autogenerating SQL commands, 816–817 % modulo operator, C#, 1097 autoincrementing, 797 & operator, pointer types, 312–313 binding DataTables to user interfaces, 804, 806 * operator, pointer types, 312–313 Command object, 781–782 ?? operator, 133 connected layer, 778 += operator, 610 connected vs. disconnected layer, 760 <%@Page%> directive attribute, ASP.NET, 846 connecting to database, Visual Studio 2005, 776 <%Import%> directive, ASP.NET, 846–847 connection objects, 779–780 => token, 1098 ConnectionStringBuilder object, 780–781 ? suffix, nullable types, 131 connectionStrings element, application configuration, 774–775 ■Numbers data access libraries, 1130 data adapter objects, 811–812 3D graphics graphical service, WPF, 1012 data providers, 760, 762 3D rendered animation, 970 data wizards, 822–825 100% code approach, 1048 DataColumn objects, 796, 798 ■ DataRelation objects, 817–820 A DataRow objects, 798–799, 801 A# programming language, 8 DataRow.RowState property, 799–800 Abort(