Haberler

Microsoft Assessment and Planning Toolkit 7.0 Beta Now Available‏

Belgin TAŞTAN — Thu, 17 May 2012 07:54:56 GMT

Download the beta materials on Connect:

http://go.microsoft.com/fwlink/?LinkId=219165

Accelerate your move to the Private Cloud with MAP 7.0 Beta

Key features and benefits of MAP 7.0 Beta help you:

Understand your readiness to deploy Windows in your environment with hardware and device readiness assessments

Determine Windows Server 2012 Beta readiness

Investigate how Windows Server and System Center can manage your heterogeneous environment through VMware migration and Linux server virtualization assessments

Size your desktop virtualization needs for both Virtual Desktop Infrastructure (VDI) and session-based virtualization using Remote Desktop Services

Ready your information platform for the cloud with the SQL Server 2012 discovery and migration assessment

Evaluate your licensing needs with usage tracking for Lync 2010, active users and devices, SQL Server 2012 and Windows Server 2012 Beta

Yüksek Öğretim Kurulu Bilgi Paylaşım Forumu

Kamil Onat — Sat, 05 May 2012 11:16:41 GMT

Değerli Arkadaşlar,

YÖK bünyesinde bir bilgi paylaşım forumu kuruldu. Mezun yada öğrenci arkadaşlarımız bu forum yardımı ile istek dilek ve görüşlerini paylaşabilirler. http://forum.yok.gov.tr/forums/list.page adresinden foruma ulaşabilirsiniz. Aramızda meslek yüksek okulu mezunu arkadaş çoktur. myo mezunlarının mühendislik tamamalması ile ilgili kısmda var (Teknikerler için Mühendislik Tamamlama)bu foruma girerek sizde görüşlerinizi yazabilirsiniz. Görüş bildiren sayısı ne kadar fazla olursa değerlendirmeleri açısından verimli olur diye düşünmekteyim.

Kolaylıklar dilerim

Windows 8′e 15 dolara sahip olabilirsiniz

kemalettin taylan — Tue, 15 May 2012 12:25:12 GMT

2 Haziran’dan sonra bilgisayar alan kim olursa olsun, işletim sistemini sadece 15 dolara Windows 8’e yükseltebilecek.

Ekim ayında piyasaya sürülecek Windows 8 nedeniyle bilgisayar satışlarında yavaşlama görülüyor. Zira kullanıcılar yeni işletim sistemi olan bir makineyi tercih ederek, yeni yazılım için 100 dolar fazladan ödemek istemiyor.

Microsoft bir kampanya düzenleyerek 2 Haziran’dan itibaren Windows 7 işletim sistemi yüklü bilgisayar satın alanlar, 15 dolar karşılığında yeni işletim sistemine sahip olabilecek.

Konuyla ilgili detaylar henüz açıklanmasa da Microsoft 15 dolarlık kampanyayı doğruladı. Bu nedenle artık bilgisayar almadan önce Ekim’e kadar değil, 2 Haziran’a kadar beklemek yeterli olacak. Bilgisayar alacaklara tavsiyemiz üç hafta sabretmeleri.

Kaynak: btnet.com.tr

Türkiye'nin interneti kesildi!

Ugur BURMA — Sat, 28 Apr 2012 06:07:43 GMT

Türkiye'de dün saatler 22.00'i gösterdiği sıralarda internet çöktü. 2 saat süren kesinti sırasında kullanıcılar şikayetlerini sosyal portallarda dile getirdi.

Türk Telekom'un alt yapısını kullanan başta TTNET olmak uzere internet servis sağlayıcılarda sorun yaşanırken, internet tüm Türkiye'de koptu. İnternetin neden kesildiğine dair ise herhangi bir bilgi veya açıklama yapılmadı.

Cep telefonlarıyla internet girişiminde bir sorun yaşanmazken sabit hatlarla ilgili sorun yaşandı. İnternet kesintisi yaklaşık 2 saat sonra sona erdi. Gece 00.00 itibariyle Türkiye genelinde internete erişim sağlanabiliyor...

Operatörlerin internetinde herhangi bir sıkıntı yaşanmadı; sorun sadece Türk Telekom'un altyapısını kullanan sabit internet servis sağlayıcılarında meydana geldi... Kesinti yaklaşık 2 saat sürdü ve bu süre zarfında kullanıcılar şikayetlerini Facebook, Twitter gibi sosyal portallarda dile getirdi. 3G'de bir kopma olmadığından interneti kesilen kullanıcılar yine internete bağlanarak seslerini duyurdu.

Türk Telekom yetkileri sorunun giderilmesinin ardından twitter üzeriden şu açıklmayı yaptı: "Yaşanan kisa süreli teknik bir aksaklık nedeniyle internet erişiminde bazi bölgelerde kisa süreli sorun yaşanmiş, ekiplerimizin anlık müdahalesi ile yaşanan sorun giderilmiştir. Bilgilerinize sunariz"

Free Hyper-V Backup tool - open source project‏

Hakan UZUNER — Sat, 12 May 2012 11:36:09 GMT

Henüz beta aşamasında olan ücretsiz bir Hyper-V yedekleme aracı, denemenizi tavsiye ederim.

Project Description

The main goal of this project is to provide a very easy and powerful free tool to backup and restore Hyper-V virtual machines, in standalone and clustered (CSV) environments, overcoming all the limitations that a generic tool like Diskshadow provides.

This tool targets Windows 2008, Windows 2008 R2 and Windows 8 / Windows Server 2012 (starting from the currently available beta). All the corresponding core and free Hyper-V editions are also supported!

HVBackup supports app consistent and crash consistent backups through the Hyper V VSS writer component integrated in the operating system.

There are quite a few expensive commercial solutions on the market supporting this scenario, but this is the first open source one, based on the research we did before publishing the project.

We integrated this tool in our datacenter's production environment management infrastructure, which means that it undergoes continuous testing in a real world environment :-)

HVBackup can be invoked from the command line, scripted with Powershell or integrated in any .Net program through it's class library.

The backup process generates a separate zip file for each virtual machine in the specified output directory, containing all the files owned by the VM and identified for backup by the VSS Hyper-V provider.

Requirements:

.Net Framework 3.5, which can be easily enabled on the command line with:

ocsetup NetFx3

or on server core / Hyper-V server:

ocsetup NetFx3-ServerCore

Alessandro Pilotti

http://hypervbackup.codeplex.com/

Microsoft Mac kullanıcılarını gözüne kestirdi

kemalettin taylan — Tue, 08 May 2012 09:23:21 GMT

Mac kullanıcılarını SkyDrive kullanmaya yöneltmek için iCloud ile SkyDrive’ı karşılaştıran bir sayfa hazırladı.

Dev şirketlerin bulut savaşı sürüyor. Microsoft, Apple ve Google’ın başını çektiği milyar dolarlık şirketler, bireysel kullanıcılar için bulut hizmeti sunmak için can atıyor. Ülkemizdeki operatörlerin de bulut rekabetine girdiği pazarda rekabet hızla artıyor. Dropbox’ın önemli ölçüde pazara hakim görünürken alanda Google Drive, Microsoft SkyDrive ve Apple iCloud kullanıcıları çekmeye çalışıyor.

Microsoft, Mac kullanıcılarını kendine çekebilmek için iCloud’u yeren, SkyDrive’ı ise öven bir sayfa açtı. Sayfada özellikle üç alana vurguda bulunuluyor:

• SkyDrive’ın herhangi bir dosyaya herhangi bir yerden erişim ile iCloud’tan kesinlikle ayrıldığı,

• iCloud’un iOS cihazlarla iyi çalıştığı ancak Office araçları için yetersiz olduğu,

• Kişisel notların SkyDrive ve OneNote ile doğrudan paylaşılabildiği öne çıkartılıyor.

Yaygın bir bireysel kullanıcı profili bulunan Apple’ın medya içeriği konusunda iCloud ile avantajlı olduğu görülürken, yaygın Windows ve Office kullanıcılarına sahip Microsoft’un kurumsal alanda biraz daha şanslı olduğu ortaya çıkıyor.

Microsoft’un iCloud için açtığı sayfaya http://windows.microsoft.com/en-US/skydrive/icloud adresinden ulaşabilirsiniz.

Windows Live'e veda zamanı

Ugur BURMA — Sat, 05 May 2012 20:20:00 GMT

Microsoft, Windows 8'in çıkışı ile Windows Live markasını tarihe gömecek
-->

Windows 8 ile çevrimiçi hizmetlerle daha sıkı bütünleşen uygulamalar sunacak olan Microsoft, Windows Live markasını emekliye ayırmaya hazırlanıyor.

Microsoft, bir blog gönderisinde yaptığı açıklamada SkyDrive depolama hizmeti ve Messenger IM hizmetinin Windows Live hizmetiyle yeteri kadar bütünleşmediğini söyledi. Sorun, Windows işletim sistemlerinin şimdiye dek bulutla tam bir etkileşim kurcacak biçimde geliştirilmemiş olması. Ancak hem masaüstü ve laptop'larda, hem de tabletlerde ve diğer cihazlarda çalışacak Windows 8 ile bu değişecek.

Microsof'u önümüzdeki aylarda yapacağı değişiklikler arasında Windows Live ID'yi Microsoft Account olarak değiştirmek ve hesap hizmetinde bazı değişiklikler yaparak onu web tarayıcıları, Windows Phone cihazları, Windows 8'li PC ve tabletlerden erişilebilen bir ana kapı haline getirmek bulunuyor.

Windows 8 ile ön yüklü gelen uygulamalar arasında hem yerel, hem de bulut bileşenlerine sahip olacak uygulamalar, şöyle sıralanıyor: Microsoft Account, SkyDrive, Mail, Calendar, People, Messaging ve Photos/Videos.

Critical Product Vulnerability - May 2012 Microsoft Security Bulletin Release

Hakan UZUNER — Wed, 09 May 2012 08:52:33 GMT

What is the purpose of this alert?

This alert is to provide you with an overview of the new security bulletin(s) being released on May 08, 2012. Security bulletins are released monthly to resolve critical problem vulnerabilities.

New Security Bulletins

Microsoft is releasing the following seven new security bulletins for newly discovered vulnerabilities:

Bulletin ID	Bulletin Title	Max Severity Rating	Vulnerability Impact	Restart Requirement	Affected Software
MS12-029	Vulnerability in Microsoft Word Could Allow Remote Code Execution (2680352)	Critical	Remote Code Execution	May require restart	Microsoft Word 2003, Word 2007, Office Compatibility Pack, Office 2008 for Mac, and Office for Mac 2011.
MS12-030	Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2663830)	Important	Remote Code Execution	May require restart	Microsoft Excel 2003, Excel 2007, Excel 2010, Excel Viewer, Office 2007, Office 2010, Office Compatibility Pack, Office 2008 for Mac, and Office for Mac 2011.
MS12-031	Vulnerability in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution (2597981)	Important	Remote Code Execution	May require restart	Microsoft Visio Viewer 2010
MS12-032	Vulnerability in TCP/IP Could Allow Elevation of Privilege (2688338)	Important	Elevation of Privilege	Requires restart	Microsoft Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
MS12-033	Vulnerability in Windows Partition Manager Could Allow Elevation of Privilege (2690533)	Important	Elevation of Privilege	Requires restart	Microsoft Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
MS12-034	Combined Security Update for Microsoft Office, Windows, .NET Framework, and Silverlight (2681578)	Critical	Remote Code Execution	May require restart	Microsoft Office 2003, Office 2007, Office 2010, .NET Framework, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Silverlight 4, and Silverlight 5.
MS12-035	Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2693777)	Critical	Remote Code Execution	May require restart	Microsoft .NET Framework, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.

Summaries for new bulletin(s) may be found at http://technet.microsoft.com/security/bulletin/MS12-may.

Microsoft Windows Malicious Software Removal Tool

Microsoft is releasing an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Server Update Services (WSUS), Windows Update (WU), and the Download Center. Information on the Microsoft Windows Malicious Software Removal Tool is available at http://www.microsoft.com/security/pc-security/malware-families.aspx.

High Priority Non-Security Updates

High priority non-security updates Microsoft releases to be available on Microsoft Update (MU), Windows Update (WU), or Windows Server Update Services (WSUS) will be detailed in the KB article found at http://support.microsoft.com/?id=894199.

New Security AdvisorY

Microsoft published one new security advisory on May 08, 2012. Here is an overview of this new security advisory:

Security Advisory 2695962	Update Rollup for ActiveX Kill Bits
Affected Software	· Microsoft Windows XP · Windows Server 2003 · Windows Vista · Windows Server 2008 · Windows 7 · Windows Server 2008 R2
Executive Summary	Microsoft is releasing a new set of ActiveX kill bits with this advisory. This update sets the kill bits for the following third-party software: · Cisco Clientless VPN solution · The class identifier (CLSID) for this ActiveX control is: · {B8E73359-3422-4384-8D27-4EA1B4C01232}
More Information	http://technet.microsoft.com/security/advisory/2695962

Public Bulletin Webcast

Microsoft will host a webcast to address customer questions on these bulletins:

Title: Information about Microsoft May Security Bulletins (Level 200)

Date: Wednesday, May 09, 2012, 11:00 A.M. Pacific Time (UTC-8)

URL: https://msevents.microsoft.com/CUI/EventDetail.aspx?culture=en-US&EventID=1032499667

New Security Bulletin Technical Details

In the following tables of affected and non-affected software, software editions that are not listed are past their support lifecycle. To determine the support lifecycle for your product and edition, visit the Microsoft Support Lifecycle website at http://support.microsoft.com/lifecycle/.

Bulletin Identifier	Microsoft Security Bulletin MS12-029
Bulletin Title	Vulnerability in Microsoft Word Could Allow Remote Code Execution (2680352)
Executive Summary	This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted RTF file. The security update addresses the vulnerabilities by modifying the way that Microsoft Office parses RTF-formatted data.
Severity Ratings and Affected Software	· This security update is rated Critical for all supported editions of Microsoft Word 2007. · This security update is also rated Important for all supported editions of Microsoft Word 2003, Microsoft Office 2008 for Mac, and Microsoft Office for Mac 2011; and all supported versions of Microsoft Office Compatibility Pack.
Attack Vectors	· This vulnerability requires that a user open or preview specially crafted RTF-formatted data with an affected version of Microsoft Office software. · In an email attack scenario, an attacker could exploit the vulnerability by sending specially-crafted RTF-formatted data in the contents of an email message. The vulnerability could be exploited when the specially crafted RTF email message is previewed or opened in Outlook while using Microsoft Word as the email viewer. An attacker could also exploit the vulnerability by sending a specially-crafted RTF file as an attachment and convincing the user to open the specially crafted RTF file. Note that by default, Microsoft Word is the email reader in Outlook 2007. · In a web-based attack scenario, an attacker could host a website that contains an Office file that is used to attempt to exploit this vulnerability. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could exploit this vulnerability. In all cases, an attacker would have no way to force users to visit a specially crafted website. Instead, an attacker would have to convince them to visit the website, typically by getting them to click a link that takes them to the attacker's site, and then convince them to open the specially crafted Office file.
Mitigating Factors	· An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. · In a web-based attack scenario, an attacker would have no way to force users to visit a malicious website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker’s website, and then convince them to open the specially crafted Office file.
Restart Requirement	This update may require a restart.
Bulletins Replaced by This Update	MS11-094, MS11-089, and MS10-079.
Full Details	http://technet.microsoft.com/security/bulletin/MS12-029

Bulletin Identifier	Microsoft Security Bulletin MS12-030
Bulletin Title	Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2663830)
Executive Summary	This security update resolves one publicly disclosed and five privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Office file. The security update addresses the vulnerabilities by correcting the way that Microsoft Excel validates data when opening specially crafted Excel files.
Severity Ratings and Affected Software	This security update is rated Important for all supported editions of Microsoft Excel 2003, Microsoft Excel 2007, Microsoft Office 2007, Microsoft Excel 2010, Microsoft Office 2010, Microsoft Office 2008 for Mac, and Microsoft Office for Mac 2011; it is also rated Important for supported versions of Microsoft Excel Viewer and Microsoft Office Compatibility Pack.
Attack Vectors	· These vulnerabilities require that a user open a specially crafted Excel file with an affected version of Microsoft Excel. · In an email attack scenario, an attacker could exploit these vulnerabilities by sending a specially crafted Excel file to the user and by convincing the user to open the file. · In a web-based attack scenario, an attacker would have to host a website that contains a specially crafted Excel file that is used to attempt to exploit this vulnerability. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could exploit this vulnerability. An attacker would have no way to force users to visit a specially crafted website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link that takes them to the attacker's site, and then convince them to open the specially crafted Excel file.
Mitigating Factors	· In a web-based attack scenario, an attacker would have to convince users to visit the malicious website, typically by getting them to click a link in an email message or Instant Messenger message that takes them to the attacker's website, and then convince them to open the specially crafted Excel file. · An attacker who successfully exploited these vulnerabilities could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. · These vulnerabilities cannot be exploited automatically through email. For an attack to be successful a user must open an attachment that is sent in an email message..
Restart Requirement	This update may require a restart.
Bulletins Replaced by This Update	MS11-096, MS11-094, MS11-089, and MS11-072.
Full Details	http://technet.microsoft.com/security/bulletin/MS12-030

Bulletin Identifier	Microsoft Security Bulletin MS12-031
Bulletin Title	Vulnerability in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution (2597981)
Executive Summary	This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Visio file. The security update addresses the vulnerability by modifying the way that Microsoft Visio Viewer validates data when parsing specially crafted Visio files.
Severity Ratings and Affected Software	This security update is rated Important for all supported editions of Microsoft Visio Viewer 2010.
Attack Vectors	· This vulnerability requires that a user open a specially crafted Visio file with an affected version of Microsoft Visio Viewer. · In an email attack scenario, an attacker could exploit the vulnerability by sending a specially crafted Visio file to the user and by convincing the user to open the file. · In a web-based attack scenario, an attacker would have to host a website that contains a specially crafted Visio file that is used to attempt to exploit this vulnerability. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could exploit this vulnerability. An attacker would have no way to force users to visit a specially crafted website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link that takes them to the attacker's site, and then convince them to open a specially crafted Visio file.
Mitigating Factors	· By default, all supported versions of Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML email messages in the Restricted sites zone. The Restricted sites zone, which disables script and ActiveX controls, helps reduce the risk of an attacker being able to use this vulnerability to execute malicious code. If a user clicks a link in an email message, the user could still be vulnerable to exploitation of this vulnerability through the web-based attack scenario. · By default, Internet Explorer on Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2 runs in a restricted mode that is known as Enhanced Security Configuration. This mode mitigates this vulnerability. · In a web-based attack scenario, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker’s website, and convince them to open the specially crafted Visio file. · An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Restart Requirement	This update may require a restart.
Bulletins Replaced by This Update	MS12-015
Full Details	http://technet.microsoft.com/security/bulletin/MS12-031

Bulletin Identifier	Microsoft Security Bulletin MS12-032
Bulletin Title	Vulnerability in TCP/IP Could Allow Elevation of Privilege (2688338)
Executive Summary	This security update resolves one publicly disclosed and one privately reported vulnerability in Microsoft Windows. The more severe of these vulnerabilities could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application. The security update addresses the vulnerabilities by modifying the way that Windows Firewall handles outbound broadcast packets and by modifying the way that the Windows TCP/IP stack handles the binding of an IPv6 address to a local interface.
Severity Ratings and Affected Software	This security update is rated Important for all supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
Attack Vectors	CVE-2012-0174 (Windows Firewall bypass vulnerability) · In order to use this vulnerability, an attacker would first have to gain access to the local subnet of the target computer. An attacker could then use another vulnerability to acquire information about the target system or execute code on the target system. CVE-2012-0179 (TCP/IP double free vulnerability) · To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take complete control over the affected system.
Mitigating Factors	CVE-2012-0174 (Windows Firewall bypass vulnerability) · An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. CVE-2012-0179 (TCP/IP double free vulnerability) · Microsoft has not identified any mitigating factors for this vulnerability.
Restart Requirement	This update requires a restart.
Bulletins Replaced by This Update	MS11-083
Full Details	http://technet.microsoft.com/security/bulletin/MS12-032

Bulletin Identifier	Microsoft Security Bulletin MS12-033
Bulletin Title	Vulnerability in Windows Partition Manager Could Allow Elevation of Privilege (2690533)
Executive Summary	This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application. The security update addresses the vulnerability by correcting the way that Windows Partition Manager allocates objects in memory.
Severity Ratings and Affected Software	This security update is rated Important for all supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
Attack Vectors	To exploit this vulnerability, an attacker would first have to log on to the system and then run a specially crafted application that could exploit the vulnerability and take complete control over the affected system.
Mitigating Factors	An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.
Restart Requirement	This update requires a restart.
Bulletins Replaced by This Update	None
Full Details	http://technet.microsoft.com/security/bulletin/MS12-033

Bulletin Identifier	Microsoft Security Bulletin MS12-034
Bulletin Title	Combined Security Update for Microsoft Office, Windows, .NET Framework, and Silverlight (2681578)
Executive Summary	This security update resolves three publicly disclosed vulnerabilities and seven privately reported vulnerabilities in Microsoft Office, Microsoft Windows, the Microsoft .NET Framework, and Microsoft Silverlight. The most severe of these vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits a malicious webpage that embeds TrueType font files. The security update addresses the most severe of these vulnerabilities by correcting the manner in which affected components handle specially crafted TrueType font files and by correcting the manner in which GDI+ validates specially crafted EMF record types and specially crafted EMF images embedded within Microsoft Office files.
Severity Ratings and Affected Software	· This security update is rated Critical for all supported releases of Microsoft Windows; for Microsoft .NET Framework 3.0 Service Pack 2, Microsoft .NET Framework 3.5.1, and Microsoft .NET Framework 4, except when installed on Itanium-based editions of Microsoft Windows; and for Microsoft Silverlight 4 and Microsoft Silverlight 5. · This security update is rated Important for Microsoft Office 2003, Microsoft Office 2007, and Microsoft Office 2010.
Attack Vectors	CVE-2011-3402 (TrueType font parsing vulnerability) · In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit this vulnerability and then convince a user to view the website. · In a file sharing attack scenario, an attacker could provide a specially crafted document file that is designed to exploit this vulnerability, and then convince a user to open the document file. CVE-2012-0159 (TrueType font parsing vulnerability) · In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit this vulnerability and then convince a user to view the website. · In a file sharing attack scenario, an attacker could provide a specially crafted document file that is designed to exploit this vulnerability, and then convince a user to open the document file. · In a local attack scenario, an attacker could also exploit this vulnerability by running a specially crafted application to take complete control over the affected system. CVE-2012-0162 (.NET Framework buffer allocation vulnerability) · Web browsing attack scenario: An attacker could host a specially crafted website that contains a specially crafted XBAP (XAML browser application) that could exploit this vulnerability and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. It could also be possible to display specially crafted web content by using banner advertisements or by using other methods to deliver web content to affected systems. · Windows .NET applications attack scenario: This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions. CVE-2012-0164 (.NET Framework index comparison vulnerability) · An unauthenticated attacker could send a small number of specially crafted requests to an affected site, causing a denial of service condition. CVE-2012-0165 (GDI+ record type vulnerability) · Web attack scenario: An attacker could host a specially crafted web site that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website. This can also include compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit this vulnerability. It could also be possible to display specially crafted web content by using banner advertisements or by using other methods to deliver web content to affected systems. · Email attack scenario: an attacker could exploit the vulnerability by sending Outlook users a specially crafted email, or by sending a specially crafted Office Document to the user and by convincing the user to open the file or read the message. · Attackers could also exploit this vulnerability by hosting a malicious image on a network share and then convincing a user to browse to the folder in Windows Explorer. CVE-2012-0167 (GDI+ heap overflow vulnerability) · This vulnerability requires that a user open a specially crafted Office document with an affected version of Microsoft Office. · In an email attack scenario, an attacker could exploit the vulnerability by sending a specially crafted Office file to the user and by convincing the user to open the file. · In a web-based attack scenario, an attacker would have to host a website that contains a specially crafted Office document that is used to attempt to exploit this vulnerability. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could exploit this vulnerability. CVE-2012-0176 (Silverlight double-free vulnerability) · An attacker could host a specially crafted website that contains a specially crafted Silverlight application that could exploit this vulnerability and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit this vulnerability. It could also be possible to display specially crafted web content by using banner advertisements or by using other methods to deliver web content to affected systems. CVE-2012-0180 (Windows and messages vulnerability) · An attacker would first have to log on to the system, then run a specially crafted application that could exploit the vulnerability and take complete control over the affected system. CVE-2012-0181 (Keyboard layout file vulnerability) · An attacker would first have to log on to the system, then run a specially crafted application that could exploit the vulnerability and take complete control over the affected system. CVE-2012-1848 (Scrollbar calculation vulnerability) · An attacker would first have to log on to the system, then run a specially crafted application that could exploit the vulnerability and take complete control over the affected system.
Mitigating Factors	CVE-2011-3402 (TrueType font parsing vulnerability) and CVE-2012-0159 (TrueType font parsing vulnerability) · In a web browsing attack scenario, an attacker would have no way to force users to visit these websites. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker's website. · By default, all supported versions of Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML email messages in the Restricted sites zone, which disables font download by default. If a user clicks a link in an email message, the user could still be vulnerable to exploitation of this vulnerability through the web-based attack scenario. The vulnerability could also be exploited if a user opens an attachment that is sent in an email message. CVE-2012-0162 (.NET Framework buffer allocation vulnerability) · In a web browsing attack scenario, an attacker would have no way to force users to visit these websites. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker's website. · By default, Internet Explorer on Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2 runs in a restricted mode that is known as Enhanced Security Configuration. This mode mitigates this vulnerability only on Windows Server 2008 and Windows Server 2008 R2, and only in a web browsing attack scenario. · On systems where MS11-044 has been applied, users will be prompted before XBAP applications will execute when in the Internet Zone of Internet Explorer. A user must click through this prompt in order to run the XBAP application on their system. CVE-2012-0165 (GDI+ record type vulnerability) and CVE-2012-0167 (GDI+ heap overflow vulnerability) · In a web browsing attack scenario, an attacker would have no way to force users to visit these websites. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker's website. · An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. CVE-2012-0176 (Silverlight double-free vulnerability) · In a web browsing attack scenario, an attacker would have no way to force users to visit these websites. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker's website. · By default, Internet Explorer on Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2 runs in a restricted mode that is known as Enhanced Security Configuration. This mode mitigates this vulnerability only on Windows Server 2008 and Windows Server 2008 R2, and only in a web browsing attack scenario. · An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. CVE-2012-0180 (Windows and messages vulnerability), CVE-2012-0181 (Keyboard layout file vulnerability), and CVE-2012-1848 (Scrollbar calculation vulnerability) · An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. CVE-2012-0164 (.NET Framework index comparison vulnerability) · Microsoft has not identified any mitigating factors for this vulnerability.
Restart Requirement	This update may require a restart.
Bulletins Replaced by This Update	MS11-029, MS12-018, and MS12-019.
Full Details	http://technet.microsoft.com/security/bulletin/MS12-034

Bulletin Identifier	Microsoft Security Bulletin MS12-035
Bulletin Title	Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2693777)
Executive Summary	This security update resolves two privately reported vulnerabilities in the .NET Framework. The vulnerabilities could allow remote code execution on a client system if a user views a specially crafted webpage using a web browser that can run XAML Browser Applications (XBAPs). The security update addresses the vulnerabilities by correcting the manner in which the .NET Framework serialization process handles trusted and untrusted data.
Severity Ratings and Affected Software	This security update is rated Critical for all supported editions of the Microsoft .NET Framework on all supported editions of Microsoft Windows.
Attack Vectors	· Web attack scenario: An attacker could host a specially crafted website that contains a specially crafted XBAP (XAML browser application) that could exploit this vulnerability and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these websites. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or in an Instant Messenger message that takes users to the attacker's website. It could also be possible to display specially crafted web content by using banner advertisements or by using other methods to deliver web content to affected systems. · Windows .NET applications attack scenario: This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions.
Mitigating Factors	· In a web browsing attack scenario, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker's website. · By default, Internet Explorer on Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2 runs in a restricted mode that is known as Enhanced Security Configuration. This mode mitigates this vulnerability only on Windows Server 2008 and Windows Server 2008 R2, and only in a web browsing attack scenario. · For CVE-2012-0160: Standard .NET Framework applications are not affected by this vulnerability. Only specially crafted .NET Framework applications could exploit this vulnerability.
Restart Requirement	This update may require a restart.
Bulletins Replaced by This Update	MS11-044, MS11-078, MS11-100, and MS12-016.
Full Details	http://technet.microsoft.com/security/bulletin/MS12-035

Regarding Information Consistency

We strive to provide you with accurate information in static (this mail) and dynamic (web-based) content. Microsoft’s security content posted to the web is occasionally updated to reflect late-breaking information. If this results in an inconsistency between the information here and the information in Microsoft’s web-based security content, the information in Microsoft’s web-based security content is authoritative.

Gmail'de otomatik çeviri dönemi başladı

Belgin TAŞTAN — Wed, 02 May 2012 14:29:02 GMT

Gmail'de farklı dillerde yazılmış elektronik postaların otomatik olarak çevrilmesi dönemi resmen başladı.

Örneğin size gelmiş Japonca bir e-postayı anında İngilizce olarak okuyabileceksiniz. Ayrıca Fransızca bilmeden bir Fransızla iletişim kurabileceksiniz.

Otomatik mesaj çevirisi, Gmail Lab'da Mayıs 2009'da tanıtılmıştı. Test aşamasını geçen e-mail çeviri uygulamasını Google Translate'in ürün müdürü Jeff Chin duyurdu.

Gmail kullanıcılarının bu özellikten birkaç gün içinde faydalanmaya başlayabileceği açıklandı.

Yapılması gereken tek şey size gelmiş farklı dildeki bir e-mail'i "Translate Message" butonuna tıklayarak istediğiniz herhangi bir dile çevirmekten ibaret.

Çok dilli kullanıcılar için bu özelliği kapatma imkanı da sunuluyor.

Microsoft Yahoo mühendislerini transfer etti!

kemalettin taylan — Thu, 03 May 2012 13:24:53 GMT

Microsoft, önemli bir hamle yaparak, Yahoo’nun 14 başarılı mühendisini transfer etti.

Yazılım devi, geçtiğimiz ay yönetimi kurulundaki bazı isimler de dahil, şirket genelinde iki bin çalışanın işine son vermişti. Microsoft, bu operasyonun ardından New York’ta kurduğu yeni yazılım laboratuvarında görev alacak mühendisler bulmak için kollarını sıvamıştı. Şirket, eleman boşluğunu Yahoo’nun eski çalışanlarıyla kapattı.

Microsoft Research New England ve New York laboratuvarlarının yöneticisi Jennifer Chayes, blogunda transfer edilen isimleri açıkladı. Hepsi eski Yahoo mühendisi olan isimler arasında Duncan Watts, David Pennock ve John Langford alanında oldukça başarılı kişiler var. Microsoft’un yeni çalışanları, insanların internette nasıl etkileşime girdiği ve bilgi paylaştıkları konusunda çalışmalar yürütecek.

Chayes, blogunda yaptığı açıklamada, “Microsoft Research New York laboratuvarı, Microsoft bünyesindeki ve dünya genelindeki araştırmacıların, New York böglesindeki akademi ve teknoloji çevreleriyle etkileşime girmesini sağladığı gibi, Microsoft’a yeni yetenekler kazanma fırsatı sunuyor” dedi.

GÖREV DAĞILIMI BELİRLENDİ
Chayes, bilgisayar bilimi ve ekonomi alanında araştırmaları bulunan David Pennock’un, laboratuvarın yönetici yardımcılığını yürüteceğini ve günlük faaliyetleri kontrol edeceğini ifade etti. Columbia Üniversitesi’nde sosyoloji alanında öğretim üyeliği yapan Duncan Watts, sayısal ve deneysel sosyal bilimlere odaklanırken, John Langford’un ölçülebilir etkileşimli makine öğrenimi üzerinde özelleştiği ifade edildi.

Chayes, “yeni çalışanlarının sadece bireysel yeteneklerinden yararlanmayacaklarını, aynı zamanda ekip ruhuyla enerji ve hırslarını ortaya çıkaracaklarını” belirtti.

Microsoft’un yeni mühendisleri, önde gelen akademisyenler, siyasi ve sanayi araştırmacılarıyla etkileşimde bulunan 850’den fazla mühendisin oluşturduğu ağın bir parçası olacak.

Intel Ivy Bridge Çıkış Tarihi

ilkaybaydur — Fri, 13 Apr 2012 23:58:45 GMT

İntel in yeni nesil işlemcilerinin çıkış tarihi 23 Nisan 2012 ve çıkacak olan modeller,özellikleri ve fiyatları şu şekilde;

Core i7-3770K 3.5GHz (3.9GHz, 8mb, 77 watt): 332 dolar

Core i7-3770 3.4GHz (3.9GHz, 8mb, 77 watt): 294 dolar

Core i7-3770s 3.1GHz (3.9GHz, 8mb, 65 watt): 294 dolar

Core i5-3570K 3.4GHz (3.8GHz, 6mb, 77 watt): 216 dolar

Core i5-3550 3.3GHz (3.7GHz, 6mb, 77 watt): 205 dolar

Core i5-3450 3.1GHz (3.5GHz, 6mb, 77watt): 184 dolar

Core i5-3450s 2.8GHz (3.5GHz, 6mb, 65 watt):184 dolar

Reklam Sms ve E-postalarına Yasak

ilkaybaydur — Fri, 04 May 2012 23:38:38 GMT

TBMM Elektronik Ticaret ile ilgili Kanun Tasarısı'nı kabul etti.

Artık telefonlarımıza ve eposta adreslerimize izinsiz gönderiler 10 bin TL ye kadar ceza yaptırımına tabi tutulacak.

Ana başlıklar kısaca şu şekilde;

Promosyon mesajları anlaşılır bir dilde olacak şartlar açık olacak ve şüpheye yer bırakmayacak.

İstersek hiçbir sebep sunmadan bu iletileri reddetme hakkına sahip olabileceğiz.

Ayrıca Cinsel ve Siyasi içerikli iletiler izinsiz gönderilmeyecek.

BlackBerry 10 resmen tanıtıldı

Belgin TAŞTAN — Wed, 02 May 2012 14:32:42 GMT

RIM, Blackberry 10 geliştirici cihazını resmen tanıttı

RIM firmasının bu yıl iddialı olmayı planladığı BlackBerry 10 işletim sistemi ile ilgili detayları paylaşacağı BlackBerry World etkinliği yapıldı ve BlackBerry 10 geliştirici cihazı da resmen tanıtıldı.

Cihaz 4.2 inçlik 1280 x 768 piksel çözünürlükte bir ekrana sahip. Bu da onu piyasadaki üst seviye modellerle aynı seviyeye getiriyor. 16GB depolama kapasitesine sahip cihazda 1GB RAM bulunuyor. İşlemci konusunda bir detay paylaşılmamış. Bu haliyle cihaz küçük bir PlayBook modelini andırıyor.

Cihaz resmi olarak piyasaya sürülmeyecek. Sadece geliştiricilere BB 10 platformuna uygun uygulamalar geliştirmesi açısından yardımcı olacak. Ancak yıl sonuna doğru piyasaya sürülmesi beklenen BB 10 cihazları hakkında da fikir veriyor.

QWERTY fiziksel klavyeden vazgeçildiği eleştirilerine ise RIM böyle bir durumun söz konusu olmadığını belirterek cevap verdi.

Google'dan Microsoft'a büyük çalım

Turan COŞKUN — Wed, 02 May 2012 09:10:20 GMT

Google'ın "Amerikan Hükümeti Microsoft'u kayırıyor" davası sonunda meyvesini verdi. Google, yazılım devi Microsoft'u yenerek 35 milyon dolarlık bir anlaşmaya imza atı.

ABD İçişleri Bakanlığı, başta e-posta olmak üzere birçok çevrimiçi sistemini güçlendirmek ve verimini artırmak için, 90 bin çalışanının bilgisayarlarında ve mobil cihazlarında Google uygulamaları kullanacak.

Microsoft, Office 365 ile Google uygulamaları arasında bir seçim yapan Bakanlık, Google ile yaklaşık 35 milyon dolar değerinde yedi yıllık bir anlaşma yapma kararı aldı.

Bu açıklama üzerine Microsoft yetkilileri, bu karardan duydukları üzüntüyü dile getirdi ve bu Bakanlığı bu seçime iten nedeni araştıracaklarını söyledi.

Google’ın ortaklarından Onix Networking’in, anlaşma gereğince 60 gün içinde söz verdiği teknik çalışmaları tamamlaması gerekiyor.

GOOGLE DAVASINDA HAKLI BULUNDU

Microsoft ile 25 Ocak 2012'de yapılacak anlaşmaya karşı dava açan Google, İçişleri Bakanlığı bünyesinde Microsoft'un kaydırıldığını iddia etmişti. Google'ın bu iddiasını haklı bulan Washington Federal Mahkemesi yargıçlarından Susan Braden, bu iddiayı yerinde bulunca 25 Ocak'ta imzalanacak anlaşma da ertelenmiş oldu.

Salı günü İçişleri Bakanlığı'nın açıklamasının ardından ise anlaşmanın bu kez Google ile yapıldığı görüldü.

Bulut teknolojisi üzerine yatırımlarını sürdüren bu iki dev şirketten Google, mail hizmetleri dışında Google Docs ile de kullanıcılara hizmet veriyor. Microsoft ise Office 365 ile Office paketi ile Bulut Bilişim'in gücünden faydalanıyor.

http://www.hurriyet.com.tr/teknoloji/20464951.asp

SkyDrive 25GB ınızı kaybetmek istemiyorsanız!

Hakan UZUNER — Tue, 24 Apr 2012 07:36:54 GMT

Skydrive kapasitesi 7GB a indirildi, eğer 25GB niza ihtiyacınız var ise ve geri isterseniz (belli bir süre) limited time loyalty offer altında veriyorlar.

Detayları aşağıdaki linkten öğrenebilirsiniz.

Limited time loyalty offer

http://windows.microsoft.com/en-us/skydrive/loyalty?SignedIn=1

Action:

1. Yapılması gereken sadece accountunuz ile logon olmak ve skydrive sekmesinden claim linkine tıklamak.

2. Ardından gelen ekranda SkyDrive Free 25GB storage seçebiliyorsunuz

e-Reçete Resmi Gazetede Yayınlandı ve Yürürlüğe Girdi

Rahmi DILLI — Fri, 27 Apr 2012 05:31:06 GMT

Doktorların elektronik ortamda yazacağı ve elektronik imza ile imzalayacakları elektronik reçeteler (e-reçete) artık eczanelerde kabul edilecek. Eczaneler ve Eczane Hizmetleri Hakkında Yönetmelikte yapılan Değişiklik, Resmi Gazete'de yayımlanarak yürürlüğe girdi

Yönetmeliğin 22. maddesine göre, eczanelerde, yalnızca tabipler, diş tabipleri ve veteriner hekimler tarafından yazılan reçeteler kabul ediliyordu. İnternet, faks, telefon, kurye, komisyoncu ve benzeri yollarla eczanelere gelen reçeteler geçersiz sayılıyordu.

Değişiklikle “hekimlerin elektronik ortamda yazarak bunu güvenli elektronik imza ile imzalamalarıyla gerçekleşen elektronik reçeteler (e-reçete)” bu hükmün dışında kaldı.

http://turk.internet.com/portal/yazigoster.php?yaziid=36897

Microsoft Security Essentials 4.0 Versiyonu Çıktı

Evren Banger — Thu, 26 Apr 2012 11:54:11 GMT

Download linki : http://www.microsoft.com/download/en/details.aspx?id=5201

İyi çalışmalar.

Windows 8 ve Windows Server 2012 Release Preview Haziranda

Evren Banger — Thu, 26 Apr 2012 06:25:46 GMT

Gerekli açıklama linkte mavcut iyi çalışmalar.

http://blogs.msdn.com/b/dohollan/archive/2012/04/23/windows-8-release-preview-coming-june-2012.aspx

Vodafone Türkiye Office 365 Satmaya Başladı!

Hakan UZUNER — Wed, 25 Apr 2012 07:57:47 GMT

Vodafone Türkiye Office 365 satmaya başladı.

Detaylar için aşağıdaki linki inceleyebilirsiniz.

http://www.vodafone.com.tr/Is-Ortagim/Office-365.php

Recommended Hotfixes for Windows Server 2008 R2 Service Pack 1

Hakan UZUNER — Wed, 25 Apr 2012 07:55:51 GMT

Her zamanki gibi test ederek uygulamanızda fayda var!

1. OVERVIEW

The RFL (Reference Fix List) is divided in several lists, by server role:

•

The list « SERVER RFL » is recommended for all types of servers.

•

The following « SERVER ROLE RFL » are currently available:

•	FAILOVER CLUSTERING SERVER
•	PRINT SERVER
•	REMOTE DESKTOP SERVER
•	DOMAINS (DOMAIN_CONTROLLER and DOMAIN_MEMBER)

•

The general list « SERVER RFL » includes the following sub lists:

•	CORE OS
•	STORAGE & FILE SYSTEM
•	NETWORK
•	DOMAIN MEMBER
•	WMI

Usage: for a specific server, the RFL must be aggregated by server role, for instance:

•	For a cluster: SERVER RFL and FAILOVER CLUSTERING SERVER RFL
•	For a print server: SERVER RFL and FAILOVER CLUSTERING SERVER RFL and PRINT SERVER RFL

Note: The RFL (Reference Fix List) is a list of recommendations. Therefore, customers must verify that these updates apply to their environment to determine if the related driver, service or component is currently installed or not. Customers may contact Microsoft Support for additional assistance.

2. HOTFIXES BY SERVER ROLE

2.1 Windows Server 2008 R2 Service Pack 1RFL P0

All Security Updates are available from Windows Update

2.1.1. P0 - Server Core OS (Storage & File System )

Kernel

KB2417038 http://support.microsoft.com/kb/2417038
A child process cannot be created by calling a CreateProcess function that uses the PROC_THREAD_ATTRIBUTE_PREFERSec_NODE parameter in Windows 7 or in Windows Server 2008 R2

2.1.2. P0 - Server Networking

TCPIP	KB2477730 http://support.microsoft.com/kb/2477730 The TCP Chimney Offload feature fails on all network adapters in Windows Server 2008 R2 or in Windows 7 if you disable or change the properties of a network adapter
NDIS	KB2471472 http://support.microsoft.com/kb/2471472 An NDIS device cannot be failed over on a fault-tolerant system that is running Windows 7 or Windows Server 2008 R2 after you suddenly remove another NDIS device
RDBSS	KB2254637 http://support.microsoft.com/kb/2254637 "0x0000007F" Stop error occurs when the connection to some shared files is lost on a computer that is running Windows Vista, Windows Server 2008, Windows 7 or Windows Server 2008 R2
MRXSMB v1.0	KB2444328 http://support.microsoft.com/kb/2444328 You cannot access shared files or shared printers in Windows 7 or in Windows Server 2008 R2
RPCSS	KB2401588 http://support.microsoft.com/kb/2401588 Remote procedure call service crashes on a computer that is running Windows Server 2003 SP2, Windows Vista, Windows Server 2008, Windows 7 or Windows Server 2008 R2

2.1.3. P0 - SERVER – STORAGE & FILE SYSTEM

MPIO	KB2277904 http://support.microsoft.com/kb/2277904 You cannot access an MPIO-controlled storage device in Windows Server 2008 R2 after you send the "IOCTL_MPIO_PASS_THROUGH_PATH_DIRECT" control code that has an invalid MPIO path ID
VOLSNAP	KB2460912 http://support.microsoft.com/kb/2460912 "0x0000007E" Stop error when you create snapshots of a volume in Windows Server 2008 R2 or in Windows 7

2.1.4. P0 - SERVER – WMI

WMI

KB2465990 http://support.microsoft.com/kb/2465990
"0x80041002 (WBEM_E_NOT_FOUND)" error occurs when you try to open a WMI namespace on a computer that is running Windows 7 or Windows Server 2008 R2

2.2. Windows Server 2008 R2 Service Pack 1RFL P1

2.2.1. P1 - Server Core OS (Storage & File System )

Nothing

2.2.2. P1 - Server Networking

Nothing

2.2.3. P1 - DomainMember & DomainController Roles

KERBEROS	(DOMAIN MEMBER & DOMAIN CONTROLLER) KB2425227 http://support.microsoft.com/kb/2425227 (download link) MS11-013: Description of the security update for Kerberos in Windows 7 and in Windows Server 2008 R2: February 8, 2011
DFS	(DOMAIN MEMBER & DOMAIN CONTROLLER) KB2464365 http://support.microsoft.com/kb/2464365 The ACL permission of some DFS folders is incorrectly reset after you restart the DFS Namespace service in Windows Server 2008 or in Windows Server 2008 R2
DFSR	(DOMAIN MEMBER & DOMAIN CONTROLLER) KB2461385 http://support.microsoft.com/kb/2461385 The DFS Replication service leaks download tasks, and an outgoing replication backlog occurs in Windows Server 2008 R2

2.2.4. P1 – Failover Clustering Server Role

CLUSSVC	KB2494162 http://support.microsoft.com/kb/2494162 The Cluster service stops unexpectedly on a Windows Server 2008 R2 failover cluster node when you perform multiple backup operations in parallel on a cluster shared volume
CSVFILTER	KB2494016 http://support.microsoft.com/kb/2494016 Stop error 0x0000007a occurs on a virtual machine that is running on a Windows Server 2008 R2-based failover cluster with a cluster shared volume, and the state of the CSV is switched to redirected access
WIN32SPL	KB2493115 http://support.microsoft.com/kb/2493115 "Access is denied" error when you try to open the Properties dialog box of a shared printer that is connected to a computer that is running Windows 7 or Windows Server 2008 R2 Note: on clustered print servers.

2.2.5. P1 - Print Server Role

WIN32SPL	KB2493115 http://support.microsoft.com/kb/2493115 "Access is denied" error when you try to open the Properties dialog box of a shared printer that is connected to a computer that is running Windows 7 or Windows Server 2008 R2
SPOOLSV	KB2480118 http://support.microsoft.com/kb/2480118 You cannot print results to files by using web applications in Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, or Windows Server 2008 R2 after you install security update MS10-061

2.2.6. P1 – Remote Desktop Server Role

WIN32K	KB2479628 http://support.microsoft.com/kb/2479628 (download link ) MS11-012: Vulnerabilities in Windows kernel-mode drivers could allow elevation of privilege
TERMDD PCIVOLMGR	KB2490742 http://support.microsoft.com/kb/2490742 "0x0000007B" Stop error when you replace an iSCSI or PCI Express network adapter or a motherboard with an identical device on a Windows Server 2008 R2-based or Windows 7-based computer
RDPDR	KB2431799 http://support.microsoft.com/kb/2431799 Stop error 0x0000007E occurs when multiple users establish Remote Desktop Services sessions to a Windows Server 2008 R2-based computer

2.2.7. P1 SERVER ROLE – HYPER-V

Important: after applying Service Pack 1 on a server running Windows Server 2008 R2, Integration Components must be updated within all Windows guest virtual machines.

HVAX64 HVBOOTH VIX64	KB2263829 http://support.microsoft.com/kb/2263829 The network connection of a running Hyper-V virtual machine may be lost under heavy outgoing network traffic on a computer that is running Windows Server 2008 R2 SP1 Note: mandatory, regression in Service Pack 1!
Hyper-V	KB961804 http://support.microsoft.com/kb/961804 Virtual machines are missing in the Hyper-V Manager Console or when you create or start a virtual machine, you receive one of the following error codes: "0x800704C8", "0x80070037" or "0x800703E3"