Microsoft Security Bulletin Minor Revisions - Oct 2013

* MS12-043 - Important

  - http://technet.microsoft.com/security/bulletin/ms12-043

  - Reason for Revision: V3.1 (October 23, 2012): Added the

    KB2721691 update to the Bulletin FAQ that explains which

    updates are available for Windows 8 Release Preview and

    Windows Server 2012 Release Candidate.

  - Originally posted: July 10, 2012

  - Updated: October 23, 2012

  - Bulletin Severity Rating: Critical

  - Version: 3.1

* MS12-066 - Important

  - http://technet.microsoft.com/security/bulletin/ms12-066

  - Reason for Revision: V1.3 (October 23, 2012): Added Microsoft

    Windows SharePoint Services 3.0 Service Pack 3 (32-bit version)

    and Microsoft Windows SharePoint Services 3.0 Service Pack 3

    (64-bit version) to the Affected Software section. This is a

    bulletin change only. There were no changes to the detection

    logic or security update files.

  - Originally posted: October 9, 2012

  - Updated: October 23, 2012

  - Bulletin Severity Rating: Important

  - Version: 1.3

* MS12-OCT

  - http://technet.microsoft.com/security/bulletin/ms12-oct

  - Reason for Revision: V1.3 (October 23, 2012): For MS12-066,

    added Microsoft Windows SharePoint Services 3.0 Service Pack 3

    (32-bit version) and Microsoft Windows SharePoint Services 3.0

    Service Pack 3 (64-bit version) to the Affected Software and

    Download Locations section. This is an informational change

    only. There were no changes to the detection logic or security

    update files.

  - Originally posted: October 9, 2012

  - Updated: October 23, 2012

  - Version: 1.3

Cisco Edition of OpenStack

Cisco released the Cisco Edition of OpenStack. This contains all the core OpenStack services for Essex and Folsom, along with installation scripts and other open source components to make it easier to install and run in production. Cisco has been an active participant in OpenStack since the early days of the Quantum project. During the Diablo Summit in Santa Clara in April 2012, Cisco merged it’s own NaaS proposal with other vendor and provider blueprints to create the Quantum component of OpenStack. Over the last year and a half, we’ve been significant contributors to OpenStack in the following areas:

• Quantum: Cisco Plugin, Linux Bridge Plugin, Extensions and L3 work
• Horizon: Quantum integration
• Nova: VIF drivers model
• devstack

Where Can I Get the Cisco Edition of OpenStack Packages?
The Cisco Edition of OpenStack can be downloaded from this FTP site, and information on the packages can be found on this wiki. The packages are free and open source. The Cisco Edition of OpenStack is tested on Ubuntu 12.04 with the Cisco Nexus family of switches and Cisco UCS C Series servers. You do not need to run the Cisco Edition of OpenStack on Cisco hardware, but it is validated on this hardware configuration. The Cisco Quantum Plugin supports L2 segmentation using VLAN, and is formulated to work with both Open vSwitch as well as the Cisco Nexus sub-plugin. We are evaluating other versions of Linux (RHEL/CentOS) to be validated as the base Linux version.
Cisco Specific Additions
This edition uses Puppet (Puppet Labs) to automate the deployment of OpenStack services and in the Essex version we’ve included other software components required for running in a production setting. Work was done around service assurance. The compute monitoring stack consists of Nagios, Collectd, and Graphite. Compute performance and metric graphs have been integrated with the OpenStack Horizon dashboard. High availability is supported using the open source components ha-proxy, kickstartd and galera. As was mentioned earlier, all of the components of the Cisco Edition of OpenStack are Open Source components. We will release a similar HA version for Folsom shortly.

Microsoft Security Advisory

* Microsoft Security Advisory (2661254)

  - Title: Update For Minimum Certificate Key Length

  - http://technet.microsoft.com/security/advisory/2661254

  - Revision Note: V2.0 (October 9, 2012): Revised advisory to

    rerelease the KB2661254 update for Windows XP and to announce

    that the KB2661254 update for all supported releases of Microsoft

    Windows is now offered through automatic updating. Customers who

    previously applied the KB2661254 update do not need to take any

    action. See advisory FAQ for details.

* Microsoft Security Advisory (2737111)

  - Title: Vulnerabilities in Microsoft Exchange and FAST Search

    Server 2010 for SharePoint Parsing Could Allow Remote Code

    Execution

  - http://technet.microsoft.com/security/advisory/2737111

  - Revision Note: V3.0 (October 9, 2012): Advisory updated to

    reflect publication of security bulletin for Microsoft FAST

    Search Server 2010 for SharePoint.

* Microsoft Security Advisory (2749655)

  - Title: Compatibility Issues Affecting Signed Microsoft Binaries

  - http://technet.microsoft.com/security/advisory/2749655

  - Revision Note: V1.1 (October 9, 2012): Clarified that the updates

    for Windows 8 and Window Server 2012 associated with this

    advisory are included in the "Windows 8 Client and Windows Server

    2012 General Availability Cumulative Update" (KB2756872). This is

    an informational change only.

Red Hat Enterprise Linux VS CENTOS

·         A Red Hat Enterprise Linux subscription results in lower operational costs, centos is not really free.

·         Red Hat is A company: centos is A project

·         Red Hat creates Red Hat Enterprise Linux: centos derives its software from Red Hat

·         Red Hat Enterprise Linux meets us government standards for security: centos does not

·         Red Hat HAs A security team: centos HAs A security forum

·         Red Hat provides Enterprise support: centos customers must rely on community support

·         Red Hat Enterprise Linux undergoes extensive testing: centos provides best-effort testing

·         Red Hat Enterprise Linux is certified with thousands of hardware And software vendors: centos is not

·         Red Hat Enterprise Linux can help  to include your strategic needs in the open source mainstream: centos may be a strategic and governance risk

·         Red Hat is an industry-leading open source technology company: centos is not

·         A Red Hat subscription means collaboration beyond support: centos means self-support or no support