Microsoft is investigating new public reports of a possible vulnerability in Microsoft Internet Information Services (IIS). An elevation of privilege vulnerability exists in the way that the WebDAV extension for IIS handles HTTP requests. An attacker could exploit this vulnerability by creating a specially crafted anonymous HTTP request to gain access to a location that typically requires authentication. Here is what such an attack looks like (from http://milw0rm.com/exploits/8704) The attacker sends a HTTP GET request to the web server.

All my users use Windows XP for now, they have no say in the matter. But me I use Vista 64bits. So I test my application on that. And I have a few VMs to test the windows XP behaviour and try and make them work on both. And sometimes you get to deal with the increased security in ista or Windows 7. For instance you are no longer allowed to write in the Program files folder.

Like the title says. GIVE IT BACK!! Please.

Visual Studio 2010 has been made available to MSDN subscribers yesterday. I downloaded Visual Studio 2010 today and installed it on Windows 7 RC. I took some images so that you can see what it looks like The new welcome screen in Visual Studio 2010 In Visual Studio 2010 you can target frameworks 2.0, 3.0, 3.5 and 4.0 The toolbox has changed in Visual Studio 2010. it looks a lot cleaner to me.

This is a quick one and I see one issue already in the script generating a useless Go, use, go but here we go. Using SMO to script some indexes and FK’s found on tables. Create a new c# app project in VS.NET (mine is named object scripter). Add the GUI objects so it looks like this Paste the code (not error handled and very quickly written..you’ve been warned!!!) below in the code view

Microsoft announced that they have added memcpy() to their list of banned functions. The function memcpy() has been responsible for a bunch of security problems in Microsoft and third party products. The reason for this is that memcpy() is not safe and can cause a buffer overflow. So what is a buffer overflow anyway? Here is what wikipedia has on buffer overflow In computer security and programming, a buffer overflow, or buffer overrun, is an anomaly where a process stores data in a buffer outside the memory the programmer set aside for it.

Read something just now (I’ll leave that link out in respect for others) where a individual asked how they can reboot a server without having to manually fail-back all the mirrored databases once it is back up. The type of mirroring was high availability so the witness would of course fail the principle to the mirror if the decided the server had to be restarted. The answer that seemed to be accepted was to

I’m spawning off a thread that I helped out in on SQLServerCentral for this article. The basic need in the task is, import a bunch of text files, parse out all email address and insert them delimited by “;” into a relational table. This is going to cover a few common things you will need to know how to do in order to successfully build ETL tasks. Use regular expression matches in SSIS transforms, parse them and BULK load them into tables.

If you ever get the question from someone why excel is dividing the number by 100 for no aparent reason, Well then I have the answer 😉 In Excel 2003 goto Tools > Options > Edit > Fixed decimal places. Chances are that that little checkbox is checked. In excel 2007 they changed the description (automaticaly insert a decimal point) for that checkbox and changed it’s location to Office Button > Excel Options > Advanced.

I have been thinking about creating a tool like this for a while now. I know that there is the SQL Server 2005 Best Practices Analyzer and that in SQL server 2008 this has become Policy Management. What I want to create is a pure T-SQL tool where you can just run a stored proc and specify what to check. I wonder if people would be interested in such a tool, I started a therad here: SQLCop and got some feedback from various people.