Shadow Brokers malware – update your Windows pcs and servers

April 18th, 2017 by Stephen Jones No comments »

Last Friday, hacker group Shadow Brokers released 300 MB of alleged exploits and surveillance tools targeting Windows PCs and servers. There was also evidence of hacks on the SWIFT banking system.

Microsoft in a blog post published late Friday night by Philip Misner, principal security group manager at the Microsoft Security Response Center (MSRC) said that most of these vulnerabilities were patched by previous updates
“We work to swiftly validate the claim and make sure legitimate, unresolved vulnerabilities that put customers at risk are fixed,” Once validated, engineering teams prioritize fixing the reported issue as soon as possible, taking into consideration the time to fix it across any impacted product or service, as well as versions, the potential threat to customers, and the likelihood of exploitation.”

In the case of the Shadow Brokers leak, “most of the exploits that were disclosed fall into vulnerabilities that are already patched in our supported products,” Misner wrote,

The following exploits were already addressed, via the updates listed in parentheses:
•EternalBlue (MS17-010)
•EmeraldThread (MS10-06)
•EternalChampion (CVE-2017-0146 and CVE-2017-0147)
•ErraticGopher (Addressed prior to the release of Windows Vista)
•EsikmoRoll (MS14-068)
•EternalRomance (MS17-010)
•EducatedScholar (MS09-050)
•EternalSynergy (MS17-010)
•EclipsedWing (MS08-067)

The three remaining exploits—EnglishmanDentist, EsteemAudit, and ExplodingCan—cannot be reproduced on supported Microsoft platforms, Misner wrote. That means that users running Windows 7 and later versions, as well as those using Exchange 2010 and later versions, are not at risk. However, users that are still running older versions of those products should upgrade immediately, the post said.

Security researchers have been speculating about why Microsoft mitigated these specific attacks a full month before they were published online. One theory is that an NSA source warned Microsoft about the impending leaks. Another sign that Microsoft may have gained prior knowledge of the exploits was its unprecedented delay in releasing its monthly updates in February, for which it did not give a reason, ZDNet reported.

For enterprise Microsoft users, the key takeaway is to always ensure your machines and software are up to date. It’s also important to stay informed on these types of breaches, especially when your business is one that deals with sensitive data.

No comments »

Posted in Microsoft, Technology

ASC 606 is coming in 2018

April 17th, 2017 by Stephen Jones No comments »

ASC 606 is an updated accounting standard issued by FASB and IASB that is designed to ensure revenue recognition is consistent across industries, geographies, and capital markets. It is intended to increase financial statement comparability across companies and reduce the complexity in revenue recognition.

It applies to virtually all sectors where there are “contracts with customers” (exceptions include leases, insurance, and financial instruments).

The transition period for ASC 606 is underway. If it affects your business then save yourself the hassle and start planning and re-evaluating your contracts now. Don’t underestimate the time or effort required to bring your systems and processes into compliance especially if you are also having to update your systems to accommodate the introduction of VAT.

While it may appear that the changes primarily take place in 2018, there is a 2-year accounting retrospective. Take advantage of this time to prepare for conducting business under this new guidance.

No comments »

Posted in Corporate Perfomance Management, Dynamics 365, Microsoft Dynamics Ax, Microsoft Dynamics CRM, Sunsystems and Vision

Microsoft Office 365 Updates for April 2017 -ask Synergy Software Systems, Dubai

April 17th, 2017 by Stephen Jones No comments »

One of the benefits of Office 365 is the continual updates in functionality, be it user experience or administration tools.

Yammer Integration
• Integration with Office 365 Groups
• Creating a new Yammer Group will create an Office 365 Group
• Requires only 1 Yammer network for your organization

Visio Online
• New Add-ins on mobile apps ◦12 Million Users of Visio Worldwide
◦ Use in your browser
◦ Comments
◦ New Visio Javascript APIs

Microsoft Teams
• Rolling out to users worldwide

Profile Experience
• Admin Setup is now in three pages
Extended profile card experience
Improves collaboration
Look up documents related to the card
Organization chart

Excel Get and Transform
• New horizontal list expansion
• Enhanced SQL Server connector – support for SQL Failover option

Service Health Dashboard
Now available to all customers
• Splits into incidents and advisories
• Provide feedback on usefulness of information

No comments »

Posted in Dynamics 365, Microsoft, Microsoft Dynamics Ax, Microsoft Dynamics CRM, Technology

Office malware patch due out today.

April 11th, 2017 by Stephen Jones No comments »

A new exploit, reported by McAfee, uses trick Microsoft office files to install malware on a user’s machine and can bypass existing protection methods. According to the report, the attacks started in January and leverage a vulnerability that hadn’t yet been disclosed. The hack affects all versions of Office, the report noted, including the latest version of Office 2016 on Windows 10.

This exploit uses fake versions of Office files—like Word documents—to install malware on a victim’s computer.
The problem starts when a user is sent a fake Word document from the attacker. Once the user tries to open the file, a malicious HTML application is downloaded from the attacker’s server and is then executed as an .hta file (disguised as an RTF document), giving the hacker full code execution on the victim’s computer, the report noted.”… this is a logical bug, and gives the attackers the power to bypass any memory-based mitigations developed by Microsoft,” the McAfee report said.

Once the damage is done, a fake Word document is shown to the user, but at that point it is too late—malware is already installed on the machine. The vulnerability lies in the Windows Object Linking and Embedding (OLE) feature in office.

Microsoft is planning a patch for the vulnerability today – Tuesday, April 11.

it is important that users protect themselves.
1.”Do not open any Office files obtained from untrusted locations.”
2.”According to our tests, this active attack cannot bypass the Office Protected View, so we suggest everyone ensure that the Office Protected View is enabled.”

Malware continues to grow as a major security threat in the enterprise. Apple recently patched a mysterious malware known as proton, and other “invisible” forms of malware have recently been found in Windows Powershell and other testing tools.

Your internet history is now for sale.
Smartphone malware rises 400% in 2016, Nokia reports

No comments »

Posted in Security and Compliance

SQL memory

April 10th, 2017 by Stephen Jones No comments »

While I am a big fan of maximizing memory its important to consider your memory configuration!
You add RAM in a physical server and expect it to work as you want.
Anything that leverages lots of RAM to function, including a database server, can take a substantial performance hit on performance.
Depending on the DIMM configuration, you might slow down your memory speed, which will slow down your application servers.
This speed decrease is virtually undetectable from the OS.
An example : To configure 384GB of RAM on a new server.
The server has 24 memory slots.
• You could populate each of the memory slots with 16GB sticks of memory to get to the 384GB total.
• Or, you could spend a bit more money to buy 32GB sticks of memory and only fill up half of the memory slots.
• Your outcome is the same amount of RAM.
• Your price tag on the memory is slightly higher than the relatively cheaper smaller sticks.
In this configuration, a 16GB DIMM configuration runs the memory 22% slower than if you buy the higher density sticks.

Check out page 63 of the server build guide for an HPE Proliant DL380 Gen9 server. https://www.hpe.com/h20195/v2/getpdf.aspx/c04346247.pdf

The fully populated 16GB stick configuration runs the memory at 1866 MHz.
When you only fill in the 32GB sticks on half the number of slots, then the memory runs at 2400 MHz.

SQL Server dynamically acquires and frees memory as required. Typically, an administrator does not have to specify how much memory is allocated to SQL Server. However, the max server memory option can be useful in some environments. Make sure that sufficient memory is available for the operation of Windows Server. . For example, make sure that you run a dedicated instance of SQL Server on a server that has at least 4 gigabytes (GB) of memory. If the available memory for the server drops below 500 megabytes (MB) for extended periods, then the performance of the server may degrade.

Use the ‘Memory: Available Mbytes performance counter’ for the Windows Server operating system to determine whether the available memory drops below 500 MB for extended periods. If the available memory drops below 500 MB frequently or for extended periods, then we recommend that you reduce the max server memory setting for SQL Server or increase the physical memory of the server.

No comments »

Posted in SQL, Technology

Management Reporter CU16 – ask Synergy Software Systems, Dubai

April 6th, 2017 by Stephen Jones No comments »

This release includes the ability to use Management Reporter over HTTPS, and it includes several quality fixes.

NOTE: CU16 will be the last formal CU release for Management Reporter 2012 for Dynamics AX 2012.

Summary of the new Management Reporter CU16 features:
• HTTPS Support for Server and client components
• Add Hebrew (he-il) localization
• Additional fixes for product defects (all quality fixes)

Details of additional product quality fixes for MR 2012 (related to Dynamics AX):
3751976: Wildcards and ranges doesn’t return all valid dimension combinations
3753112: Dimension filter uses an OR condition instead of an AND in different scenarios when two dimensions are specified
3755023: Dimension filter uses an OR condition instead of an AND if using a dimension value that does not exist
3767519: Report generation fails when using a dimension value setting in the reporting tree based on MainAccount
3768350: Company Integration very slow when many records in SECURITYUSERROLECONDITION table
3768609: MR CU15 Known Issue – @DateLong AutoText header displays day of week in web viewer
3771542: Integration fails if collation is different between tempdb and Microsoft Dynamics AX database
3778344: Vendor name transaction attribute isn’t correct when using a virtual company with a shared table collection that includes VendTable
3794033: Report generation fails when there is a duplicated name for a dimension value

Ensure you have the following prerequisites:
• Management Reporter 2012 CU16 requires SQL Server 2012 or higher.
• PowerShell 3.0 is required.
• The Microsoft .NET Framework 4.6.1 is required, but is no longer automatically downloaded and prompted for installation.

For a complete list of prerequisites, review the system requirements. https://www.microsoft.com/en-us/download/details.aspx?id=5916

HTTPS Feature Overview:
The use of HTTPS and SSL provides an additional level of security to protect your financial data on your local network, your intranet, or from your cloud-based deployment. This feature enables secure communication with an https:// address when viewing reports in the web viewer, desktop viewer, and when designing reports.

This is an optional feature that will require removing and re-configuring the services after an upgrade of HTTPS or during a new installation.

There are a few requirements to the HTTPS feature support, :
• The HTTPS feature will only work on Server 2008 R2 or later. Configuration will fail on Server 2008.
• The Migration Wizard does not support HTTPS. You can use the Migration Wizard with CU16, and then remove the services and enable HTTPS with your existing database after migration has completed.
• All clients need a certificate verifying that the server hosting the Management Reporter services is trusted. The certificate will need to be distributed and installed on all clients. The certificate can be a purchased certificate from a certificate authority, a domain certificate from Windows Certificate Services, or a self-signed certificate from the server hosting Management Reporter (a self-signed certificate is not recommended for production).
For the Report Designer client, it will continue to connect to the HTTP port for initial connection, but will automatically use HTTPS after connected. For example, if your default HTTP port is 4712, and HTTPS port is 4713, you will enter the following address into the Report Designer client: http://MRServer:4712

Management Reporter CU16 Release: 2.12.16000.17
NOTE: There are no changes to the data mart schema in this release, so no upgrade to the data mart database will be required.
You can view which ERP versions are supported by this release by reviewing compatibility list here.
You can find the EN-US download for Management Reporter CU16 here: https://mbs.microsoft.com/customersource/northamerica/MR/downloads/service-packs/MROverview

No comments »

Posted in Dynamics 365, Microsoft Dynamics Ax

Dynamics 365 Operations – Ax PACT CEO Conference 2017

April 5th, 2017 by Stephen Jones No comments »

Just back from Amsterdam.

Leaders of some of the best Dynamics Ax practices globally met in Amsterdam to share experiences and to hear from Microsoft leaders on the future direction of Dynamics 365:

– Chandru Shankar Manufacturing Industry Director for Microsoft Business Solutions EMEA,
– Sri Srinivasan, General Manager for Microsoft Dynamics 365 for Operations in the Cloud and Enterprise – Group
– Mike Ehrenberg, Microsoft Technical Fellow.

One thing is clear – digital transformation is happening now.

Chandru opened with a well known quote from Jack Welch:

“If the rate of change on the outside exceeds the rate of change on the inside, the end is near.”

Let me add some more of Jack Welch’s insights on the same theme:
“Face reality as it is, not as it was or as you wish it to be.”
“Change before you have to.”
“If you don’t have a competitive advantage, don’t compete.”
“If you are not confused, you don´t know what is going on.”
“When launching something new, you have to go for it—“playing not to lose” can never be an option.”
“as Google CEO Larry Page put it in his 2014 TED talk: “The main thing that has caused companies to fail, in my view, is that they missed the future.”
― Jack Welch

A telling statistic is that 86% of the1955 Fortune 500 have failed since its inception in 1955.
Source: http://www.briansolis.com/2013/02/no-business-is-too-big-to-fail-or-too-small-to-succeed-sobering-stats-on-business-failures/

A study from the John M. Olin School of Business at Washington University estimates that 40 percent of today’s F500 companies on the S&P 500 will no longer exist in 10 years. Startups in the areas of information, transportation, communication, and utilities have the highest failure rates, while finance insurance and real estate tend to be more successful. But the grim reality, is that almost 50 percent of new businesses, independent of the industry, don’t make it to four years.

Microsoft itself has had to make rapid changes, and its partner network has had to run closely behind to keep up. The companies that come together in AxPACT are examples of those who are proven to able to leverage the new Dynamics 365 technology stack to effect digital transformation.

Looking back over our 25 year history we have seen the move from AS400 to the introduction of laptops, to smart phones, the internet, fax, email, mobile, RFID,GPS, social media, and the cloud. All these technologies were disruptive in their own way but they also created new business paradigms lean manufacturing, ecommerce.

With predictive analytics, Big data, IoT, and virtual reality, the future continues to offer new challenges and new opportunities and Microsoft continues to deliver us enhanced toolsets to drive digital transformation.

In the afternoon session Sri Srinavasan and Mike Ehrenberg answered direct questions from the partners about the current status and future direction of the Dynamics 365 story: Dynamics 365 with Edge computing hybrid/on premise, the role of the Apps store, the move from over-layered code to extensions and what that means for regular product upgrades, the rapid adoption rate this year of Dynamics 365 with over 500 projects under implementation, the Common Data Store and how it will support new features going forward .e.g for HR, and Power Bi reporting.

No comments »

Posted in Dynamics 365

Azure infographic

April 3rd, 2017 by Stephen Jones No comments »

What can you do on the azure cloud?
Ask Synergy Software Systems: 0097143365589

No comments »

Posted in Dynamics 365, Microsoft, Microsoft Dynamics Ax, Microsoft Dynamics CRM, SharePoint and EPM, Technology

Dynamics Ax 2012 buy now – no more new sales after July 2017

April 3rd, 2017 by Stephen Jones No comments »

Microsoft has provided 90-days’ notice of new pricing and branding for Microsoft Dynamics AX 2012 R3, with the release of, Microsoft Dynamics 365 for Operations (On-Premises), effective July 1, 2017.

Customers have the option of purchasing from either the Microsoft Dynamics AX 2012 R3 pricelist or Microsoft Dynamics 365 for Operations (On-Premises) price list from June 1, 2017 to June 30, 2017.

Effective from July 1, 2017, Microsoft Dynamics AX 2012 R3 will no longer be available for new customers. However, existing customers can continue to purchase additional licenses as required.

No comments »

Posted in Dynamics 365, Microsoft Dynamics Ax

VAT Phase 1 – open for registration.

March 20th, 2017 by Stephen Jones No comments »

An event aimed at all businesses to explain the rules of the new VAT system will cover the general application of the new VAT rules and will not focus on any specific industry sector.​ Several workshops are scheduled across the U.A.E.

Dubai
Date:12/04/2017
Morning session Time:09:00 AM-12:00 PM
Afternoon session Time: 02:00 PM-05:00 PM
Attendees:500
Place: Please note that the exact venue details will be sent to you 72 hours before the event.

Similar events will be held on 18th and 30th April in Dubai.

An excise briefing will be held Excise Tax briefing. An event aimed at businesses involved in the import, production and sale of tobacco products, carbonated drinks and energy drinks to explain the rules of the new Excise Tax system , ​will be held 10 May in Dubai.

An event aimed at small and medium businesses to explain the rules of the new VAT system. The event will cover the general application of the new VAT rules and will not focus on any specific industry sector.​
City:Dubai
Date:16/05/2017
Time:09:00 AM-12:00 PM

Similar session are planned for other Emirates details: https://www.mof.gov.ae/En/Pages/workshops.aspx

No comments »

Posted in Corporate Perfomance Management, Dubai and regional news, Events