
Nick Barclay’s Review

Nick Barclay from Australia has good things to say about my book “Applied Microsoft Analysis Services in Action”. No, I didn’t sweat blood, but I have to admit that writing this one wasn’t easy! It took me almost twice as long to write it as my previous “Microsoft Reporting Services in Action” book. For the most part, that was because Analysis Services is a focal point of many technologies, including OLAP, data mining, data integration, reporting, performance management, etc. Not to mention that, as Nick said it, it was like trying to hit a moving target because the product was constantly evolving on the way to RTM.

The other main factor for taking so long is that I just can’t write short. I am a firm believer that knowing a product is knowing its limitations. I usually put myself in my reader’s shoes and try to address all possible questions the reader may ask while reading the book. I am committed to point out not only the tool strengths but also its weaknesses (nothing is perfect, right). Of course, this takes time, lots of, lots of time …

TechEd 2006 Europe Announced

TechEd 2006 Europe will take place in Barcelona, Spain (7 -10 November 2006). Barcelona is one of the cities I always wanted to visit and I hope I will be able to make it. Summer could have been much better for a fiesta, of course …

Applied Microsoft Analysis Services 2005 – Bestseller on Amazon!

My book “Applied Microsoft Analysis Services 2005” book is a bestseller on Amazon! It is currently ranked No 94 for Computers and Internet (as of Jan 23). The book is now in its second printing (it’s been available on Amazon since 12/15/2005).

Thank you, thank you, thank you! 


WMF Exploit

There is an extremely nasty new exploit that targets a vulnerability in Windows Fax and Picture viewers (WMF). Usually, I don’t pay much attention to the latest on spyware since IE always asks you to confirm download. But this one is really bad. No IE warnings or security toolbar. If you havigate to a rogue website that uses the exploit, it will bypass the IE security settings. By the time resident anti-spyware and virus shields catch it, it is too late and your machine will be infected, as shown here. For the time being, the workaound is to disable the viewers:

regsvr32 /u shimgvw.dll

Also, do yourself a favor and, if you are not doing this on a regular basis, enable Windows XP System Restore and create a restore point.

Microsoft has isued the following advisory about the new threat.

Microsoft Security Advisory (912840)

Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution.

Microsoft is investigating new public reports of a vulnerability in Windows. Microsoft will continue to investigate the public reports to help provide additional guidance for customers.

Microsoft is aware of detailed exploit code that could allow an attacker to execute arbitrary code in the security context of the logged on user when visiting a Web site, which contains a specially crafted Windows Metafile (WMF) image. An attacker would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker’s Web site.

Customers are encouraged to keep their antivirus software up to date. The Microsoft Windows AntiSpyware (Beta) can also help protect your system from spyware and other potentially unwanted software. We will continue to investigate these public reports.

Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This will include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.

Microsoft encourages users to exercise caution when they open e-mail and links in e-mail from untrusted sources. For more information about Safe Browsing, visit the Trustworthy Computing Web site.

We continue to encourage customers to follow our Protect Your PC guidance of enabling a firewall, applying software updates and installing antivirus software. Customers can learn more about these steps at the Protect Your PC Web site.

Customers who believe they may have been affected by this issue can contact Product Support Services. You can contact Product Support Services in the United States and Canada at no charge using the PC Safety line (1 866-PCSAFETY). Customers outside of the United States and Canada can locate the number for no-charge virus support by visiting the Microsoft Help and Support Web site.

Mitigating Factors:

·          In a Web-based attack scenario, an attacker would have to host a Web site that contains a Web page that is used to exploit this vulnerability. An attacker would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker’s Web site.

·          An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

·          By default, Internet Explorer on Windows Server 2003, on Windows Server 2003 Service Pack 1, on Windows Server 2003 with Service Pack 1 for Itanium-based Systems, and on Windows Server 2003 x64 Edition runs in a restricted mode that is known as Enhanced Security Configuration This mode mitigates this vulnerability where the e-mail vector is concerned although clicking on a link would still put users at risk. In Windows Server 2003, Microsoft Outlook Express uses plain text for reading and sending messages by default. When replying to an e-mail message that is sent in another format, the response is formatted in plain text. See the FAQ section of this vulnerability for more information about Internet Explorer Enhanced Security Configuration.

General Information

±         Overview

Purpose of Advisory: To provide customers with initial notification of the publicly disclosed and exploited vulnerability. For more information see the “Suggested Actions” section of the security advisory for more information.

Advisory Status: Under Investigation

Recommendation: Review the suggested actions and configure as appropriate.



CVE Reference


CERT Reference


Microsoft Knowledge Base Article


This advisory discusses the following software.

Microsoft Windows 2000 Service Pack 4

Microsoft Windows XP Service Pack 1

Microsoft Windows XP Service Pack 2

Microsoft Windows XP Professional x64 Edition

Microsoft Windows Server 2003

Microsoft Windows Server 2003 for Itanium-based Systems

Microsoft Windows Server 2003 Service Pack 1

Microsoft Windows Server 2003 with SP1 for Itanium-based Systems

Microsoft Windows Server 2003 x64 Edition

Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)

Note Microsoft Windows Server 2003 Service Pack 1 and Microsoft Windows Server 2003 x64 Edition also refer to Microsoft Windows Server 2003 R2.

±         Frequently Asked Questions

What is the scope of the advisory?
Microsoft is aware of a new vulnerability report affecting the Graphics Rendering Engine in Microsoft Windows. This vulnerability affects the software that is listed in the “Overview” section.

Is this a security vulnerability that requires Microsoft to issue a security update?
We are currently investigating the issue to determine the appropriate course of action for customers. We will include the fix for this issue in an upcoming security bulletin.

What causes the vulnerability?
A vulnerability in the way that specially crafted WMF images are handled could allow arbitrary code to be executed.

What might an attacker use the vulnerability to do?
An attacker who successfully exploited this vulnerability could take complete control of the affected system. In a Web-based attack scenario, an attacker would host a Web site that exploits this vulnerability. An attacker would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker’s site. It could also be possible to display specially formed Web content by using banner advertisements or by using other methods to deliver Web content to affected systems.

How could an attacker exploit the vulnerability?
An attacker could host a malicious Web site that is designed to exploit this vulnerability through Internet Explorer and then persuade a user to view the Web site.

I am reading e-mail in plain text, does this help mitigate the vulnerability?
Yes. Reading e-mail in plain text does mitigate this vulnerability where the e-mail vector is concerned although clicking on a link would still put users at risk.

Note In Windows Server 2003, Microsoft Outlook Express uses plain text for reading and sending messages by default. When replying to an e-mail message that is sent in another format, the response is formatted in plain text.

I have software DEP enabled on my system, does this help mitigate the vulnerability?
Yes. Windows XP SP2 also includes software-enforced DEP that is designed to reduce exploits of exception handling mechanisms in Windows. By default software-enforced DEP applies to core operating system components and services. This vulnerability can be mitigated by enabling DEP for all programs on your computer.
For additional information about how to “Enable DEP for all programs on your computer”, see the product documentation.

±         Suggested Actions

±         Workarounds

Microsoft has tested the following workaround. While this workaround will not correct the underlying vulnerability, it will help block known attack vectors. When a workaround reduces functionality, it is identified in the following section.

±         Un-register the Windows Picture and Fax Viewer (Shimgvw.dll) on Windows XP Service Pack 1; Windows XP Service Pack 2; Windows Server 2003 and Windows Server 2003 Service Pack 1

To un-register Shimgvw.dll, follow these steps:

1.   Click Start, click Run, type “regsvr32 -u %windir%\system32\shimgvw.dll” (without the quotation marks), and then click OK.

2.   A dialog box appears to confirm that the un-registration process has succeeded. Click OK to close the dialog box.

Impact of Workaround: The Windows Picture and Fax Viewer will no longer be started when users click on a link to an image type that is associated with the Windows Picture and Fax Viewer.

To undo this change, re-register Shimgvw.dll by following the above steps. Replace the text in Step 1 with “regsvr32 %windir%\system32\shimgvw.dll” (without the quotation marks).

·          Microsoft encourages users to exercise caution when they open e-mail and links in e-mail from untrusted sources. For more information about Safe Browsing, visit the Trustworthy Computing Web site.

·          Customers in the U.S. and Canada who believe they may have been affected by this possible vulnerability can receive technical support from Microsoft Product Support Services at 1-866-PCSAFETY. There is no charge for support that is associated with security update issues or viruses.” International customers can receive support by using any of the methods that are listed at Security Help and Support for Home Users Web site.

·          All customers should apply the most recent security updates released by Microsoft to help ensure that their systems are protected from attempted exploitation. Customers who have enabled Automatic Updates will automatically receive all Windows updates. For more information about security updates, visit the Microsoft Security Web site.

·          Protect Your PC

We continue to encourage customers follow our Protect Your PC guidance of enabling a firewall, getting software updates and installing ant-virus software. Customers can learn more about these steps by visiting Protect Your PC Web site.

·          For more information about staying safe on the Internet, customers can visit the Microsoft Security Home Page.

·          Keep Windows Updated

All Windows users should apply the latest Microsoft security updates to help make sure that their computers are as protected as possible. If you are not sure whether your software is up to date, visit the Microsoft Update Web site, scan your computer for available updates, and install any high-priority updates that are offered to you. If you have Automatic Updates enabled, the updates are delivered to you when they are released, but you have to make sure you install them.


·          You can provide feedback by completing the form by visiting the following Web site.

·          Customers in the U.S. and Canada can receive technical support from Microsoft Product Support Services. For more information about available support options, see the Microsoft Help and Support Web site.

·          International customers can receive support from their local Microsoft subsidiaries. For more information about how to contact Microsoft for international support issues, visit the International Support Web site.

·          The Microsoft TechNet Security Web site provides additional information about security in Microsoft products.


The information provided in this advisory is provided “as is” without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.


·          December 28, 2005: Advisory published


My book is selling from Amazon and B&N

At last, my book “Applied Microsoft Analysis Services 2005” is available for purchase from the retail outlets, including Amazon and Barnes & Noble. This completes the arduous and time-consuming book lifecycle which readers are probably unaware of. Here is how it goes… Once the author hands off the final manuscript to the publisher, the publisher sends the electronic copy to the printer. In the case of my book, it took one month for the printer to produce the book. Next, the printer ships the book to the distributor. Then, the distributor sends the books to the wholesalers (Ingram and Baker & Taylor). 

Retailers, such as Amazon and B&N, get the books from the wholesalers. So, from the time the book is received from the distributor, it takes another 30 or so days until the books fill the channels. So, setting the book publication date on Amazon is nothing more than an educated guess about events that are completely out of the publisher’s control. This is only half of the story, of course. If the retailers don’t sell the book in six months, the retailers return the books to the distributor and the book is re-stocked. But this won’t happen to my book, right? 🙂

New Wave of Presentation Delivery – Web Seminars

Yesterday, I delivered a web seminar for WindowsITPro (sponsored by Microsoft) about RS 2005. I have to admit that I really enjoy it. I got more than 340 attendees. This broke my previous of record of 300 for my RS presentation at TechEd Europe 2004. The best thing about a web seminar is that you do it from the comfort of your house or office. No travel, hassle, and travel expenses. No cell phones and other annoying sound effects. Enjoy the silence! The questions get logged in an orderly fashion, so you could preview them before you answer (or don’t :-)). You can do polls too. What could be better?


The only negative thing about this particular seminar is that I was restricted to static content only and I couldn’t share my desktop for live demos. This was a limitation of the technology WindowsITPro is using, of course. Microsoft Live Meeting is perfectly capable of desktop sharing.


I hope the web seminars will catch up and I can do more of them in future. You can find the slides and demos of my Reporting Services 2005 Tips and Tricks web seminar here.


See you soon in cyberspace!

SQL Server 2005 Documentation Refresh

Microsoft has released a refresh of the SQL Server 2005 documentation. On the same page, you will find also a link to a SQL Server 2005 Samples and Sample Databases download.

SQL Server 2005 LoadFest

Atlanta.mdf is hosting a LoadFest event to celibrate the launch of SQL Server 2005. They asked me to stop by and answer tough Business Intelligence questions.. Time permitting, I may do a demo or two.

You may also put in your calendar my next presentation for Atlanta.mdf on 9/1/2006 when I will talk about Analysis Services 2005.


See ya there!

SQL Pass 2005 slides and code

SQL Pass 2005 was a great show. It had about 2,000 attendees, which is great si nce you don’t feel disconnected in the TechEd crowd of 13,000 people. I did a “RS Tips, Tricks, and Gotchas” presentation with Bruce L-C whom I finally had a chance to meet. I think the presentation went very well. I’ve uploaded the slides and the sample code to my website. Among other things the code demonstrates:

  • Excel export scenarios

  • CSV export

  • External images streamed from a web service

  • Expression-based connection strings

  • CLR stored procedures

  • HTTP handler for intercepting the incoming traffic to the server

  • And more…

Happy reporting!

To the summit

If you are attending SQL Pass event next week in Grapevine, TX and you would like to know more about Reporting Services, stop by to my presentation. I am teaming with Bruce Loehle-Conger (MVP – SQL Server) to present the Reporting Services Tips, Tricks and “Gotchas” session.


I have some cool demos that demonstrate retrieving images from a web service, dynamic connection string from configuration file, Analysis Services integration, using CLR stored procedures, and more… If you are not coming, I will upload the code demos on this site after the event.


See you in Texas!