It is patch day (10)....

TheMSsForum.com: The Microsoft Software Forum

The MSS Forum ‹ Security
- Archive
  - Biz
  - MCSE
  - CRM
  - Drivers
  - Framework
  - ADO
  - ASP
  - Compact
  - Forms
  - Dotnet
  - C#
  - VB
  - FontpageGen
  - Excel
  - WorkSheet
  - Exchange
  - Setup
  - Fox
  - Fontpage
  - ASP
  - IIS
  - Entourage
  - Money
  - Messanger
  - PocketPC
  - Powerpoint
  - Project
  - Publisher
  - Excel
  - VB
  - Security
  - Portal
  - Services
  - SQLServerDev
  - SVCS
  - SQLServer
  - VB
  - VC
  - MFC
  - ExcelGen

- Previous
  - 1
    - June Patches - where are they? it's 8am PST and nothing So, it's June 14th - where are the patches? Does MS release them at a certain time - like 10am PST or something? I'm very very eager to get them today, but I don't feel like sitting here at my browser clicking links and refreshing every 10 min in some hope they released them. Would be nice if there was a specific TIME to go along w/the specific day. Tag: It is patch day (10).... Tag: 72624
  - 2
    - Administrator password Hi, We have been told we have to change our Domain Administrator password. Is this as simple as going into A/D and reseting the password or is there more involved. Any advice would be grateful. Thx Tag: It is patch day (10).... Tag: 72621
  - 3
    - all in one fax, copier, scanner.........safe? are there any security issues with connecting an all-in-one to a networked machine? ie- is it possible to hack into the device via the phone line and then gain access to the computer~ domain? Tag: It is patch day (10).... Tag: 72620
  - 4
    - Compare Security config between two w2k servers Can Security Configuration and Analysis be used to compare two server's security configs? I have created a new database and a blank template file. Using these to load Security Configuration and Analysis and then Analyze Computer Now results in the Database Setting being Undefined and the Computer Setting showing the server's config. Now I want to "save/import/update" the Database Setting with the Computer Setting. Then open this database on another server to "highlight" security config differences. Many thanks Dan Tag: It is patch day (10).... Tag: 72619
  - 5
    - Unknown file Does anybody know what this file does? C:\wj2jovma.sys? I've searched google and MS to no avail. I checked properties for the file but that was usless. I'm concerned this is a virus that has gone undetected. Thanks, --Jim -- JPB Tag: It is patch day (10).... Tag: 72606
  - 6
    - Remote Desktop Connection Hello I am currently using "remote desktop connection", I am impressed with the speed and stability of it, but I would like to know if any one has found any serious security issues involved in useing it. Also when two people log on remotley as Administrator, does this drop the account on the machine and drop any programs running. My bussines partner and I both logged on remotley as Administrators and this caused a fatal error and caused the server to reboot. Thank you in advanced for any help offered Adrian :o) Tag: It is patch day (10).... Tag: 72604
  - 7
    - MS document encryption I want to ensure that documents passworded by our staff are encrypted with something stronger than the 40-bit encryption provided by default. Accordingly, I have followed the advice given in the MS Office Assistance document "Import Aspects of Password and Encryption Protection" on setting the "DefaultEncryption" registry keys on my PC. Unfortunately, when I run up Word, even after a reboot, it still seems to default to 40-bit encryption, though I can select and use the stronger encryption. How can I make Word default to using the stronger encryption? Martin Taylor Tag: It is patch day (10).... Tag: 72603
  - 8
    - Account Lockout threshold Three domain controller: one primary and two backup Member servers (joined same DC) : MServer1, MServer2 All are windows 2000 SP3 servers I want to set account policy in MServer1 and MServer2: Account Lockout duration: Not defined (original) --> 30minutes (new) Account Lockout threshold: 0 (original) --> 5 (new) invalid logon attempts Reset account lockout counter after: Not defined (original) --> 30minutes (new) In MServer, all settings were changed as I expected. However, for MServer2, in "local policy settings --> account lockout threshold", the local setting = 5, the effective setting = 0. In DC, the "Domain Controoler Security Policy", "Domain Security Policy" and "Local Security Policy", the effective setting = not defined I tried to change MServer2 account lockout threshold to 5 in "Local Sercurity Policy", "MMC-->Group policy" and "MMC-->Security Configuration and Analysis", but the effective setting is still = 0 How to set account lockout threshold to 5 in MServer2? Tag: It is patch day (10).... Tag: 72595
  - 9
    - missing key/value in registry of w2k server - hot to track it? wi there, Recently I have a problem that the key included the value in registry had been deleted / missing but I can not find why or by who? My question is perharps there is a way to zoom in why it could be happened and how to track the causing of missing key/value in registry. Is there any tools to help it out? Thanks for your help..... Tag: It is patch day (10).... Tag: 72592
  - 10
    - IPSEC for scripting Hey can anyone provide an example of how to use IPSEC in a script/commandline between a Win2000 and Win2003 server. I want to create a tunnel so I can use Robocopy between the boxes like I use Rsync and SSH on my linux boxes. I'm new to this so please be descriptive. Thanks! ----------- Anyone who knows everything, leads a pretty boring life Tag: It is patch day (10).... Tag: 72587
  - 11
    - Solution for securing VPN/RAS using 2-factor SMS Authentication Hi Everyone, I've developed an IAS plugin, 'MobileKey', that provides 2-Factor Authentication (via SMS) for VPN/RAS networks using Microsoft IAS (Win2k/Win2k3) as RADIUS server. Two authentication modes are supported - Windows password plus SMS access code, and Challenge Password plus SMS access code. Delivering access code by SMS secures the VPN against key-press capture spyware and trojans residing on the client PC. 'MobileKey' is database driven/secured and can comfortably authenticate up to 50,000 users a day with an SMPP connectivity to an SMSC. I'm now looking for beta testers for this plugin to test out on ISA Server and other VPN/RAS equipment, as well as partners interested in reselling this kind of solution out of the box, customized or OEM. 'MobileKey' offers unbeatable value for deployments exceeding 30 VPN users as no hardware key is required - your mobilephone is your key generator! Here's some preliminary information:- SMS Gateway used - VisualGSM Enterprise Server (http://www.visualtron.com/products_enterprise.htm) IAS Plugin Windows Installer with Help file (http://www.visualtron.com/download/mobilekey-radius.exe) SMS delivery mode - GSM or SMPP 3.3/3.4 Please feel free to contact me anytime. Rgds, Joshua Lim Visualtron Software http://www.sms-gateway-software.com Tag: It is patch day (10).... Tag: 72582
  - 12
    - Firewall I am unable to connect to the Internet through Musicmatch Jukebox b/c of a firewall that is turned on. I have disabled at least one firewall by opening the security center. I can't figure out how to disable the firewall that's on from a program I've already deleted. As a result, I cannot download music. Please help! Tag: It is patch day (10).... Tag: 72575
  - 13
    - Expiring AntiSpyware Hello, i was just wondering about Antispywere it is gonna expire in 10 Days what should i do? Any Answers? Tag: It is patch day (10).... Tag: 72572
  - 14
    - Unknown User Logon attempt I'm trying to track down a user logon attempt on one of my servers. W2k AD enviroment Whenever I reboot one of my member server i get an event 681/529. What scares me is that the username attempting to logon is called "secret". I know for sure it's not a domain user account nor a local user account on the server. I'm trying to find more info on this user. I only receive this event when I reboot the server as if it's a service starting up. I don't see any unknown services running on the server though? Any suggestions how to best troubleshoot this? Here's a copy of the event: Event Type: Failure Audit Event Source: Security Event Category: Logon/Logoff Event ID: 529 Date: 6/11/2005 Time: 9:10:31 AM User: NT AUTHORITY\SYSTEM Computer: EVANS10 Description: Logon Failure: Reason: Unknown user name or bad password User Name: Secret Domain: Logon Type: 2 Logon Process: Advapi Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Workstation Name: "member server" Event Type: Failure Audit Event Source: Security Event Category: Account Logon Event ID: 681 Date: 6/11/2005 Time: 9:10:31 AM User: NT AUTHORITY\SYSTEM Computer: member server Description: The logon to account: Secret by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 from workstation: member server failed. The error code was: 3221225572 Thanks Tag: It is patch day (10).... Tag: 72568
  - 15
    - SE caught a trojan or is it misslabeled Hi Spyware Exterminator caught a trojan called "Trojan Win 32 FTP Attack" in the C:\WINDOWS\CREATOR\Remind_XP.exe, file. Now I would normally delete this and move on, however the last time I attempted recovery the error message PRELOAD is missing or corruppted flashed while recovering. The computer got stuck while reloading for about a day or two. I attempted and completed a DESTRUCTIVE RECOVERY, which brings me to the point of having another trojan??? (or legit program labeled as a trojan). I ALSO USED SYSTEM MECHANIC TO DELETE UNNECESSARY FILES -------WHAT DO YOU GUYS THINK?????? -- Thought computing was supposed to be easy. Tag: It is patch day (10).... Tag: 72567
  - 16
    - Does we need a dedicated software to guard mIRC? I am a mIRC user and found a software declare dedicated for the security of IRC program! There already have AV and firewall to guard my system. Does I need this IRC dedicated door installed?? bellow is the link of it: http://www.diamondcs.com.au/index.php?page=irclean __ Lecter - "Trust No One!" Tag: It is patch day (10).... Tag: 72562
  - 17
    - server 2003 administrator password We have just received a new machine with server 2003 loaded as per our bespoke software suppliers instructions. the machine was configured with turkish as the default language, however, the software we installed required english as the primary language so i changed this in the control panel. After restarting i found that the administrators password is now invalid and after three unsuccessful attempts to log in the machine will no longer boot! Can anyone please offer a technophobe some simple help? Tag: It is patch day (10).... Tag: 72560
  - 18
    - Windows Firewall off and indicates on Hello , XP , SP2 , Norton Personal Firewall , Lately when turn off Windows firewall is selected , the Windows Security Center Control Panel indicates 'on .' Is there a solution and fix ? Personal firewall on or off does not affect this behavior . Thank You . -- KD Tag: It is patch day (10).... Tag: 72558
  - 19
    - unauthorized access into hotmail account I need some help. I have a case where my client is alleging wrongful termination by his former employer. It seems that his former employer found a way to access his personal hotmail account, thus also accessing information protected by attorney-client privilege. We can't be sure there was unauthorized access. Is there some way to determine if the email was accessed by anyone other than my client? I'm hoping we can do this without a court order or lawsuit, since we hope to resolve this matter out-of-court. Thanks. Tag: It is patch day (10).... Tag: 72551
  - 20
    - centralized, multi-OS authentication ? in a mixed environment with mainframes, unix/linux, windows, etc... is there some way to have a centralized authentication server or service that users can authenticate to once ( kerberos ? ldap ? ) and then pass the authentication on to all of the other hosts in the mixed environment ? not sure what the best way to go about this is, but when passwords expire on each host every 90 days its a nightmare to sync all of the new passwords on all of the different machines. tia for any help or guidance on this one ... Tag: It is patch day (10).... Tag: 72550
  - 21
    - Alternative Login Methods/Security Devices/Smart Cards Hi I'm wondering if anyone out there has any experience with this. I have a complex password scheme applied to my domain and I have a user who has issues remembering complex passwords. This user is important enough that I find an alternate solution without removing my password policy. Has anyone had any experience with this, or any suggestions on what route to go? Thanks in advance! Tag: It is patch day (10).... Tag: 72548
  - 22
    - OneCare Beta Program If anyone out there would like to help out with Microsoft's OneCare solution and has some time (and resources) to spare, go to the following link and nominate yourself for the OneCare beta program: http://beta.windowsonecare.com/betaentry.aspx Please Note: This is a BETA and things can go wrong, if you are not prepared to provide balanced beta feedback or, potentially, do a complete system restore please do not nominate yourself. I have been running it for about a week on a number of computers and for the most part I am quite impressed, it is simple and effective. BB Tag: It is patch day (10).... Tag: 72547
  - 23
    - ms02-039 i have xp-pro, am a home user, not running a server, my question is why do i keep getting hit with stuff like ms02-039, this is the last one to occur, been happening for a while now, im thinking that , perhaps, i downloaded the wrong updates form microsoft, if so, yall know of any way i can find out, so i can delete it? im a newbie , dont know much about digging around in the system, thanks Tag: It is patch day (10).... Tag: 72546
  - 24
    - Certificate Autoenrollment Hoping someone might be able to enlighten me on this subject and correct any assumptions I am making that might be wrong. Thanks in advance. When you set up your CA you can specifiy in the capolicy.inf file which pki services you wish to provide to users/computers. Some of these, such as basic EFS and Domain Controller, are set up for autoenrollment by default as defined in group policy. This is fine, except for when you want to limit who/what can request the certificates. I have both basic EFS and Domain Controller certificates being issued. I don't want to implement these certificates yet and wish to controll the requests which are building up in my pending queue. I was able to modify the Autoenrollment setting in Group Policy for my Win2003 Domain Controllers to stop them from requesting certificates, but the Win2000 DCs are still requesting and I have not found where the setting in group policy is to controll this. I can also remove this template from the certificate store, but I read a warning that once removed you cannot issue certificates based on the template anymore. Not sure if this simply meant that a custom template definition would not be available as I can't see any restriction that would keep me from adding it back in after I removed it. This brings up the question, "Am I being a paranoid control freak." Should I just allow the domain controllers to request their certificates even though I have not implemented anything yet based on those certs. Just a bit confused why MS would asssume this how an admin would want the default behavior. Tag: It is patch day (10).... Tag: 72544
  - 25
    - Require connecting systems to be a Domain Computers Does anyone know how to prohibit computers from connecting to a Windows 2003 Server share unless the system they are connecting from is a member of the domain. I a few "power users" and developers who keep removing their systems from the domain, and just connecting to the server by browsing and using their domain credentials. These users need to be able to add computers to the domain, as they reinstall Windows often to test stuff on a clean machines. If I don't allow them to connect to the file server unless their system is a part of the domain, that will solve the problem. I feel that this should be such an obvious thing to do, but I have yet to see any information on how to do this. Kevin Tag: It is patch day (10).... Tag: 72542
- Next
  - 1
    - Total protection for your software against crack EXECryptor reaches version 2.1.21 Software piracy! Cracked serial numbers! Thousands of commercial products are posted on the warez sites and become available to all every day! Companies lose millions of dollars every year to software piracy, and faulty protection programs. Shareware developers look for unbreakable protection for their products and create some protection themselves or try many of the ready-made tools. Unfortunately most tools have already been cracked, and self solutions often only take one determined cracked a few hours to bypass. As a result they soon find the stoles keys and product cracks on thousands of hacker Internet pages. No solution ? Well there is It is time to turn to the uncrackable, time tested, EXECryptor protection product. EXECryptor is a powerful, software tool that allows developers to significantly increase software protection from reverse engineering, analysis and modifications. Its main difference from other protection tools is its brand new metamorphing code transformation technology. With EXECryptor the protected code block is not just packed or obfuscated like many other packers, but also disassembled into nondeterminate transformations, effectively scrambling the visible logical code structure and making it impossible to reverse. After the code transformation, it remains executable and working as it is supposed to but it cannot be analysed, modified, or circumvented. It is not just a question about code encryption but also code transformation. You can optionally wrap additional parts of your code, at a source code level, in special flags which then transform into virtually impossible code to trace, crack, or bypass. Protected code blocks are never decrypted during execution they remain in their transformed code state. Code restoration becomes an NP-hard problem. EXECryptor has the innovative very powerful antidebug, antitrace and import protection features to stop the latest cracking software. EXECryptor allows to use short registration keys of 12/16 characters long, based on a new generation of our HardKey algorithm, cryptographically strong ultrashort digital signature. The power of software protection with EXECryptor is proved out in practice: despite numberous cracking attempts and challenges, the EXECryptor's 2.x series has not been cracked since its inception in July of 2004. In addition to its advanced protection features, EXECryptor allows you to compress the code and resources of your application. EXECryptor is able to protect any 32bit PE executable file (exe, dll, bpl, vxd, wdm). It has been tested with W95/98/ME/2000/NT/XP/2003. SDKs are available for Delphi, C++Builder, Microsoft Visual C++, LCC, PellesC, Visual Basic, PowerBASIC and PureBasic. What's new in this version : - added SDK's and examples for support LCC, PellesC, PowerBASIC and PureBasic - added new option: Delay DLL loading - improved: wmvare/virtualpc/wine compatible mode - improved: protection from inline patching - improved: antidebug protection EXECryptor is distributed electronically over the Internet; free trial version is available at http://www.strongbit.com for evaluation. The price of a single copy is 135.00 US Dollars / 99 EUR. There are significant discounts available for multiple purchases and site license buyers (starting at as few as 5 copies). * Operating system: Windows 95, 98, ME, NT, 2000, XP, 2003 * RAM: 32 Mb * Hard Disk: 2.5 Mb Product Page: http://www.strongbit.com/execryptor.asp Download: http://www.softcomplete.com/download/execryptor.zip Buy Link: http://www.strongbit.com/order.asp Tag: It is patch day (10).... Tag: 72535
  - 2
    - SQL2K WIN2K3 CONNECTION SECURITY This question got rejected from the SQL Server group, but i'll try here as it relates to security. I moving an old SQL Server-backend-IIS5/ASP-fronte=AD=ADnd application to servers with windows 2003 standard edition. One server will run the database the other will run IIS 6.0. Note that i haven't set-up a domain, which i think requires one machine to be domain controller which would decrease performance and stuff. I've simply put them on the same group. I wan't to restrict access to the sql server so only the incomming connection from the webserver is allowed. I can use either named pipes(which should be the fastest protocol) or tcp(which should be slight slower than named pipes) but I seem to have a problem. If I use named pipes to connect, the IUSR(the user under which IIS is running) must have access-rights to IPC$ share on the sql server. I can't seem to set any access-right directly for IPC$ share, but I can reactivate my guest user and then it works, but then everyone can now access the ipc$ share so it's not really what i'm looking for. I can also connect through TCP( and set up some kind of filter only allowing incomming connections on port 1433 from the ip of the web server. But i don't know how to do this. I've taken a look at the IPSec stuff but it's all about kerberos authentication and other bull which i don't think i need. What i need is a simply ip port filter, which does nothing else but reject incomming connections to sql server on port 1433 originating from any other ip's than my webserver. My question is how do I do this? Do i need to have a additional "firewall" service running and, if so, how much extra overhead will this create for the sql server. Alternately, is it possible to change the access rights for the IPC$ share manually? Thanks in advance for any input you might have on this? Tag: It is patch day (10).... Tag: 72533
  - 3
    - Certificate Authority services on W2k forest I want to setup an internal CA to deploy 4 certificates to our users (even though our total user count in this company is 5000). We do not have any major plans to deploy additional certs for others. Question: Can i just install CA on a domain controller? MS' best best practice is to use a 2 tier/3 tier method and NOT INSTALL CA on a DC. But in our situation, we just need it to do a fast deployment. Deploying CA on 3 servers just dont' justify the cost. Let me know what the drawback is by installing it on a domain controller. Tag: It is patch day (10).... Tag: 72521
  - 4
    - How to allow certain users to restart a service on W2K3 serves? I would like to enable a group of users to only be able to restart the Print spooler service. (Don't want him to have any additional rights). I don't want them to have administrators priviledges either. How do we enable this? Tag: It is patch day (10).... Tag: 72515
  - 5
    - Using Cacls I am trying to use Cacls to add Domain Users to numerous folders within a folder and can not seem to get it to work. Can it be done on a server cacls /T /E /G domain users:F c:\testfolder\*.* Can someone help me with the syntax Many Thanks Tag: It is patch day (10).... Tag: 72514
  - 6
    - LDAP changePassword always returns error I'm working on a script to change a user's password in an AD domain. Our problem is a script that uses the changePassword method to change a user's password. No matter how strong the new password is, we always return an error that says the new password is either not unique or doesn't meet the policy for strong passwords. This script doesn't work when run as either the user making the change or the domain administrator. I think this error is bogus; we have another script that overwrites the user's password with a strong random one (which runs in the context of the domain admin), and that works fine. Tag: It is patch day (10).... Tag: 72513
  - 7
    - Running IIS and Massager on Windows Servers I want to find out about running IIS and Massager on Window Servers, what is the risk in security? I am also afraid that by running these items on a secured system that it will cause problems someday. Are there any articles I can read or any advice would be great. Tag: It is patch day (10).... Tag: 72507
  - 8
    - Hotmail signing out For the past week or so, every time I try to sign out of Hotmail I'm told I can't - the page I'm sent to tells me that if I can sign out of a site, there's a green tick, if not, a red cross. I've never seen such things! Where are they? And how can I safely sign out of my account? If anyone can help, I'd be very grateful... I'm not very technical, you see... Tag: It is patch day (10).... Tag: 72505
  - 9
    - New IE security hole Hi, I discovered a NEW security hole / exploit in IE6 with SP2 and all the latest security patches. Overview of the exploit: * Bug for all Microsoft Internet Explorer users * Can be abused by hackers to run harmful JavaScript code and can be abused to mislead existing protection against harmful JavaScript code, like software from Norton, McAfee,. * Can be abused to mislead the search engines Google, MSN, Yahoo, AltaVista,. * Unpleasant for JavaScript programmers All the information about the NEW horrible bug (info, exploit,.) , see the page http://research.seniorennet.be/Techresearch/Javascript_security_flaw_bug_ie_6/security_flaw_bug_javascript_ie_6_internet_explorer.php Best regards, Pascal Vyncke Tag: It is patch day (10).... Tag: 72502
  - 10
    - ms02-039 my av caught this, called it a virus, ms02-039 sql, thats all i can read of the description, it came from source ip 220.104.2.137, protocol...udp have no idea what that means Tag: It is patch day (10).... Tag: 72500
  - 11
    - Thirty steps to PC security This article describes the steps necessary to secure your Windows operating system from malicious exploits. The solutions listed below will protect you from every major vulnerability found on the Internet today, June 08, 2005. If by chance you would prefer to use tested software to enable these solutions, go to http://www.geocities.com/turbotramp2/samurai.html or click http://www.geocities.com/turbotramp2/samurai.zip to download the most recent version of Samurai. This Host-based Intrusion Prevention System will secure your machine using the solutions listed below. DISABLE INSECURE CONTROLS: Disable known insecure ActiveX controls. This solution disables the use of insecure ActiveX controls. The registry key â??HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibilityâ?? is updated with the GUIDâ??s of known insecure controls that do not affect normal operation when disabled. The GUIDs are: // ADODB control {00000566-0000-0010-8000-00AA006D2EA4} // Shell.Application {13709620-C279-11CE-A49E-444553540000} // AnchorClick DHTML Behavior {8856F961-340A-11D0-A96B-00C04FD705A2} // Image Control 1.0 (uses asycpict.dll) {D4A97620-8E8F-11CF-93CD-00AA00C08FDF} // DHTML Editing Control {2D360201-FFF5-11D1-8D03-00A0C959BC0A} PREVENT AIM EXPLOIT: Disable the AIM URL protocol handler. This solution prevents the use of the AIM URL protocol by replacing the insecure ActiveX GUID with a harmless substitute, in this case the HTML Help GUID is used. The AIM URL protocol is not required for normal operation and does not affect AOL Instant Messaging. The registry key is â??HKCR\PROTOCOLS\Handler\aimâ??. The registry value is â??CLSIDâ??. PREVENT ANONYMOUS ACCOUNTS: Prevent anonymous accounts. This solution prevents the use anonymous sessions by setting the registry value â??HKLM\System\CurrentControlSet\Control\Lsa\restrictanonymousâ?? to true. This setting will not become active until the machine is rebooted. As such, â??The new configuration will require a rebootâ?? will be displayed when this setting is altered in Samurai. DISABLE AUTO FILE OPEN: Disable automatic file open from explorer. This solution prevents Explorer from opening files without first prompting the user. This is accomplished by masking all auto open bits in EditFlags values of registry keys located in HKLM\Software\Classes, HKLM\Software\Classes\Shell\Open, HKLM\Software\Classes\CLSID, HKCU\Software\Classes, HKCU\Software\Classes\Shell\Open and HKCU\Software\Classes\CLSID. STOP BIT SERVICE: Stop the Background Intelligent Transfer Service. This solution stops the Background Intelligent Transfer Service. This service is not required for normal operation and can be abused to allow full control of a host machine from a remote computer. DISABLE URL PROTOCOLS: Disable dangerous URL protocols. This solution disables the use of insecure URL types "ms-itsâ??, "ms-itss", "its", "mk" and "local" by removing the type entries from the â??HKLM\Software\Classes\Protocols\Handlerâ?? and â??HKCR\Protocols\Handlerâ?? registry keys. DISABLE DYNAMIC ICONS: Disable insecure job icon handlers. This solution disables dynamic icon handlers for (.job) JobObject files by removing the "IconHandler" keys from "HKCR\JobObject\shellex" and "HKLM\SOFTWARE\Classes\JobObject\shellex". Dynamic job icon handlers are not required for normal operation and can be abused to allow full control of a host machine from a remote computer. SECURE EXPLORER ZONE 0: Set and secure "My Computer" zone. This solution secures â??My Computer Zoneâ?? by resetting the values of the registry key â??SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0â??. These special settings prevent many vulnerabilities including MS05-001, MS05-008 and MS05-014. The settings are: 1001 Download signed ActiveX controls Disable 1004 Download unsigned ActiveX controls Disable 1200 Run ActiveX controls and plug-ins Prompt 1201 Initialize and script ActiveX controls not marked as safe Disable 1400 Active Scripting Allow 1402 Scripting of Java applets Disable 1405 Script ActiveX controls marked as safe for scripting Allow 1406 Access data sources across domains Disable 1407 Allow paste operations via script Disable 1601 Submit non-encrypted form data Disable 1604 Font Download Disable 1605 Run Java Disable 1606 User Data persistence Disable 1607 Navigate sub-frames across different domains Disable 1608 Allow META REFRESH Disable 1609 Display mixed content Disable 1800 Installation of desktop items Disable 1802 Drag and drop or copy and paste of files Allow 1803 File Download Disable 1804 Launching programs and files in an IFRAME Disable 1E05 Software channel permissions 196608 DISABLE GRP ASSOCIATION: Disable dangerous .grp file conversions. This solution disables the insecure association between â??.grpâ?? files and â??MSProgramGroupâ?? by deleting both registry keys from HKCR. DISABLE GUEST ACCOUNT: Disable the Guest Account. This solution disables the guest account by removing account registry keys â??Vâ?? and â??Fâ?? from â??SAM\SAM\Domains\Account\Users\000001F5â??. The guest account is not required for normal operation and can be used by privilege escalation exploits to gain full administrative control of a machine. DISABLE HTML APP TYPE: Disable the HTML Application MIME type. This solution disables the HTML application type by removing the â??application/htaâ?? registry key from both â??HKCR\MIME\Database\Content Typeâ?? and â??HKLM\SOFTWARE\Classes\MIME\Database\Content Typeâ??. PREVENT HTML FRAME EXPLOIT: Check FRAME/IFRAME NAME field. This solution registers an HTML filter that checks for FRAME and IFRAME tags with overly long NAMEs. The filter removes overly long names from the HTML stream to prevent a well-publicized buffer overflow. This can only be accomplished with the Samurai HIPS. SECURE HTTP SETTINGS: Secure HTTP configuration parameters. This solution adjusts registry values under the â??HKLM\ System\CurrentControlSet\Services\\HTTP\Parametersâ?? key to secure HTTP from many common vulnerabilities. The settings are: "AllowRestrictedChars" 0 "EnableNonUTF8" 1 "FavorUTF8" 1 "MaxConnections" 0x7fffffff "MaxEndpoints" 0 "MaxFieldLength" 16384 "MaxRequestBytes" 16384 "PercentUAllowed" 1 "UrlSegmentMaxCount" 255 "UriEnableCache" 1 "UriMaxUriBytes" 262144 "UriScavengerPeriod" 120 "UrlSegmentMaxLength" 260 PREVENT IMAGE EXPLOITS: Check image files for correctness. This solution hooks various system calls to block Animated Cursor (.ANI) and GDI+ (.JPG) files containing buffer overflow exploits. Only files with embedded buffer overflows will be blocked from image processing. Properly formatted ANI and JPG files will not be affected by this solution. This can only be accomplished with the Samurai HIPS. STOP INDEX SERVICE: Stop the Windows Indexing Service. This solution stops the Windows Indexing Service. This service is not required for normal operation and can be abused to allow full control of a host machine from a remote computer. SECURE LICENSE LOGGING: Disable null session License Logging. This solution disables insecure nullSession license logging by removing "LLSRPC" from the â??NullSessionPipesâ?? value of the â??HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parametersâ?? registry key. PREVENT LSASS EXPLOIT: Prevent LSASS (Sasser based) exploits. This solution repairs a well-known LSASS vulnerability by setting the LSASS dcpromo.log file to â??read onlyâ??. The dcpromo.log file can be found in the system directory under the â??debugâ?? directory. STOP MESSAGE SERVICE: Stop the Windows Messaging Service. This solution stops the Windows Messaging Service. This service is not required for normal operation and can be abused to allow full control of a host machine from a remote computer. This solution does not affect Instant Messaging services. STOP NET DDE SERVICE: Stop the Net DDE Service. This solution stops the Network Dynamic Data Exchange Service. This service is not required for normal operation and can be abused to allow full control of a host machine from a remote computer. DISABLE PCT SERVICE: Disable the Private Communication Transport. This solution disables the PCT protocol by disabling both the â??Clientâ?? and â??Serverâ?? registry keys under â??HKLM\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\PCT 1.0â??. The PCT protocol is not required for normal operation and can be abused to allow full control of a host machine from a remote computer. DISABLE UPNP SERVICE: Disable the Universal Plug and Play Service. This solution stops the Simple Service Discovery Protocol, which disables Universal Plug and Play. The SSDP service is not required for normal operation and can be abused to allow full control of a host machine from a remote computer. This solution does not affect local Plug and Play operation. DISABLE RDS: Disable the Remote Data Services Datafactory. This solution disables 3 insecure RDS datafactory objects; RDSServer.DataFactory, AdvancedDataFactory and VbBusObj.VbBusObjCls by removing the corresponding registry keys from â??HKLM\System\CurrentControlSet\Services\W3SVC\Parameters\ADCLaunchâ??. These objects are not used in normal operation and will not affect other Remote Data Services. STOP REMOTE REGISTRY SERVICE: Stop the Remote Registry Service. This solution stops the Remote Registry Service. This service is not required for normal operation and can be used to remotely reconfigure a host machine from a remote computer. DISABLE ROOTKITS: Clear existing rootkits and prevent future loading. This solution hooks system calls to prevent the loading of rootkits and refreshes the kernelâ??s system call table to clear existing rootkits. This solution also contains a user interface that informs the operator when attempts are made to load device drivers during normal operation. This can only be accomplished with the Samurai HIPS. DISABLE RPC-DCOM: Disable RPC based DCOM. This solution disables the DCOM client protocol of the Remote Procedure Call protocol by setting â??HKLM\Software\Microsoft\OLE\EnableDCOMâ?? to â??Nâ?? and removing any data in â??HKLM\Software\Microsoft\Rpc\DCOM Protocolsâ??. The Client DCOM portion of RPC is not required for normal operation and can be abused to allow full control of a host machine from a remote computer. This setting will not become active until the machine is rebooted. As such, â??The new configuration will require a rebootâ?? will be displayed when this setting is altered in Samurai. DELETE SAM FILE: Delete the backup password file. Many Windows operating systems save a backup copy of the SAM file in the repair directory under the system directory. This file contains SMB username and password data that can be decoded by utilities such as JohnTheRipper to retrieve valid login information. The backup file is only used for emergency backup and is not required for normal operation. DISABLE SHELL URL: Disable the Shell URL protocol handler. The solution disables the Shell protocol handler by replacing the insecure ActiveX GUID found at â??HKCR\PROTOCOLS\Handler\shell\CLSIDâ?? with a harmless substitute, in this case the HTML Help GUID. The Shell URL protocol is not required for normal operation and can be abused to allow full control of a host machine from a remote computer. BLOCK SYN ATTACKS: Prevent TCP/IP SYN attacks. This solution helps to prevent SYN Flood Attacks from disabling TCP/IP by setting the "SynAttackProtect" value of the "HKLM\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters" registry key. The value is set to 2, which adds additional delays to connection indications and allows TCP connection requests to quickly timeout when a SYN attack is in progress. DISABLE WWW DAV: Disable Distributed Web Authoring. This solution disables the Distributed Web Authoring service by setting the "DisableWebDAV" value of the "HKLM\System\CurrentControlSet\Services\W3SVC\Parameters" registry key. This service is not required for normal operation and can be abused to allow full control of a host machine from a remote computer. DISABLE WIN SERVICE: Disable the Windows Internet Naming Service. This solution disables the Windows Internet Naming Service. This service is not required for normal operation and can be abused to allow full control of a host machine from a remote computer. I hope this helps, TurboTramp Tag: It is patch day (10).... Tag: 72494
  - 12
    - Website Tracking by User I am looking for a simple application (free or not) that will track website usage by user. If it can use the windows logon that is fine, if not it would be ok if it required users to logon to the software before they could access internet explorer. Something that just recorded the User, URL, Date, Time. This is for home use so I can track my kid's web usage. I'm running Win 2k pro and each person in the household has their individual logon id & password. I know some of this information is contained in the history files but it can be deleted. Anyone have any ideas??? thanks! Tag: It is patch day (10).... Tag: 72484
  - 13
    - Spyware apps for Win95 I need to set up a PC for a temporary user (student intern), and the only spare I have that's any good is an old Win 95 unit. I'd like to install anti-spyware on it, but SpyBot S&D won't install because it keeps telling me there are .dlls missing. I tried to download and install them, but still no luck. I tried AdAware, but the newer versions don't work on 95 either. I understand one of the older versions does, but I can't find it. Does anyone know where I can download an older version of AdAware that is compatible with Win 95? We are a non-profit, and money is tight. Thanks! Tag: It is patch day (10).... Tag: 72478
  - 14
    - Folder and Subfolders Permisions using Scripts Our HR dept. has purchased a new HR software that needs to be installed on all of our Desktops (600 pc's) the software when installs it gives admin rights full control to it's app directory and read to everyone group. In order for the software to work for all users we need to give everyone group full rights to the app. directory and subdirectory. How can we accomplish this by using a logon script. Tag: It is patch day (10).... Tag: 72477
  - 15
    - IPSEC thru ISA 2000 Can we establish a policy to allow our internal users to connect thru ISA using Check Point or Cisco VPN servers. Tag: It is patch day (10).... Tag: 72473
  - 16
    - Password Policy Hello, I have been trying to find Microsoft's recommendation on password policy's, but no luck. Also, if I set a password policy that forces users to change the password, what about services (exchange, veritas, ....)? If I select password never expires for the services, will they be exempt form that policy? Tag: It is patch day (10).... Tag: 72472
  - 17
    - Windows Firewall exceptions Is it possible to configure the exceptions in Windows Firewall for different network environments? For example, when I'm surfing internet in a cafe with wireless LAN, file&print exception will be auto disabled; when I'm back to my office having wireless LAN, file&print exception will be auto enabled. Thank you. Regards Gary Tag: It is patch day (10).... Tag: 72469
  - 18
    - Registry permissions problem Hi, I'm logged in as administrator on our PDC (SBS 2000), trying to get a particular application to install (in this case, Veritas' Intelligent Disaster Recovery). It moans that it isn't allowed to access particular registry keys and can't install. I don't appear to have access rights to HKEY_LOCAL_MACHINE at all - and trying to grant the Administrator account full access using Regedit32 (Security > Permissions) results in "Unable to save permission changes on HKEY_LOCAL_MACHINE". Access is denied. I've added the Administrators group to 'Act as part of the operating system' (MYDOMAIN\Administrator was already there but I've added Administrators too to be sure) I've done the same with 'act as a service'. both of the above suggestions were from the veritas support pages. Any ideas what else I can do? The Veritas website isn't much help so I assume it's a permissions problem somewhere. Cheers Andy Tag: It is patch day (10).... Tag: 72467
  - 19
    - ADUC Tab Additional Account Info I have downloaded the ALTOOLS.EXE and extracted the contents. I followed the instructions in Mitch Tulloch's paper on Account Lockout. I got the message Successful when I ran regsvr32 acctinfo.dll to register the DLL. I do not see the Additional Account Info tab when I use ADUC. My workstation is Windows XP SP2. I've rebooted to see if that would help. Why can't I see the tab? Tag: It is patch day (10).... Tag: 72462
  - 20
    - MS Antispyware beta 1 Policy? Hi We're running XP Pro on our desktops, but run a Novell enivronment. (Don't hate me that we use Novell ;] )I'm pushing a file to users startup folder with Zenworks, but we have the ms antispyware program on each machine. The spyware program doesn't allow the file to run unless the user accepts the file as an exception. Anyway to make the file run without the users interaction? Thanks in Adance. Tag: It is patch day (10).... Tag: 72457
  - 21
    - =?Utf-8?Q?Complicated_root_CA_issue=E2=80=A6.?= Ok, we have 6 DCâ??s. I built 3 in the last year but a previous admin built the original 3 DCâ??s. I have an enterprise Root CA, it has issued Domain Controller certs to the 3 DCâ??s I built but I canâ??t get Domain Controller certs to the original 3 DCâ??s. I created an enrollment policy for the Domain Controller certs but only 1 of the original DCâ??s picked that up. I really need to get Domain Controller certs on all my DCâ??s as I am deploying WPA-Radius WiFi and need to use PEAP to authenticate my users. The PEAP works fine on a DC that has its cert will PEAP canâ??t be configured on a DC with out the cert. Any ideas on what I can do to force a Domain Controller cert onto the 3 original DCâ??s? How do I request a Domain Controller cert manually? Tag: It is patch day (10).... Tag: 72452
  - 22
    - Disabling local admin account prevents a Domain Admin access I am running serveral Windows 2003 Servers, and I am having a very odd problem. One one server (not a domain controller), I have the following default accounts: Local Account: Administrator Local Group: Administrators: Members: domain\Domain Admins, Administrator (local) Domain Group: Domain Admins: domain/Administrator, domain/Turner, domain/Green The problem is this. When I disable the local administrator account on the file server, domain/Green is denied access. All my other users, as well as domain/Turner and domain/Administrator still have complete access. If I reenable the local administrator account, access for domain/Green comes back. This is a very odd problem does anyone now of a utility to check the integrity of local security accounts, or have any idea what this could be? Kevin Tag: It is patch day (10).... Tag: 72444
  - 23
    - Are we safe from EMP scanning? - tempest.txt (0/1) Hi everyone. Is it true that pc screen EMP waves can be read by standard equipment and the observer may resconstruct the screen, exactly? I stumbled upon this on an web archive. Is this still true for thsese days? If its os easy for someone so read the screen electromagnetic radiations, or of any electrical equipment, why isn't this ever addressed by and 'security experts'? Is it because those in the money loop want it to remain a secret as long as possible and to as many? I have attached the file so anyone who wants to sample what the old timers had to say can do so. Its 53k only but good reading. OW-K Tag: It is patch day (10).... Tag: 72441
  - 24
    - Stand-alone Root CA. I have a quick question on how to setup and implement PKI in my department. We wnated to start off for our Intranet IIS and might in the future added to Users. I just need a quick how to step to compare to mine. thanks Tag: It is patch day (10).... Tag: 72437
  - 25
    - 0x424 (WIN32: 1060) in Enterprise Root CA Hi! From some month when I try to open Certification Authority mmc I received the following error: "The specified service does not exist as an installed service. 0x424(WIN32:1060)". I have checked in Add/Remove Programm and all flags are enable for Certificate Authority option but the service "Certificate Services" isn't present in services.msc and the Enterprise Root CA does'n work. The IIS CA enrollment site is browsable but does't work too. May you help me? I have searched in Internet but no answer I have found. Tag: It is patch day (10).... Tag: 72431

Patch your systems!

Thanks Microsoft,
-Im

Top

Re: It is patch day (10).... by Stephen

Stephen
Tue Jun 14 20:38:39 CDT 2005

> Patch your systems!

Done. I am clean.

SH

Top