Search results for 'app:weblogs' matching tag 'Windows Vista'

Immutable Security Laws and Windows Sidebar Gadgets

alunj — Fri, 20 Jul 2012 05:00:00 GMT

Immutable Security Law number 1: If a bad guy can persuade you to run his program on your computer, it's not your computer anymore

I love the Immutable Security Laws – they strike a chord deep within me, and they’re a “go to” resource every time I want to decide if I’m making a good security decision.

I also like my Windows Sidebar Gadgets. Not a whole lot of them, mind you, just one or two that I’ve written myself. And I can’t say that I’ve gone very deep in developing them.

So I’m deeply conflicted when I see “Microsoft Security Advisory (2719662) - Vulnerabilities in Gadgets Could Allow Remote Code Execution” – this seems to be saying that because there are a number of vulnerabilities in common Sidebar Gadgets, you should disable Sidebar Gadgets completely.

But the descriptions I see of Sidebar Gadgets and their security suggest that these Gadgets are exactly like other executables, in terms of the protection you get when running them (essentially, none).

So, in essence, this boils down to “a class of executables that you can download and run are known to have vulnerabilities. So we are disabling that class of executables.” And apparently, this isn’t an architectural flaw in Sidebar Gadgets, because the wording indicates only that a lot of Gadgets have common vulnerabilities – but not all of them.

Can you imagine if the same had been done for, say, Java? If all Java apps were disabled, not because of a flaw in Java, but because many Java developers had written poorly-secured code? What about other frameworks? C++? .NET? PHP?

Uh, yeah, OK, I can see it for PHP. I’m all for disabling PHP on the basis that [almost?] nobody seems able to reliably write secure code using it.

Obviously, I’m writing this from the perspective of someone who hasn’t seen information on the sort of vulnerabilities being described, so it’s entirely possible that there’s an actual architectural weakness that warrants disabling Gadgets completely. I’m just not reading that into what’s been said so far, and I’d like to think that we’re capable of making security decisions on the basis of security truth, rather than some random measure of “disable this framework, because it’s not that important, and many of its developers are writing bad code”.

Clearly I have to wait for the revelation at the BlackHat talk (I’m not going to BlackHat, but I’m on vacation right now – in Vegas) to see what the threat actually is, but I will state up front that I am confused.

Burn an ISO to a CD or DVD [How To] [Updated]

Anonymous — Tue, 19 Jun 2012 05:00:00 GMT

An ISO image is an archive file of an optical disc, which contains all of the contents of the optical disc it represents. ISO files are useful because you can archive a bootable disc (see examples below) and distribute it to users to burn and use locally. Examples of useful ISOs: Password reset disc Password [...]

Get FREE books (Password: mintywhiteBooks)

© Windows Guides, 2012. Rich Robinson | Burn an ISO to a CD or DVD [How To] [Updated]

Microsoft Windows Unauthorized Digital Certificates

ivansanders — Thu, 07 Jun 2012 05:00:00 GMT

Original release date: June 04, 2012 Source: US-CERT Alert TA12-156A

Systems Affected

All supported versions of Microsoft Windows, including:
* Windows XP and Server 2003
* Windows Vista and Server 2008
* Windows 7 and Server 2008 R2
* Windows 8 Consumer Preview
* Windows Mobile and Phone
Overview
X.509 digital certificates issued by the Microsoft Terminal Services licensing certificate authority (CA) can be illegitimately used to sign code. This problem was discovered in the Flame malware. Microsoft has released updates to revoke trust in the affected certificates.

Description

Microsoft Security Advisory (2718704) warns of active attacks using illegitimate certificates issued by the the Microsoft Terminal Services licensing certificate authority (CA). There appear to be problems with some combination of weak cryptography and certificate usage configuration. From an MSRC blog post:

We identified that an older cryptography algorithm could be exploited and then be used to sign code as if it originated from Microsoft. Specifically, our Terminal Server Licensing Service, which allowed customers to authorize Remote Desktop services in their enterprise, used that older algorithm and provided certificates with the ability to sign code, thus permitting code to be signed as if it came from Microsoft.

Security Advisory 2718704: Update to Phased Mitigation Strategy What we found is that certificates issued by our Terminal Services licensing certification authority, which are intended to only be used for license server verification, could also be used to sign code as Microsoft. Specifically, when an enterprise customer requests a Terminal Services activation license, the certificate issued by Microsoft in response to the request allows code signing without accessing Microsoft's internal PKI infrastructure.

The following details about the affected certificates were provided in Microsoft Security Advisory (2718704):

Certificate: Microsoft Enforced Licensing Intermediate PCA

Issued by: Microsoft Root Authority
Thumbprint: 2a 83 e9 02 05 91 a5 5f c6 dd ad 3f b1 02 79 4c 52 b2 4e 70

Certificate: Microsoft Enforced Licensing Intermediate PCA

Issued by: Microsoft Root Authority
Thumbprint: 3a 85 00 44 d8 a1 95 cd 40 1a 68 0c 01 2c b0 a3 b5 f8 dc 08

Certificate: Microsoft Enforced Licensing Registration Authority CA (SHA1)

Issued by: Microsoft Root Certificate Authority
Thumbprint: fa 66 60 a9 4a b4 5f 6a 88 c0 d7 87 4d 89 a8 63 d7 4d ee 97

Impact

An attacker could obtain a certificate that could be used to illegitimately sign code as Microsoft. The signed code could then be used in a variety of attacks in which the code would appear to be trusted by Windows. An attacker could offer software that appeared to be signed by a valid and trusted Microsoft certificate chain. As noted in an MSRC blog post, "...some components of the [Flame] malware have been signed by certificates that allow software to appear as if it was produced by Microsoft."

Solution

It is important to act quickly to revoke trust in the affected certificates. Any certificates issued by the Microsoft Terminal Services licensing certificate authority (CA) could be used for illegitimate purposes and should not be trusted.

Apply updates

Apply the appropriate versions of KB2718704 to add the affected certificates to the Untrusted Certificate Store. Updates will reach most users via automatic updates and Windows Server Update Services (WSUS).

Revoke trust in affected certificates Manually add the affected certificates to the Untrusted Certificate Store. The Certificates MMC snap-in and Certutil command can be used on Windows systems.

References

* US-CERT Current Activity: Unauthorized Microsoft Digital
Certificates - https://www.us-cert.gov/current/#microsoft_unauthorized_digital_certificates
* Microsoft Security Advisory (2718704) - https://technet.microsoft.com/en-us/security/advisory/2718704
* Unauthorized digital certificates could allow spoofing - http://support.microsoft.com/kb/2718704
* Microsoft certification authority signing certificates added to the Untrusted Certificate Store - https://blogs.technet.com/b/srd/archive/2012/06/03/microsoft-certification-authority-signing-certificates-added-to-the-untrusted-certificate-store.aspx
* Microsoft releases Security Advisory 2718704 - https://blogs.technet.com/b/msrc/archive/2012/06/03/microsoft-releases-security-advisory-2718704.aspx
* Windows Server Update Services - http://technet.microsoft.com/en-us/windowsserver/bb332157.aspx
* Certutil - http://technet.microsoft.com/en-us/library/cc732443%28v=ws.10%29.aspx
* How to: View Certificates with the MMC Snap-in - http://msdn.microsoft.com/en-us/library/ms788967.aspx

-Ivan

Windows – 8 steps to get it right ?

Anonymous — Tue, 29 May 2012 05:00:00 GMT

Windows “version 8″ is upon us. Bringing changes to the old, the safe, the familiar. Some say the changes are for the best. Others dread them, swear to keep the Seven (or XP) for a long time to come. Some even say they will never abandon XP as long as there’s hardware to support it. [...]

Get FREE books (Password: mintywhiteBooks)

© Windows Guides, 2012. Rich Robinson | Windows – 8 steps to get it right ?

What Do the Performance Values in Windows Task Manager Represent?

Anonymous — Tue, 27 Mar 2012 05:00:00 GMT

If you’ve ever taken a look at Windows Task Manager, you’ve undoubtedly wondered what all the numbers mean. This guide briefly explains each value and helps you familiarize yourself with what these values represent. The performance information is broken down into four categories: CPU Physical Memory Kernel Memory System CPU CPU (Central Processing Unit) usage [...]

Get FREE books (Password: mintywhiteBooks)

© Windows Guides, 2012. Rich Robinson | What Do the Performance Values in Windows Task Manager Represent?

Run Windows Explorer in Full Screen Mode [Quick Tip]

Anonymous — Mon, 19 Mar 2012 05:00:00 GMT

If you want the maximum viewing area in Windows Explorer, simply press the F11 key (or hold CTRL when you click the maximize button—if not already maximized.) To return to the normal view, press the F11 key a second time. The F11 key is also be used for full-screen mode in popular web browsers such [...]

Get FREE books (Password: mintywhiteBooks)

© Windows Guides, 2012. Rich Robinson | Run Windows Explorer in Full Screen Mode [Quick Tip]

Terabytes and Tebibytes: Hard Drive Capacities Explained

Anonymous — Fri, 16 Mar 2012 05:00:00 GMT

You probably have a hard drive in your home that’s one terabyte or more. If you open Computer (Windows Key + E), you’ll see your terabyte hard drive might only show a capacity of around 930 GB. Where did all those extra gigabytes go? Aren’t there a thousand gigabytes in a terabyte? If you have [...]

Get FREE books (Password: mintywhiteBooks)

© Windows Guides, 2012. Rich Robinson | Terabytes and Tebibytes: Hard Drive Capacities Explained

What Do HKCR, HKCU, HKLM, HKU, and HKCC Mean? (Registry Root Keys)

Anonymous — Fri, 02 Mar 2012 06:00:00 GMT

Note: To get a better understanding of Windows Registry basics, read this guide. If you’re somewhat familiar with the Windows Registry, you’ve no doubt seen references to HKCR, HKCU, HKLM, HKU, and HKCC. These abbreviations represent the five root keys in the Windows Registry: HKEY_CLASSES_ROOT (HKCR) HKEY_CURRENT_USER (HKCU) HKEY_LOCAL_MACHINE (HKLM) HKEY_USERS (HKU) HKEY_CURRENT_CONFIG (HKCC) You can [...]

Get FREE books (Password: mintywhiteBooks)

© Windows Guides, 2012. Rich Robinson | What Do HKCR, HKCU, HKLM, HKU, and HKCC Mean? (Registry Root Keys)

Blogempfehlung: A word on disabling a wireless connection when also connected to a physical network

rauscher — Fri, 23 Dec 2011 06:00:00 GMT

Wie schon per Twitter darauf hingewiesen, finde ich folgenden Artikel sehr lesenswert:

A word on disabling a wireless connection when also connected to a physical network

Viele Grüße
Dieter

--
Dieter Rauscher
MVP Forefront

Use PowerShell as a Simple but Useful Calculator [How To]

Anonymous — Sat, 29 Oct 2011 05:00:00 GMT

Ever use the Windows Calculator and, because you’re too lazy to write numbers down or commit them to the calculators “memory”, end up with 5 instances of the program running—each with their own numbers that are easily forgotten? Or is that only me? If you’d like a simple but powerful calculator to perform simple sums, [...]

Get FREE books (Password: mintywhiteBooks)

© Windows Guides, 2011. Rich Robinson | Use PowerShell as a Simple but Useful Calculator [How To]