Don’t fire people until after you wipe their phones

A very commonly required feature for mobile access to email is remote wipe – the ability to reach out and wipe all corporate data off a mobile device. Exchange ActiveSync supports this feature and has for several versions now. You, as the Exchange or Security administrator can issue a remote wipe command to a compliant device, or the user can do it themselves through Exchange, and the next time the user connects the device will be wiped. There are two major flaws in that design. One is the well understood "the next time the user connects" part: you cannot reach out … Continue reading Don’t fire people until after you wipe their phones

How Delegation Privileges Are Represented In Active Directory

One of the last areas where more tool support is needed is in monitoring the various attributes in Active Directory (AD). Recently I got curious about the delegation flags, and, more to the point, how to tell which accounts have been trusted for delegation. This could be of great import if, for instance, you have to produce reports of privileged accounts. KB 305144 gives a certain amount of detail about how delegation rights are presented in Active Directory. However, it is unclear from that article how to discover accounts trusted for full delegation, as opposed to those trusted only for constrained … Continue reading How Delegation Privileges Are Represented In Active Directory

A better, more reliable, work-around for the Microsoft Video Control Vulnerability

For the past few days I've been following the Microsoft Video Control Vulnerability with interest. Basically, it's another vulnerable ActiveX control that needs killbitted. Last night, Microsoft posted a work-around which involves using a Group Policy ADM template (ADM is the template format that was deprecated in Vista and Windows Server 2008). Unfortunately, the template tattoos the registry, which is not really recommended. I contemplated for a while writing a work-around for this issue, but then remembered that I actually did; almost three years ago. The workaround I wrote then, for another ActiveX vulnerability will not tattoo the registry, and … Continue reading A better, more reliable, work-around for the Microsoft Video Control Vulnerability

You need to manually undo your MS08-078 mitigations

Normal 0 false false false EN-US X-NONE X-NONE MicrosoftInternetExplorer4 <!– /* Font Definitions */ @font-face {font-family:"Cambria Math"; panose-1:2 4 5 3 5 4 6 3 2 4; mso-font-alt:"Calisto MT"; mso-font-charset:0; mso-generic-font-family:roman; mso-font-pitch:variable; mso-font-signature:-1610611985 1107304683 0 0 159 0;} @font-face {font-family:Calibri; panose-1:2 15 5 2 2 2 4 3 2 4; mso-font-alt:"Times New Roman"; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:-1610611985 1073750139 0 0 159 0;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-unhide:no; mso-style-qformat:yes; mso-style-parent:""; margin:0in; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-fareast-font-family:Calibri; mso-fareast-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman";} .MsoChpDefault {mso-style-type:export-only; mso-default-props:yes; font-size:10.0pt; mso-ansi-font-size:10.0pt; mso-bidi-font-size:10.0pt;} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.0in 1.0in 1.0in; mso-header-margin:.5in; mso-footer-margin:.5in; mso-paper-source:0;} div.Section1 … Continue reading You need to manually undo your MS08-078 mitigations

XP Antivirus in the News

Several helpful people just pointed me to some articles on XP Antivirus and its various variants. In case you do not remember, XP Antivirus was the subject of an article I wrote for The Register a few months back. It turns out that the scammers got hacked, and the hacker posted some internal accounting details on the web. As suspected, this is a sophisticated business making millions of dollars. It even appears to have an affiliate program. In case you have not seen the articles yet, here are a few: http://www.iht.com/articles/2008/10/30/technology/virus.phphttp://www.smh.com.au/news/technology/security/russian-scammers-cash-in-on-popup-menace/2008/11/04/1225560814202.htmlhttp://www.scmagazineuk.com/Hacker-reveals-Russian-software-company-behind-anti-virus-scam/article/120152/ Thanks to Marc Michault, Phillippe Jan, and Jason Grubè … Continue reading XP Antivirus in the News

Today’s forecast for O’Hare: Lots of Vulnerable Computers

Olliver Sommer, a German Small Business Server MVP, flew home from the Microsoft MVP Summit via O'Hare Airport in Chicago. While there, he spotted this wonderful piece of advice for how to configure your computer to use the airport wireless network. The document is meant well, but lacks a bit in the execution. It recommends that you disable exceptions in Windows Firewall because doing so stops attacks through Windows Messenger while on the wireless network. Of course, you would only get attacked through Messenger if you actually accept unsolicited requests from people. The document then goes on to show how … Continue reading Today’s forecast for O’Hare: Lots of Vulnerable Computers

What I Learned from Attending the Windows Launch Event Today

Today I attended the Microsoft 2008 server wave launch event in Seattle. In the process I learned a number of things: The launch event apparently does not need to coincide with actually launching anything. Server 2008 launched a couple of months ago. Visual Studio 2008 launched in November 2007, and SQL Server 2008, the third part of the tri-fecta that comprised the launch, will not actually launch until the third quarter this year. The primary purpose of launch events is apparently to get free junk, and in some cases, other stuff, from a collection of vendors you have never heard … Continue reading What I Learned from Attending the Windows Launch Event Today

Troubleshooting Errors While Updating Software

A number of people are reporting errors when running software update tools. The tools include Windows Update, Windows Defender Updates, Installshield, Adobe Updater, and probably others as well. The errors include 80070005 (from Windows tools) and c0000005 (from others). To see if we can help people get their software updates, Steve Wechsler helped me put together some troubleshooting steps. If these steps help, and more so if they don't, we'd like to hear about it. If you find something else that helps, let us know by posting a comment.   All these errors indicate a permissions issue of some kind. … Continue reading Troubleshooting Errors While Updating Software

Troubleshooting Permission Errors While Updating Software

A number of people are reporting errors when running software update tools. The tools include Windows Update, Windows Defender Updates, Installshield, Adobe Updater, and probably others as well. The errors include 80070005 (from Windows tools) and c0000005 (from others). To see if we can help people get their software updates, Steve Wechsler helped me put together some troubleshooting steps. If these steps help, and more so if they don't, we'd like to hear about it. If you find something else that helps, let us know by posting a comment.   All these errors indicate a permissions issue of some kind. … Continue reading Troubleshooting Permission Errors While Updating Software

Resource Kit Done!

Last Friday the last of the Windows Server 2008 Security Resource Kit finally went to press! This was a project I had not really planned and so, to complete it in time, I brought in an amazing crew of co-authors. Together, we managed to put together 17 chapters on how to manage security in one of the most exciting products this year.  The contributors to the Security Resource Kit are: Jimmy Andersson – Principal Advisor at Q Advice AB and Microsoft Active Directory MVP Susan Bradley – Small Business Server MVP Darren Canavor – Software Architect in the Windows Security group … Continue reading Resource Kit Done!