Home
Resources
Training
About Us
eStore
<a href="http://www.isdecisions.com/en/software/userlock/?xtor=SEC-230"><img src="http://www.isdecisions.com/images/pubs/Randy/userlock.gif" alt="UserLock" border="0" /></a>

>

resources > newsletter > archive > issue #27

 

 

 

 

 

 

 

Latest Blog: WinReporter 4.0 Makes It Easy to Assess Attack Surface

  

Ultimate Windows Security Newsletter:

Issue #27, 11/01/06

Forget my old 8.5x11 Security Log quick reference chart! Get my new 18x24 printed Windows Server 2003 Security Log Poster! It’s on me – even the shipping. Keep reading for more details…

It’s been a quiet week on the patching front. No new advisories – just somewhat over hyped weaknesses in IE 7 and word of yet another proof of concept (POC) – this time regarding the ADODB.Connection ActiveX object called from IE. The best details I’ve been able to find are on CERT at http://www.kb.cert.org/vuls/id/589272. Their recommendation is to set the kill bit on the class. See MS KB 240797 for how to set kill bits.

With as many IE related ActiveX control vulnerabilities we’re seeing, you would be well served to create an administrative template (.ADM file) that allows you to push out kill bits via group policy and subsequently roll them back after associated patches are released and deployed. Setting a kill bit is just making a registry tweak which you can pretty easily accomplish via group policy using a custom administrative template. Then just roll it back when the actual vulnerability is patched. The best reference I’ve found for custom administrative templates is at http://www.microsoft.com/downloads/details.aspx?familyid=E7D72FA1-62FE-4358-8360-8774EA8DB847&displaylang=en.

The bottom line on the IE 7 weaknesses is that we have to teach users to be wary whenever they are on the web. Look at URLs and certificates before entering confidential information. Don’t browse secure, sensitive sites while other IE windows are focused on insecure, untrusted sites.

Now for the fun stuff!

Most of you already have a copy of my Quick Reference Chart for the Windows Server Security Log.

The new Windows Server 2003 Security Log Poster is bigger and better, and best of all, you can get it free.

This is no 8.5x11 PDF download. This is a professionally designed 18x24 inch full color poster printed on premium paper. It will brighten any dreary cubicle wall. In fact I already have one of the short run prototypes on my wall!

My new poster has 10 times the information of the old Quick Reference Chart.

Get a flash preview of the poster and request it at http://www.ultimatewindowssecurity.com/poster.asp.

We plan to do a one-time printing so request your copy now!

Fill out the form, get the poster. Again that URL is http://www.ultimatewindowssecurity.com/poster.asp. Browse now! ☺

Additional Links

A
D
V

Sick of LimitLogin? Get UserLock for real logon control

NEW! GFI EventsManager 8 Extends Event Management Capabilities. Find Out More.

Get Randy's Security Log Resource Kit


Ultimate Windows Security is a division of Monterey Technology Group, Inc. ©2006-2007 Monterey Technology Group, All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk.

Site Map