Security, et al

Randy's Blog on Infosec and Other Stuff

«  Zero Day Vulnerability in... | Patches finally released ... »

Better workaround information needed for Excel zero-day exploit

Tue, 20 Jun 2006 15:30:04 GMT

As most of you know Microsoft released early this morning a security advisory for that Excel vulnerability.

The reason I’m writing this blog is because I want to make the point that MS needs to provide more information in their workaround guidance. For instance in this advisory they provide a very good workaround detailing a registry key where making an ACL adjustment can prevent Excel from run going into repair mode wherein lies the vulnerability. The advisory suggests using group policy to automate this registry change but provides no instructions. Why? Because it’s not that easy. The registry key in question is under HKEY_CURRENT_USER which is a dynamic alias for the user hive associated with the user currently logged on. A group policy object’s Computer Settings\Windows Settings\Security Settings\Registry folder allows you to automate registy permission changes but not to HKEY_CURRENT_USER.

Are there other ways to script the permission change and deploy that through group policy? Yes but most admins I know don’t have time to dink around with scripts to solve a one off problem.

Action items:

1) Ask MS to impress their "Scripting Guy" to write example scripts for stuff like this and include in the advisories with all necessary disclaimers.

2) If one of you Gentle Readers out there writes a script to make this particular fix, send it to me and I’ll make sure everyone can get it and make sure you get the credit.

I welcome your thoughts. Email me at rsmith at montereytechgroup dot com.

email this digg reddit dzone
comments (0)references (0)

Auditing Privileged Operations and Mailbox Access in Office 365 Exchange Online
5 Indicators of Endpoint Evil
Chances are Someone is Trying to Steal Your Organization’s Information
Chances are Someone is Trying to Steal Your Organization’s Information

Comments disabled

powered by Bloget™


Recent Blogs


Additional Resources