MoonPoint Support Logo

 


Shop Amazon Warehouse Deals - Deep Discounts on Open-box and Used ProductsAmazon Warehouse Deals



Advanced Search
November
Sun Mon Tue Wed Thu Fri Sat
23 24 25 26 27 28
29 30          
2020
Months
NovDec


Thu, Nov 12, 2009 11:13 am

User Account Control (UAC) Adjustments for Windows 7

In Windows 7 is everything Vista should have been, with one noteworthy exception, Erick Voskuil, CTO for BeyondTrust, warns that Windows 7 default configuration for User Account Control (UAC) unnecessarily reduces the security of the operating system and that one should change those default settings to secure a system running Windows 7.

The default setting results in a reduction of prompts -- the prompts continue, yet security is eviscerated. Though protecting administrative credentials is clearly a secure measure, Microsoft is trying to have it both ways – arguing that UAC is not a security boundary. The purpose of UAC is to protect against malware. Even if it's not a “security boundary” the message is about defending your PC against “hackers and malicious software.” If it doesn't do that, what's the point of the remaining prompts?

In my opinion the decision to configure users this way by default violates Microsoft's “Secure by Default” principle, which says that, “software should run with the least necessary privilege.” Clearly, the operating system should support a standard user or administrator with UAC fully enabled. The proof-of-concept code to exploit this shortcoming has already been published.

Windows 7 is great stuff, just don't forget to go to the control panel and turn security on.

References:

  1. Windows 7 is everything Vista should have been, with one noteworthy exception
    By: Eric Voskuil, CTO, BeyondTrust
    Date: November 4, 2009
    SC Magazine For IT Security Professionals

[/security/patches/windows] permanent link

Thu, Nov 12, 2009 11:02 am

Microsoft Patches Released 2009-11-10

On Tuesday, November 10, 2009, Microsoft released six patches to address fifteen vulnerabilities. MS09-065 fixes three vulnerabilities in Windows kernel-mode drivers, one of which is deemed "critical" by Microsoft. It does not impact Vista or Server 2008 systems. But, on Windows 2000, XP, and Server 2003 systems, the bug can be exploited to allow remote code to be executed. The bug can be exploited by someone creating a webpage using a maliciously crated Embedded OpenType font. A victim need only view the webpage with the embedded font. Proof-of-concept code has already been released to exploit the bug through a " drive-by attack."

Another of the patches issued by Microsoft on Tuesday, MS09-067 addresses eight flaws in Microsoft Office that can lead to remote code execution should a user open an Excel file that has been crafted to exploit one of the flaws.

References:

  1. Microsoft fixes 15 flaws with six patches
    By: Dan Kaplan
    Date: November 10, 2009
    SC Magazine for IT Security Professionals

[/security/patches/windows] permanent link

Sun, Jun 08, 2008 9:47 pm

Microsoft Releasing Seven Patches This Month

Microsoft is releasing 7 patches for Windows this month. Some of the patches plug remote code execution vulnerabilities. One is a critical patch for Internet Explorer (IE) that address a vulnerability in versions of IE from 5.01 through 7. This patch applies to Windows 2000 SP4, XP SP2 and SP3, Windows Server 2003 SP1 and SP2, Vista SP1, and all versions of Windows Server 2008. Further information on the patches is available at " Microsoft To Issue 7 Patches This Month.

References:

  1. Microsoft To Issue 7 Patches This Month
    By Jabulani Leffall
    June 5, 2008
    Redmond | The Independent Voice of the Microsoft IT Community

[/security/patches/windows] permanent link

Once You Know, You Newegg AliExpress by Alibaba.com

Shop Amazon Local - Subscribe to Deals in Your Neighborhood

Valid HTML 4.01 Transitional

Privacy Policy   Contact

Blosxom logo