More ActiveX woes

A 0-day, critical vulnerability has been found in Microsoft’s MSXML 4.0 XMLHTTP ActiveX control. No word on if MSXML 6.0 is affected.

According to the CERT advisory #585137:

The XMLHTTP 4.0 ActiveX control contains an unspecified memory corruption vulnerability. When certain methods of the XMLHTTP ActiveX control are called with invalid parameters, process memory is corrupted in an exploitable manner.

Note that this vulnerability is being actively exploited.

CERT has a couple of workarounds but you can find other workarounds on the Microsoft Technet site.

Servers running Windows Server 2003, with or without SP1, are not affected if Enhanced Security Configuration is turned on (default setting). MSXML 4.0 does not come with Windows XP by default. It is available as a download or is bundled with applications.

One surefire way to see if you are affected is to check for the following registry entry:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{88d969c5-f192-11d4-a65f-0040963251e5}

If it doesn’t exist, you don’t have MSXML 4.0 installed.

Links:
CNet story
ISS bulletin

07.Nov.06 Security, Windows Comments (0)

Windows XP: Clear the paging file

The paging file is used as temporary storage, kind of like RAM only a lot slower. The problem is that information hangs around in the paging file a lot longer than it does in RAM. This can be a security issue if a plain-text password, or any other sensitive information, was stored in the paging file. You can’t clear the paging file while Windows is running but you can clear it on shutdown.

Open up the registry, regedit.exe, and browse to the following location:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management

Double-click on the key entitled ClearPageFileAtShutdown and change the value to 1. If the value does not exists, right-click in the right side pane and choose New -> DWORD value. Give the new value the name ClearPageFileAtShutdown and set the value to 1.

Restart the computer for the changes to take effect.

To optimize the paging file, download the program called PageDefrag from Sysinternals (freeware). PageDefrag works with Windows NT, 2000, XP and 2003. The program will show you how much fragmentation exists in your system files (includes pagefile.sys). Since system files can’t be defragemented while Windows is running, PageDefrag allows you to schedule a defrag upon the next, or all, system boot ups.

(Article 9, Day 10)

30.Mar.06 Security, Tech Tip, Windows Comments (0)

Windows XP: Display the security tab

If you boot XP Home into Normal Mode, right click on a file/folder in XP Home and check it’s properties, where is the Security tab? It’s not there because Windows XP Home and XP Professional, when not joined to a domain, utilize Simple File Sharing.
(more…)

29.Mar.06 Security, Tech Tip, Windows Comments (0)

Windows XP: Limit Recycle Bin size

As most people know, you can limit the size of your recycle bin by right-clicking on it, going into the properties and moving the slider for Maximum size of Recycle Bin. The problem is that anyone that logs on to the computer can change the setting. Another issue is that if one person changes the setting it affects all users. What if you want to lock down the max amount of disk space used?
(more…)

28.Mar.06 Tech Tip, Windows Comments (4)

Windows XP: Scheduling defrag.exe

Programs like Diskeeper allow you to schedule defragmentation scans and keep the bits (pieces) of files together. This helps your system perform better because it’s not having to search for every piece of a file on different places on the drive.

What if you just want to use the built-in Windows defrag program on a schedule? I know what you’re thinking. “Duh, just open Task Scheduler and choose it from the list of programs.” Well, you’d be wrong. Go ahead and look in the Scheduled Task Wizard and you won’t find defrag in that list. I don’t know why Microsoft removed it but they did. Here is how to make it work.

(more…)

21.Mar.06 Tech Tip, Windows Comments (2)