Microsoft MHTML Handler Zero Day

Microsoft issued a security advisory on Friday for a vulnerability in all supported versions of Windows. The vulnerability exists due to the way MHTML interprets MIME-formatted requests for content blocks within a document. It is possible under certain conditions for this vulnerability to allow an attacker to inject a client-side script in the response of …

Continue reading ‘Microsoft MHTML Handler Zero Day’ »

KB2264107 Available Through Microsoft Update

A mere 5 months after its initial release, Microsoft has made update KB 2264107 available through Microsoft Update.   Previously it had been available only as a direct download.  This patch was created to control the DLL search path algorithm.  As I understand it deploying the patch only gives you the ability to then deploy a …

Continue reading ‘KB2264107 Available Through Microsoft Update’ »

Hibernate and FDE

Earlier this week, I read this article reporting on Passware’s presentation at Password^20.   It reported that if you are using BitLocker or TrueCrypt and you’ve ever used hibernate, then Passware Kit Forensic is able to recover the encryption key from the Hibernate file.   The recommendation was “NEVER EVER EVER EVER allow hibernation for any computer.” I found …

Continue reading ‘Hibernate and FDE’ »

Quicktime and SCUP

When Quicktime 7.6.7 came out, I wanted to deploy it with Microsoft System Center Update Publisher (SCUP).   I’d recently used SCUP to deploy Flash (for IE) and the Dell Inventory Agent.   It made sense to look at using SCUP and SCCM Software Updates to deploy patches rather than continuing to use the old Software Distribution …

Continue reading ‘Quicktime and SCUP’ »

SCUP Rule Testing

Microsoft System Center Update Publisher is a method to get third-party updates deployed through SCCM and an internal update server.   As I started working with it this summer, I had issues creating applicability rules.   When you create a collection in SCCM you get immediate feedback about the accuracy of your rules.   You either have the number of computers …

Continue reading ‘SCUP Rule Testing’ »

Authentium Command Antivirus False Positive

Authentium Command Antivirus on Friday detected a handful of Office documents  as MSWord/Dropper.B!camelot.   I ran a couple of the files through VirusTotal and found Authentium was the only company detecting the file as a virus.   In some cases that would be a sign of being on the cutting edge of detection, but in this case …

Continue reading ‘Authentium Command Antivirus False Positive’ »

SCUP and Flash

I deployed Adobe Flash 10.1 through System Center UpdatesPublisher (SCUP).  Its kind of sad how excited this makes me. SCUP is a framework that allows you to integrate third-party update deployment into your SCCM/WSUS server.   Companies can provide a CAB file that you import into SCUP, approve updates and publish them to your SCCM server.  …

Continue reading ‘SCUP and Flash’ »

50 Percent of Enterprise XP running SP2

According to Qualys, 50% of enterprise Windows XP computers are still running Service Pack 2. This was reported by Byron Acohido in a USA Today article. This matters because MIcosoft will stop providing security patches for computers with this service pack in July. If you’re running XP, you must have service pack 3 to continue …

Continue reading ‘50 Percent of Enterprise XP running SP2’ »