Microsoft: September 2006 Archives

Bitlocker cryptographic algorithm published

The Microsoft System Integrity Team Blog has posted a link to the Bitlocker Cryptographic algorithm.

The amazing thing is that the paper is from Microsoft, on Microsoft's site, yet its in PDF. I'm kind of used to Microsoft documentation being placed in a signed self-extracting archive. In the article they discuss why existing ciphers were not satisfactory. They are using AES in CBC mode, but using a dedicated diffuser for security against manipulation attacks.

In the crypto world, an algorithm needs to be widely examined before it is trusted for use. In this paper, Microsoft explains why they have combined a widely tested AES-CBC with a new component, the Elephant diffuser. They feel that this gives the best of both worlds, the tested security of AES-CBC, and the additional security properties of the diffuser.

By Roger on September 30, 2006 10:30 PM | | Comments (0) | TrackBacks (0)

Celebrate, XP Turns 5

Wow, that's some hit piece that Rob Pegoraro writes in today's Washington Post. To him the 5 year anniversary is not something to be celebrated. That really shouldn't be a surprise. Newspaper tech writers always spend a disporportional amount of time advocating for Mac and Linux rather than writing about the software people actually use. He thinks because he hates Microsoft everyone else does to. Hey it worked with Haliburton. Just keep repeating "Microsoft sucks" enough times, and sooner or later the sheep will believe it.

Rob ends his article by crapping on Vista ("imagine the unknown bugs in vista"). Well, the fact is that since starting the new secure programming initiatives at Microsoft, the new products they've turned out have been rather good. Are there going to be problems? Sure anytime you do something new things dont always go as expected. Will people like Rob scream to high heaven when some backwards compatiability is gone and some insecurely written programs no longer work? You bet they will.

I bet the first days of Vista wont look like this.

By Roger on September 24, 2006 12:35 PM | | Comments (1) | TrackBacks (0)

Yet Another Zero Day: Vulnerability in Vector Markup Language

Microsoft is reporting that there is a zero day in Vector Markup Language. This can be vulnerability can be exploited to install software (such as spyware) without your knowledge when your visit a website in IE or open an email in Outlook.

Currently there are some workarounds and Microsoft is planning on releasing a patch on patch Tuesday in October. By implementing the workarounds, websites that use Vector Markup Language will no longer work correctly. I have not seen any reports of just how bad that would be.

The mitigation options are deregister the VML DLL or change the ACL for that dll so the everyone group is denied access.

Jesper has an example of how to create a security template to deploy this file permission through group policy.

The problem with these methods is that you are making a security change that is really weird, and you dont know how it will effect the patching process when an official patch is released. With the WMF patch, the people who disabled this, needed to re-enable it in order to apply the patch IIRC. While that may be easy on an individual computer, is kind of worrisome for a enterprise.

By Roger on September 19, 2006 9:10 PM | | Comments (0) | TrackBacks (0)

Microsoft DirectAnimation Path ActiveX control Vulnerability

Microsoft has published a security advisory regarding a DirectAnimation Path ActiveX control vulnerability in Internet Explorer versions prior to IE 7. This vulnerability could be exploited to install software on your computer without your knowledge.

One of the best ways to protect yourself against these ActiveX attacks is to set ActiveX kill bits to disallow execution of the exploitable control. I typically use Java Cool Software's Spyware Blaster for this purpose. To do this manually,

set the kill bit for a CLSID with a value of {D7A7D7C3-D47F-11D0-89D3-00A0C90833E6}, paste the following text in a text editor such as Notepad. Then, save the file by using the .reg file name extension.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D7A7D7C3-D47F-11D0-89D3-00A0C90833E6}]
"Compatibility Flags"=dword:00000400

Or SANS has provided an app to set/unset this kill bit.
http://isc.sans.org/diary.php?storyid=1706

One note about ActiveX kill bits. They tell an ActiveX control not to run in IE. In the past there have been vulnerabilities that would allow malicious code to ignore this disable bit. It should work now if you are up-to-date on patches.

Until a patch is provided you should take steps to mitigate this risk.

By Roger on September 19, 2006 10:16 AM | | Comments (0) | TrackBacks (0)
« Microsoft: August 2006 | Main Index | Archives | Microsoft: October 2006 »

Search