No announcement yet.

HOW TO SECURE Windows 2000/XP/Server 2003 & VISTA, fully, per CIS Tool scoring

Collapse
This is a sticky topic.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #61
    Easier/Faster method of fixing the NTVDM subsystem security issue per my last post

    To help users automate this fix for the security issue in the NTVDM DOS 16-bit emulation subsystem present in 32-bit Windows NT-based OS (all of them & since 1992-1993 no less) that was noted in my last post above, You can do this far faster/easier/simpler, by using something Microsoft themselves devised to make it easier & simpler than registry editing, see the URL below:

    Microsoft Security Advisory: Vulnerability in Windows Kernel could allow elevation of privilege

    (It's easier/faster/simpler than wholesale disabling via renames or deletions of the files the NTVDM DOS 16-bit emulation subsystems components as shown above OR via registry edits, & thus, you can use what's in that URL above instead (and enable it again easily enough when a fix arrives IF you choose to do so as well)).

    APK
    "I'm Reese: Sgt. TechComVN38416 assigned to protect you - You've been TARGETTED FOR TERMINATION!"

    Comment


    • #62
      If a website prompts you to press the "f1" key? Don't!

      IF A WEBSITE PROMPTS YOU TO PRESS THE "F1" KEY? DON'T!

      Here is why:

      Microsoft Windows "MsgBox()" HLP File Execution Vulnerability - Advisories - Community

      Secunia Advisory SA38727

      Microsoft Windows "MsgBox()" HLP File Execution VulnerabilitySecunia Advisory SA38727
      Track and eliminate the complete Vulnerability threat lifecycle

      Release Date 2010-03-01

      Criticality level Moderately critical

      Impact System access

      Where From remote

      Solution Status Unpatched

      Operating System(s):

      Microsoft Windows 2000 Advanced Server
      Microsoft Windows 2000 Datacenter Server
      Microsoft Windows 2000 Professional
      Microsoft Windows 2000 Server
      Microsoft Windows Server 2003 Datacenter Edition
      Microsoft Windows Server 2003 Enterprise Edition
      Microsoft Windows Server 2003 Standard Edition
      Microsoft Windows Server 2003 Web Edition
      Microsoft Windows Storage Server 2003
      Microsoft Windows XP Home Edition
      Microsoft Windows XP Professional

      Description

      Maurycy Prodeus (my fellow "polish person") has discovered a vulnerability in Microsoft Windows, which can be exploited by malicious people to compromise a user's system.

      The vulnerability is caused due to the VBScript "MsgBox()" function allowing the execution of arbitrary HLP files. This can be exploited to execute an HLP file from e.g. an SMB share by tricking a user into pressing F1 when viewing a specially crafted website.

      Successful exploitation allows execution of arbitrary commands via HLP macros.

      The vulnerability is confirmed with Internet Explorer 7 on a fully patched Windows XP SP3, and additionally reported in Windows 2000 and Windows Server 2003.

      Solution

      Avoid pressing F1 on untrusted websites. Disable Active Scripting support.

      APK

      P.S.=> I was a "wee bit" slow on posting this one, but, here tis (around 28 days later than I ordinarily would, sorry about that, "busy boy" here is all)... apk
      "I'm Reese: Sgt. TechComVN38416 assigned to protect you - You've been TARGETTED FOR TERMINATION!"

      Comment


      • #63
        MS issues Out-of-Band emergency Internet Explorer updates... apk

        MS Issues Emergency IE Security Update:

        http://www.microsoft.com/technet/sec.../ms10-018.mspx

        ----

        Microsoft has issued an emergency patch for 10 IE security holes. 'The cumulative update, which Microsoft announced on Monday, resolves nine privately reported flaws and one that was publicly disclosed. Software affected by the cumulative update addressing all the IE vulnerabilities includes Windows 2000, Windows XP, Windows Server 2003 and Server 2008, Vista, and Windows 7.

        ----

        :)

        * This one closes a LOT of "security holes" in Internet Explorer, through ALL of Microsoft's 32 & 64 bit Windows NT-based Operating Systems of "modern variety"...

        APK

        P.S.=> Well, "have @ it folks", & that's "hot off the presses"... enjoy! apk
        "I'm Reese: Sgt. TechComVN38416 assigned to protect you - You've been TARGETTED FOR TERMINATION!"

        Comment


        • #64
          For those of you that use a CUSTOM HOSTS FILE for increased SPEED & SECURITY online

          For those of you who are aware of the advantage of using a custom HOSTS file, for both noticeable added speed, AND NOTICEABLE ADDED SECURITY ONLINE (this latter being via the SIMPLE PRINCIPLE of "You can't get burned, if you can't go into the 'malscripted site kitchen'")?

          I have just edited my post point #5 here with the list below (of reputable & updated sites that keep lists of KNOWN BAD SITES &/or SERVERS, or entire HOSTS files too) so you can integrate their entries into YOUR CUSTOM HOSTS FILE (as I have been doing for years now, with approximately 828,342 entries of known bad sites &/or servers in it):

          RESULTS USERS WHO HAVE USED MY HOSTS FILE ARE SEEING? OK - THIS TESTIMONIAL SHOULD SERVE THE PURPOSE AS A "NUFF SAID":

          ----

          HOW TO SECURE Windows 2000/XP/Server 2003 & VISTA - The Planet Forums

          "the use of the hosts file has worked for me in many ways. for one it stops ad banners, it helps speed up your computer as well. if you need more proof i am writing to you on a 400 hertz computer and i run with ease. i do not get 200++ viruses and spy ware a month as i use to. now i am lucky if i get 1 or 2 viruses a month. if you want my opinion if you stick to what APK says in his article about securing your computer then you will be safe and should not get any viruses or spy ware, but if you do get hit with viruses and spy ware then it will your own fault. keep up the good fight APK."

          - Kings Joker, user of my guide @ THE PLANET

          ----

          So, as you can see?

          Someone who used to get HUNDREDS of malware infestations a month, by stumbling into bad malscripted websites or those that serve up malware executable downloads, etc./et al, is now FAR BETTER PROTECTED by the version of my HOSTS file I use, & NO LONGER SEES THAT LEVEL OF INFESTATION, no less!

          (He gets it each day from me, via email, because I keep up on it everyday via the lists below (And, via a program I wrote to integrate the entries, alphabetize them (helps with DNS client cache loads, or B-Tree populations in diskcache), & lastly, to "normalize it" via duplicated entries removal (so file is smaller & faster to load/read too))

          It just works!

          Additionally, it works SO WELL, that Kings Joker above runs Windows 2000, no service packs, no hotfixes, no antivirus, no antispyware programs (he just installed them recently to check his infestations levels in fact, but for 1/2 a year++ or more, he did not to test this, acting as my "Lab Rat #1 in fact)... And, his results? NO SPYWARE/MALWARE/TROJANS/VIRUSES/WORMS (NO malware-in-general):

          For direct reply on his findings & results? Write he here -> [email protected]

          He can "fill you in" on the rest, as to his results &/or findings (which basically state that all you need, is to run a protective custom HOSTS file that's kept current, & be judicious about your usage of javascript (both points are covered in this article/guide, extensively, AND THEY WORK!)

          ----

          ADVANTAGES OF HOSTS FILES OVER BROWSER ADDONS ALONE, & EVEN DNS SERVERS:

          1.) HOSTS files eat A LOT LESS CPU cycles than browser addons do no less (since browser addons have to parse each HTML page & tag content in them, while HOSTS files only really consume "CPU cycles" during their loads (a programming data storage construct, which is an analog to a PASCAL record). Then, the IP stack uses the DNS client C/C++ structure, or possibly an object (not sure anymore, I'd have to see the BSD reference code again to be sure) to do the rest (that, or the local diskcache, because if you have a LARGE hosts file, you have to turn off the DNS Client Cache service, or your system will lag badly (I have notified Microsoft of this occurrence in fact, directly))!

          2.) HOSTS files are also NOT severely LIMITED TO 1 BROWSER FAMILY ONLY... browser addons, are. HOSTS files cover & protect (for security) and speed up (all apps that are webbound) any app you have that goes to the internet (specifically the web).

          3.) HOSTS files allow you to bypass DNS Server requests logs (via hardcoding your favorite sites into them to avoid not only the TIME taken roundtrip to an external DNS server, but also for avoiding those logs OR a DNS server that has been compromised (see Dan Kaminsky online, on that note)).

          4.) HOSTS files will allow you to get to sites you like, via hardcoding your favs into a HOSTS file, FAR faster than DNS servers can by FAR (by saving the roundtrip inquiry time to a DNS server & back to you).

          5.) HOSTS files also allow you to not worry about a DNS server being compromised, or downed (if either occurs, you STILL get to sites you hardcode in a HOSTS file anyhow in EITHER case).

          6.) HOSTS files are EASILY user controlled, obtained (for reliable ones -> Hosts file - Wikipedia, the free encyclopedia ) & edited too, via texteditors like Windows notepad.exe or Linux nano (etc.)

          7.) HOSTS files aren't as vulnerable to "bugs" either like programs/libs/extensions of that nature are, OR even DNS servers, as they are NOT code, & because of what's next too

          8.) HOSTS files are also EASILY secured well, via write-protection "read-only" attributes set on them, or more radically, via ACL's even.

          9.) HOSTS files are a solution which also globally extends to EVERY WEBBOUND APP YOU HAVE - NOt just a single webbrowser type (e.g. FireFox/Mozilla & its addons exemplify this, such as ADBLOCK)

          10.) AND, LASTLY? SINCE MALWARE GENERALLY HAS TO OPERATE ON WHAT YOU YOURSELF CAN DO (running as limited class/least privlege user, hopefully, OR even as ADMIN/ROOT/SUPERUSER)? HOSTS "LOCK IN" malware too, vs. communicating "back to mama" for orders (provided they have name servers + C&C botnet servers listed in them, blocked off in your HOSTS that is) - you might think they use a hardcoded IP, which IS possible, but generally they do not & RECYCLE domain/host names they own, & this? This stops that cold, too! Bonus...

          (Still - It's a GOOD idea to layer in the usage of BOTH browser addons for security like adblock, &/or NoScript (especially this one, as it covers what HOSTS files can't in javascript which is the main deliverer of MOST attacks online & SECUNIA.COM can verify this for anyone really by looking @ the past few years of attacks nowadays), for the concept of "layered security")

          APK

          P.S.=> To keep "ontop of the latest known malicious sites" online? See these sites (1 I mentioned here already, this is the rest of the list I use, & others too):

          START OF WEBSITES & SOURCES + TOOLS I USED TO POPULATE THIS LIST + MY ORIGINAL LIST OF BLOCKED ADBANNERS SERVERS

          Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
          MalwareURL - URL listing
          Malware Patrol - Malware Block List
          Alerts - Security Labs
          StopBadware - Welcome to StopBadware
          FireEye Malware Intelligence Lab
          SRI Malware Threat Center
          http://www.scansafe.com/threat_center/threat_alerts
          Netcraft - Internet Research, Anti-Phishing and PCI Security Services
          http://www.shadowserver.org/
          https://zeustracker.abuse.ch/monitor.php?filter=online
          Hosts file - Wikipedia, the free encyclopedia
          Welcome to the MVPs.org home page!
          Dan Pollock's 95% Monkey Free Homepage
          http://hostsfile.mine.nu/hosts0
          hpHosts Online - Simple, Searchable & FREE!
          StopBadware - Welcome to StopBadware

          Between they, & SpyBot "Search & Destroy"? You have most of, if not ALL of what a "body needs" for these purposes. if you know of others? Please list them, & thanks! apk
          Last edited by APK; 04-09-2010, 03:20 AM.
          "I'm Reese: Sgt. TechComVN38416 assigned to protect you - You've been TARGETTED FOR TERMINATION!"

          Comment

          Working...
          X