Posts tagged system

Security Bulletin – Windows Help system Hack

Jul 2nd

As some of you may have read in the press (http://news.bbc.co.uk/1/hi/technology/10473495.stm) there is currently a major security vulnerability in the Windows Help system that is currently being exploited by hackers to take control of PCs worldwide. Once they have control obviously they use the PCs for all kinds of nastiness. This vulnerability exists whether or not you use any of the Microsoft help functions which use the HPC protocol.

Over the course of this week Krayatec have been deploying to all of our clients a fix for this issue via automatic log in scripts. This means that if you have restarted your computer every night and are on a managed domain you will already be protected. If you do not have domain control on your site, we will be calling you shortly to manually apply the fix.

I have written a custom automated script to do this which can be found here : http://www.kraya.co.uk/downloads/xpfix.zip Simply download, save and run the enclosed xpfix.bat file. It takes less than a second and once completed you see a black screen saying “Krayatec XP HCP Protocol fix applied”.

There is also a fully bloated Microsoft Windows XP MSI which can be downloaded from the Microsoft KB2219475 article page here http://support.microsoft.com/kb/2219475

We would recommend that all users also apply the “Microsoft Fix it update 50459”, either via the Microsoft site or our automated script to all Windows XP computers at home and work as soon as possible.

It should be noted that whilst Anti-virus and Ant-Spyware software may detect some of the “nasties” hackers might try to install on your computer, they will not prevent this problem. To do secure your computer and prevent this vulnerability being exploited, you must run the above script.

As always if you have any questions or concerns please do not hesitate to call.

More detailed Technical Info:

On the 10th of June 2010, Microsoft announced that it was investigating new public reports of a vulnerability in the Windows Help and Support Center function of Windows XP and Windows Server 2003. The vulnerability could allow a remote attacker to use the HCP protocol to remotely execute code on any Windows XP or Windows Server 2003 computer if a user views a specially crafted web page. At this time Microsoft stated that it was aware of a proof-of-concept exploit code and limited, targeted active attacks that use this exploit code.

Subsequently Microsoft and a number of security vendors have reported wide spread attacks in the wild using this exploit to deliver a number of different malicious payloads as reported on the BBC link above.

The custom script linked above closed this vulnerability be de-registering the HCP Protocol on the computer, hence a remote attacker is not able to use the Microsoft Windows Help and Support Center function to attack the computer. This is done by deleting the HKEY_CLASSES_ROOT\HCP registry key. The old registry key is backed up to HCP_Protocol_Backup.reg incase (of reasons unknown) you decide you want to re-enable this feature.

.bat, 2219475, 50459, Ant-Spyware, anti-virus, applied, article, automated, automated script, automatic, bloated, Computer, control, custom, deploying, detect, domain, download, exploit, exploited, file, fix, Fix it, hackers, help, help functions, HKEY_CLASSES_ROOT\HCP, home, HPC, HPC protocol, issue, KB2219475, key, KrayaTec, log in scripts, Major, Microsoft, Microsoft Fix it, Microsoft windows, MSI, PC, press, prevent, problem, protected, Registry, registry key, restarted, run, save, Script, Security, software, Stephen ramsay, system, update, Vulnerability, windows XP, work, XP, XP HPC Protocol

Changing your password in Kerio Mailserver

Jun 16th

Posted by stephen in Security

No comments

Changing your passwords is very easy.

Under your Windows computer press Crtl + Alt + Del and select change password.

To Change your email password, simply log into your Web Mail (call us if you don’t know the address)

Then Select change password from the Settings drop down menu as below

settings menu in kerio webmail

And then enter your old and new passwords in the box below.

kerio password change dialog box

Remember to make it something secure that no one will guess, no kids, partners or team names and no dictionary words. Random Numbers and letters, remember capitals and lower case combinations are best, or try a sentence like “Why can 1 never remember 555″ you can use spaces. Remember the best passwords are not necessarily easy to remember but they can be if your clever about it. Hackers offten use a dictionary or password list attack to crack passwords, this is where a system tires every word in the dictionary or in a common password list, things like Rangers, Rang3rs or Celtic, C3lt1c will be near the top of that list.

+, +, Alt, attack, best, best passwords, broken, capitals, change password, Changing your passwords, combinations, common password list, Crtl, Del, dictionary, dictionary words, drop down, easy to remember, email password, guesed, Kerio, Kerio MailServer, kerio webmail, kids, Kraya, KrayaTec, letters, lower case, MailServer, Microsoft, Microsoft Widows, no one will guess, Numbers, partners, password list, ramsay, Random, Remember, secure, sentence, settings, spaces, Stephen, Stephen ramsay, system, team names, tires, try, Web Mail change password, webmail, Widows

Kerio Mail Server – Feedback and Updates

May 14th

Posted by stephen in Linux

No comments

Kerio have recently introduced a new update for the Kerio MailServer (KMS), which has fast become krayatec’s favoured mail server.

We have now deployed Kerio MailServer 6.2 to most of our clients and despite a handful of teething problems, most are now seeing advantages over Exchange and their previous IMAP based systems.

Feedback from clients has generally been positive, however for two of our clients the switch has not been as pain free as we would have liked and they are still experiencing several issues:

VERY Slow connections between the Kerio Outlook connector and the Server.
Kerio Outlook Connector seems to consume huge amounts of RAM, particularity on older Systems.
Outlook and MS Word Mail merge function seams to fail after installation of Kerio Off-line Outlook connector. This issue is still under investigation by both our own and Kerio’s Technical teams.
IMAP sync issues when using Thunderbird: Kerio and Thunderbird seem to be unable to share junk, sent and deleted folders leading to duplication.
Thunderbird and Kerio integration is not perfect in general and Thunderbird is unable to feed back junk mail training data, or rule learning, to the Kerio Mail Server.

The release notes for the new Update to Kerio MailServer 6.7 suggests that this upgrade will fix most of these issues. The update has now been deployed to our own Kerio system and we are currently testing this in full prior to deployment to our clients systems. After discussing the updates with the Kerio team, we are very hopeful of resolving the above issues. However, it is indisputable that issues may remain with legacy systems, particularity Windows 2000.

Feedback / comments and suggestions for the above issues are always welcome.

6.2, advantages, clients systems, comments, Connector, data, deleted, deployed, deployment, duplication, Exchange, fail, feed back, Feedback, fix, folders, help, IMAP, IMAP sync, indisputable, installation, investigation, issues, junk, junk mail, Kerio, Kerio integration, Kerio MailServer, Kerio MailServer 6.2, Kerio MailServer 6.7, Kerio Off-line Outlook connector, Kerio Outlook connector, KMS, KrayaTec, legacy systems, Mail, Mail merge, Mail Server, MailServer, not perfect, Off-line Outlook connector, older Systems, Outlook, pain, particularity, previous, problem, RAM, ramsay, release notes, resolving, rule learning, sent, Server, several, slow, Slow connections, Stephen, Stephen ramsay, suggestions, system, systems, Technical, teething problems, testing, Thunderbird, training, Windows 2000, Word

Security Bulletin – Adobe Reader and Acrobat

May 14th

Posted by stephen in Apple

No comments

Below is an update to Security Bulletin – Adobe – April 09

Adobe have published a new Security Bulletin and provided updates for Adobe Reader and Acrobat patches. These updates resolve the previously reported vulnerabilities in Adobe Reader 9.1 and Acrobat 9.1 and earlier versions. This vulnerability (CVE-2009-1492) would cause the application to crash and could potentially allow an attacker to take control of the affected system remotely and install Malicious code.

We have already recommended that user consider using alternatives to Adobe reader, this continues to be our current advice. However users still using Adobe should now update and install these patches as soon as practical.

Adobe recommends users of Adobe Reader 9.1 and Acrobat 9.1 and earlier versions update to Adobe Reader 9.1.1 and Acrobat 9.1.1. Adobe recommends users of Acrobat 8 update to Acrobat 8.1.5, and users of Acrobat 7 update to Acrobat 7.1.2. For Adobe Reader users who can’t update to Adobe Reader 9.1.1, Adobe has provided the Adobe Reader 8.1.5 and Adobe Reader 7.1.2 updates.

7.1, 7.1.2, 8, 8.15, 9.1, 9.1.1, Acrobat, Acrobat 7, Acrobat 7.1.2, Acrobat 8, Acrobat 8.1.5, Acrobat 9.1, Acrobat 9.1.1, Adobe, Adobe Acrobat, Adobe Reader, Adobe Reader 7.1.2, Adobe Reader 8.1.5, Adobe Reader 9.1, Adobe Reader 9.1.1, alternatives, Apple, Apple Mac, APSB09-06, attacker, Bulletin, current advice, CVE-2009-1492, CVE-2009-1493, earlier, install, Mac, Malicious code, Microsoft, patch, ramsay, Reader, remotely, resolve, Security, Security Bulletin, stephe, Stephen ramsay, system, take control, update, versions, Vulnerabilities, Vulnerability, Windows

Security Bulletin April 2009

Apr 23rd

Posted by stephen in Security

No comments

This (slightly late) bulletin is a summary of the various security bulletins released by Microsoft for April 2009, a second bulletin for non Microsoft issues will follow next week. This bulletin includes the action Kraya is taking regarding each of these updates and security warnings.

We have now completed Beta Testing of these updates and have commenced pushing these out to your computers in our phased roll out program.

For users that are on Automatic Updates direct from Microsoft these will probably already have been installed. We are in the process of changing that so that all updates will come from Kraya HQ, this allows us to ensure that only the updates we approve are pushed out to your computers and should help prevent any issues caused by configuration changes.

If any of your staff report seeing boxes pop up on their computer screens about updates please tell them to call us and we will advise as to whether the update should be installed.

So here is the list:

MS09-010 Vulnerabilities in WordPad and Office Converters (KB960477) affects Windows 2000, XP and Windows Server 2003

This security update fixed a know issue with Microsoft WordPad and Microsoft Office. Previously users had been advised to not open Microsoft Office, RTF, Write, or WordPerfect files from untrusted sources. Whilst this update fixes this issue, the advice still stands.
This patch has been tested and determined to be safe, it has now been installed in all of our Windows machines.

MS09-013 Vulnerabilities in Windows Web Services affects Windows 2000, XP and Windows Server 2003

This update resolves an issue with Microsoft Windows HTTP Services (WinHTTP) which could allow malicious software to be installed on a computer remotely.
This patch has been tested and determined to be safe, it has now been installed in all of our Windows machines. However it has been associated with a slowing of the system however the security vulnerability
is to severe to neglect.

MS09-011 Vulnerability in Microsoft DirectX 8.1 & 9.0 affects Windows 2000, XP and Windows Server 2003 (KB961373)

This update resolves an issue with Microsoft DirectX on non older systems. The vulnerability could allow malicious software to be installed on a computer remotely if user opened a specially infected Movie file.
This patch has been tested and determined to be safe, it has now been installed in all of our Windows machines. However Windows 2000 users seem to experience some slowing of graphics drivers after this update. Unfortunately again the security vulnerability
is to severe to neglect.

MS09-014 Security Update for Internet Explorer 6 & 7 (KB963027)

Resolves Six different vulnerabilities in Internet Explorer 6 & 7. These vulnerabilities could again allow malicious software to be installed on a computer remotely if a user were to view a specially crafted Web page or advert. This is one of the many reasons we recommend that users use Firefox rather than Microsoft Internet Explorer.
This patch has been tested and determined to be safe, it has now been installed in all of our Windows machines.

MS09-009 Fix for Issues with Microsoft Office Excel (KB968557, KB959964, KB959988, KB959995, KB959997, KB968694, KB959993, KB960000, KB960003) affects Microsoft office 2000, XP, 2003, 2007 on Mac and Windows, also affected are Microsoft Office Excel Viewer and Microsoft Office Converter / Compatibility Packs

This security update resolves a vulnerability that I have previously contacted you all about in Excel that could allow, allow malicious software to be installed on a computer if you opened a specially crafted Excel file.
However, this update does not replace the standing advice, do not to open files from un-trusted sources or if you receive and unexpected attachment to an email i.e. email from a trusted source, but the email content is out of character for that sender. You should also be very careful with Email forwards such as games embedded in excel and Power point presentations of pretty pictures or half naked girls on motor bikes, these are all classic ways to infect your computer with malicious software.
This patch has been tested and determined to be safe, it has now been installed in all of our Windows machines.

MS09-012 Security flaw in Microsoft Windows allowing Elevation of user Privileges (KB959454, KB952004, KB956572) affects Windows 2000, XP, Vista and Windows Server 2003 & 2008

This security update resolves a security flaw in Microsoft Windows which could allow a user who has gained access to your system, legitimately or otherwise to elevate their security privilege to an administrator. An attacker who successfully exploited any of these vulnerabilities could take complete control over the affected system.
This patch has been tested and determined to be safe, it has now been installed in all of our Windows machines.

MS09-016 Vulnerabilities in Microsoft ISA Server (KB961759, KB960995, KB968078)

This security update resolves an issue with Microsoft Internet Security and Acceleration (ISA) Server and Microsoft Forefront Threat Management Gateway (TMG), Medium Business Edition (MBE). This could create a denial of service attack if specifically designed data is passed over a network to the affected system, or the disclosure of confidential information if a user visits a Web site that contains content controlled by the attacker.
This patch does not affects most of our clients but will be installed on those affected.

MS09-015 Blended Threat Vulnerability in Search Path Could Allow Elevation of Privilege (KB959426) affects Windows 2000, XP, Vista and Windows Server 2003 & 2008

This security update resolves a security flaw in Microsoft Windows which could allow a user who has gained access to your system, legitimately or otherwise to elevate their security privilege to an administrator. An attacker who successfully exploited any of these vulnerabilities could take complete control over the affected system.
This patch has been tested and determined to be safe, it has now been installed in all of our Windows machines.

There are a long list of other updates already deployed the only ones of note are Microsoft Internet Explorer 8 Release Candidate 1 (RC1) and its subsequent updates despite testing ok there have been wide spread reports of IE8 slowing computers down. Therefore no more computers will be upgraded at this time and I would reiterate my advice to use Firefox rather than IE. If IE 8 has already been installed on your computer, uninstalling it and reverting back to IE 7 does not seem to help speed it back up.

We will continue to monitor the situation and await further updates from Microsoft.

As ever any questions please let me know.

2000, 2003, 2008, 2009, 8.1, 9.0, administrator, advert, Apple Mac, April, April 2009, associated, attachment, attack, attacker, Automatic updates, Bulletin, changes, computers, configuration, Converters, denial of service, deployed, DirectX, DirectX 8.1, DirectX 9.0, disclosure of confidential information, elevate, Elevation, Elevation of Privilege, email, Email forwards, embedded, Excel, Excel file, Excel Viewer, file, File converter, files, Firefox, fixed, flaw, Gain access, gained access, games, half naked girls, HTTP Services, IE 6, IE 7, IE8, infect, infected, infected Movie, installed, Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, ISA Server, issue, Issues Microsoft Office Excel, KB952004, KB956572, KB959426, KB959454, KB959964, KB959988, KB959993, KB959995, KB959997, KB960000, KB960003, KB960477, KB960995, KB961373, KB961759, KB963027, KB968078 Microsoft Internet Security and Acceleration Server, KB968557, KB968694, know issue, Kraya, legitimately, Mac, malicious, malicious software, Microsoft, Microsoft DirectX, Microsoft Forefront Threat Management Gateway, Microsoft Internet Explorer, Microsoft Internet Explorer 8 Release Candidate 1, Microsoft ISA Server, Microsoft Office, Microsoft Office 2000, Microsoft Office 2003, Microsoft Office 2007, Microsoft Office Excel Viewer, Microsoft Office XP, Microsoft windows, Microsoft WordPad, Movie, movie File MPEG, MS Office for Mac, MS09-009, MS09-010, MS09-011, MS09-012, MS09-013, MS09-014, MS09-015, MS09-016, neglect performance, network, office, Office 2000, Office 2003, Office 2007, Office Compatibility, Office Converter, Office XP, opened, patch, phased roll out, Power point, Power point presentations, pretty pictures, prevent, Privileges, ramsay, RC1, recommend, remotely, RTF, safe, screens, Security, security bulletins, security privilege, security update, security warnings, severe, slow, slowing, slowing of graphics drivers, Social Networks, software, sources, specially, specially crafted, specially crafted Web page, standing advice, Stephen, stepram, summary, system, tested, TMG, un-trusted, unexpected, untrusted, update, update fixes, Updates, user, user visits, visits, Vulnerabilities, Vulnerability, Web page, Web site, Windows, Windows 2000, Windows machines, Windows server, Windows Server 2000, Windows Server 2003, Windows Server 2008, Windows Web Services, windows XP, WinHTTP, WordPad, WordPerfect, Write, XP, your system

Technological Ramblings by Stephen

Stephen Ramsay is the Head of Krayatec Edinburgh’s leading Linux centric IT Support Company. We provide IT Support, telecoms and technology partnerships to businesses running Windows, Linux and Apple based systems. We also manage the complete and seamless integration of, all these operating systems into one coherent, network and technology strategy.
This blog is part work, part personal, so I hope you enjoy the mix and feel free to leave some comments, reply via Twitter, or drop me an Email for more information, on anything you read here, or to find out a bit more about what we do and how we do it.
Categories
- hardware
- how to
- Journeys
- Kraya
- Linux
- Privacy
- Random Rambelings
- Rants
- Security
  - Apple
  - Windows updates
- tweets
- Uncategorized
- Windows
Tag Cloud
anti-virus Apple Apple Mac Computer computers email IMAP issues junk Kerio Kerio MailServer Kerio Offline Outlook Connector Kraya KrayaTec Linux Mac Mail Server MailServer Microsoft Microsoft windows network office Outlook ramsay Random Security Server slow Social Networks software spam Stephen Stephen ramsay stepram Thunderbird tweets twitter Ubuntu update Vista Vulnerability webmail Windows windows XP XP
blogrol
Kraya
Open Source Software
Social Networks
usefull geekerie
- DNS / MX Propagation Checker
- Whats my dns
Calendar
September 2010

M T W T F S S

« Jul

1 2 3 4 5

6 7 8 9 10 11 12

13 14 15 16 17 18 19

20 21 22 23 24 25 26

27 28 29 30
Blog Archives

Posts tagged system

Security Bulletin – Windows Help system Hack

Changing your password in Kerio Mailserver

Kerio Mail Server – Feedback and Updates

Security Bulletin – Adobe Reader and Acrobat

Security Bulletin April 2009

Technological Ramblings by Stephen

Categories

Tag Cloud

blogrol

Kraya

Open Source Software

Social Networks

usefull geekerie

Calendar

Blog Archives