PatchMan: MSRC Advisory 2269637

Posted by Lars Krogh in Hints on 27/08/2010

patchman-msrc-advisory-2269637

Here’s a good blog on the DLL hijacking vulnerabilities going on right now …

Facts:
- The user must open a document from a WebDAV share or a network file share
- The attacker must guess what vulnerable software you have installed
- There are easier ways to trick a user
- Virus software CAN help

Read also Microsoft Security Advisory 2269637 here

No Comments

Hints: VMware Workstation boot menu

Posted by Lars Krogh in Hints on 27/08/2010

hints-vmware-workstation-boot-menu

I use VMware Workstation a lot. One thing that always has irritated me was getting to the boot menu – here’s a trick:

You can increase the boot delay by editing your .vmx file – add this line:
bios.bootDelay = “5000″ (5000 = 5 second)
or add
bios.forceSetupOnce = “TRUE”

This will make the VM enter the BIOS setup at the next boot.

No Comments

Hints: Backup drivers for OSD use

Posted by Lars Krogh in Hints on 21/08/2010

hints-backup-drivers-for-osd-use

Double Driver is a portable driver backup app great for grabbing drivers from a OEM installation. No installation needed and it grabs all non Microsoft drivers per default.

Grab it here

No Comments

Hints: Capture movie from WMware Workstation

Posted by Lars Krogh in Hints on 19/08/2010

hints-capture-movie-from-wmware-workstation

I needed to capture a movie of a (MDT) build-and-capture task sequence, but before installing VMware Tools the resolution is 800×600 in 8 bit cause of the missing display driver.

So I extracted the VMware Tools.msi using Universal Extractor (MsiX extraction), found the SVGA.cab file and extract that, imported the driver into my driver repository and now the TS picks up the display driver before booting into Windows for the first time.

, , ,

No Comments

Hints: Applications, Drivers and Updates

Posted by Lars Krogh in Hints on 18/08/2010

hints-applications-drivers-and-updates

Working with Deployment you always have to maintain a repository of vendor specific Application, Drivers and Updates.

I use the HP’s SoftPaq Download Manager, the Lenovo’s Update Retriever, the DELL’s cab files and the Microsoft catalog.

This gives me a up-to-date repository for use in MDT and SCCM.

, , , , ,

No Comments

PatchMan: August security updates

Posted by Lars Krogh in Hints on 12/08/2010

patchman-august-security-updates

Make sure to check up on this …

Out of the 14 patches released here in August 8 of them have the maximum severity rating, so get your systems patched – I’m pretty sure, that we will get hit by a malware storm soon!

Source: Jonathan Ness of MSRC Engineering

, ,

No Comments

MDT 2010: BGinfo and VNC server in your boot image

Posted by Lars Krogh in Hints on 11/08/2010

mdt-2010-bginfo-and-vnc-server-in-your-boot-image

What about including BGinfo and VNC server in your boot image, so you can watch the deployment remotely?

I use a custom Unattend.xml in my boot images together with the RealVNC server program files

I’ve added these run commands  to Unattend.xml

===Unattend.xml===
<RunSynchronousCommand wcm:action=”add”>
    <Description>Run BG info</Description>
    <Order>1</Order>
    <Path>X:\Deploy\Scripts\Bginfo.exe X:\Deploy\Scripts\STEP0.bgi /nolicprompt /silent /timer:0</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action=”add”>
    <Description>Disable firewall</Description>
    <Order>2</Order>
    <Path>wpeutil disablefirewall</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action=”add”>
    <Description>Import VNC password</Description>
    <Order>3</Order>
    <Path>regedt32 /s “%ProgramFiles%\RealVNC\VNC4\Password.reg”</Path>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action=”add”>
    <Description>Start VNC minimized</Description>
    <Order>4</Order>
    <Path>cmd /C start “VNC” /min “%ProgramFiles%\RealVNC\VNC4\winvnc4.exe”</Path>
</RunSynchronousCommand>
===

===Password.reg===
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\RealVNC\WinVNC4]
“Password”=hex:27,0a,a9,22,d9,0a,6b,83
“QueryConnect”=dword:00000000
“QueryOnlyIfLoggedOn”=dword:00000000
“ReverseSecurityTypes”=”None”
“SecurityTypes”=”VncAuth”
“DisableLocalInputs”=dword:00000001
===

Note.
The entry “DisableLocalInputs”=dword:00000001 will disable keyboard/mouse on the local computer

LiteTouch.wsf is being kicked off just afterwards.

I’ve customized the .bgi (BGinfo config file), so it will display the IP address on the background.

Now I can start the deployment, return to my desk (with the IP) and connect to it using VNCviewer.

, ,

No Comments

PatchMan: KB2286198 on Windows XP SP2

Posted by Lars Krogh in Hints on 10/08/2010

patchman-kb2286198-on-windows-xp-sp2

F-Secure has posted an article on how to Install the LNK Update (KB2286198) on Windows XP SP2 (KB2286198 only support SP3).

This is a simple hack – just change the CSDVersion key value from 300 to 200 and reboot your box.
The key is located here HKLM\System\CurrentControlSet\Control\Windows

This should protect your XP SP2 machines from the LNK exploit … kool

No Comments

PatchMan: MBSA 2.2 released

Posted by Lars Krogh in Hints on 09/08/2010

patchman-mbsa-2-2-released

This is a minor upgrade that correct minor issues and adds optional catalog support.

Download it from here

, ,

No Comments

Security: MS Security Advisory 2286198 (Zero-day)

Posted by Lars Krogh in Hints on 22/07/2010

security-ms-security-advisory-2286198-zero-day

The lastest zero-day Windows vulnerability (All versions) can be exploited locally through a malicious USB drive, or remotely via network shares and WebDAV.

Chester Wisniewski’s Blog (working at Sophos) describes the use of a GPO to protect you against the exploit. The GPO should disallow the use of executable files that are not on the C: drive. If you need to run executable files from a network drive (old programs?) just specify the specific network paths in the GPO.

The exploit in action

, ,

No Comments