[Deploy_Windows (TRUE)]

Security: MS Security Advisory 2286198 (Zero-day)

Lars Krogh — Thu, 22 Jul 2010 10:24:36 +0000

The lastest zero-day Windows vulnerability (All versions) can be exploited locally through a malicious USB drive, or remotely via network shares and WebDAV.

Chester Wisniewski’s Blog (working at Sophos) describes the use of a GPO to protect you against the exploit. The GPO should disallow the use of executable files that are not on the C: drive. If you need to run executable files from a network drive (old programs?) just specify the specific network paths in the GPO.

The exploit in action

MDT 2010: Creating a repository

Lars Krogh — Thu, 22 Jul 2010 08:23:07 +0000

When doing a simple setup I create 3 folders – MDT, MDTLogs and MDTSetup. MDT is the production share, MDTLogs is for log files and MDTSetup is for my drivers (to be imported), my custom scripts and the applications (copy of).

Every installation is different – some use DELL, others HP and some even ACER, so what about creating a batch that can setup folders within the repository for a specific hardware vendor.

A simple batch like this with 4 parameters (make, model, architecture & revision) will create the folder structure for you

Note. If you are deploying DELL machines then just go here and download their CAB files, extract them (using WINRAR) to the newly created folders and finish off with importing them into MDT using the workbench.

Starting a New Job at Systemtech A/S

Lars Krogh — Wed, 21 Jul 2010 18:14:53 +0000

I’ll start as System Consultant at Systemtech A/S August 2., so if you need help with WDS/MDT or MDT/SCCM -> call us at +45 70 30 00 00

MDT 2010: Injecting Intel storage drivers into a XP WIM

Lars Krogh — Wed, 21 Jul 2010 15:49:44 +0000

This is GREAT news for admins working with MDT and Windows XP deployments – a script that can inject Intel storage drivers into a XP WIM.

So build your base XP image using Virtual PC and do a capture. Now deploy the WIM and during the deployment use the script to inject the storage drivers like you would do in SCCM.

If I count the hours that I’ve spent on written the perfect sysprep.inf file to build my XP Master image and at the end do a capture … damn

Get the script here and give the man some love and respect!

PatchMan: Adobe Reader in “protected mode”

Lars Krogh — Wed, 21 Jul 2010 07:56:43 +0000

I use Foxit Reader to view PDF’s simply because of the many vulnerabilities in Adobe Reader.

Adobe has now announced, that Adobe Reader will be available in “protected mode” in the next major release (Protected mode has also been used in applications like Internet Explorer, Google Chrome and Microsoft Office 2010). In “protected mode” Adobe Reader will display the PDF file on the PC in a “very restricted manner” inside a sandbox.

Read more on The Adobe Reader and Acrobat Security Initiative here
Read more on Adobe Reader Protected here

PatchMan: iTunes 9.2.1 is out – update now!

Lars Krogh — Wed, 21 Jul 2010 06:56:04 +0000

I love my iPod and with it follows iTunes. The latest vulnerability in iTunes was reported to Apple by Clint Ruoho of Laconic Security and it has been fixed in version 9.2.1.

This is a buffer overflow in the handling of “itpc:” URLs. Accessing a malicious site through this protocol could lead to remote code execution (itpc URLs are used iTunes to access podcast feeds).

Read more here
Download the updated version here

Security: Secure web browsing (Follow-Up)

Lars Krogh — Wed, 21 Jul 2010 06:39:37 +0000

I’m currently testing the Secure Web Browser (Firefox) from Dell KACE.

Before that came out I’ve used a simular setup -> VMware Player and the Browser Appliance from VMware’s Virtual Appliance Marketplace.

Download VMware Player here
and find the Browser Appliance here

Security: Dell KACE offers free secure web browser

Lars Krogh — Tue, 20 Jul 2010 13:20:19 +0000

Based on Firefox 3.6 with add-ons like Adobe Flash and Adobe Reader.

The browser is virtualized using Dell KACE’s “Virtual Kontainer” technology and the initial release is for 32-bit versions of Windows 7, Vista, and XP only.

Get the download here (MSI package)

WSUS: Publish your own updates to WSUS

Lars Krogh — Fri, 16 Jul 2010 10:42:07 +0000

Local Update Publisher … just found this App on SourceForge
It allows you to publish your own updates to WSUS

Gotta check it out later today …

Downloads: VMware ESXi 4.1 released

Lars Krogh — Thu, 15 Jul 2010 12:50:39 +0000

Well I’m a few days behind on this one …
Some of the new features are:

USB Passthrough
Seriel Passthrough
vCenter Converter Hyper-V Import