Tuesday, March 28, 2006

Internet Explorer Vulnerability

If you're using Internet Explorer, be advised Microsoft has released a
security advisory for Internet Explorer. This would allow an attacker
to run code under the context of the logged on user. The only
workaround is to disable active scripting, which isn't such a great
workaround because it breaks so many sites. You can find the Microsoft
Advisory here:

Microsoft Security advisory (917077)

There are a number of sites which are already using exploits for the
vulnerability, so if you haven't been lately, start practicing safe
browsing habits again. All that's required is a visit to activate the
exploit. If you're interested in potential patches, there are two out
by a couple of security companies. Neither fix the problem but instead
mask the vulnerability as fixing it would require changing Microsoft's
files. However, neither are supported by Microsoft (no big surprise).
Microsoft has previously said they plan on releasing an update on 4/11,
the normal monthly patch day, but who knows? They may move it up.
Read, consider risk, etc. As far as the two patches:

eEye Digital Security

Determina

And yes, this does affect up to Internet Explorer 7 beta.

Monday, March 13, 2006

Understand the threat...

The following was an opening paragraph replying to the question of "How secure is a domain controller?"

Secure from what? Pick your risks and then make an assessment based on that. I have personally found that a fully patched Domain Controller is not secure from Denial of Service Attacks that involve a large truck running the DC over. May sound extreme but only you can really start to guess what your risks are and what you should start looking at.

The point made is a valid one: consider your threats and protect accordingly. Truth be told, we can run around in circles, chasing our tails, if we don't take the time to understand what we're protecting, what we need to protect it against, and the business factors that go into both of those things.

You can find the actual post here, in the archives for the ActiveDir (Active Directory) mailing list.