Archive

Posts Tagged ‘Windows 7’

Timeline of the SMB2 vulnerability

October 6th, 2009 No comments

While researching the SMB2 vulnerability I decided to make a time line. It really shows how devastating a 0-day can be in the wrong hands

Date Event
7 September Laurent Gaffié releases PoC code on his blog
8 September The news is picked up by Sans ISC
HD Moore ports the exploit to Metasploit
Microsoft confirms the existence of the flaw
Microsoft releases an advisory
9 September The BSOD exploit is published on Milw0rm
15 September A working remote code execution exploit is released in Immunity Canvas
18 September A working remote code execution exploit is released for metasploit
Microsoft releases a tool to disable SMB2
9 October Microsoft announces a patch

To date Microsoft has not released a patch. I will continue to update this post.

A tool to disable SMB2 is here. Instructions on how to disable SMB2 manually are in the workaround section of this advisory.

On the 9th of October Microsoft announced a patch for this issue and the ISS FTP issue.

Categories: Security Tags: , , , , , ,

Aladdin eToken and Windows 7

July 14th, 2009 26 comments

Check comments below for a solution to this issue! Thanks to Daniel Verbruggen!

While testing the Aladdin eToken (USB form Factor Smart Card) with PKIClient 5.0 on windows 7, I discovered that the certificates are no longer published into the “Personal Certificate Store”.
Which makes the eToken quite useless for now on Windows 7. I can however logon to the Windows 7 system using the eToken. But for all other purposes like VPN, website authentication etc it cannot be used since Windows 7 does not offer you to pick an certificate to authenticate with.
The Smart Card device forwarding still works, over RDP and also within XP Mode on Windows 7.

I dropped Aladdin an email and asked them for timelines and Windows 7 support, but until now, nothing but silence. I will update this post when I know more. In the meanwhile if you’ve got a workaround… please drop a comment.

etoken windows 7eToken and PKIClient 5.0 on Windows 7

etoken-xpmodeeToken and PKIClient 5.0 on Windows 7 with XP-Mode.

Related issues:

Cisco VPN, Windows 7 and eToken
Website Authentication, Windows 7 and eToken

Categories: Aladdin, eToken, Windows 7 Tags: , , , , ,

Windows 7 UAC whitelist: Code-injection Issue

July 14th, 2009 No comments

Interesting insights on the new Windows 7 UAC… (http://www.pretentiousname.com/misc/win7_uac_whitelist2.html)

Win 7 UAC Code-Injection: Summary

On 5th February 2009 I wrote a proof-of-concept program to demonstrate a security flaw in Windows 7′s UAC, under default settings with beta build 7000 (also confirmed on 7022). This simply copied a file to Program Files without the user’s consent. In other words, it performed a file copy to a protected location, bypassing UAC.

“So what? All it does is copy a file?”

On 9th February 2009, to show the implications of being able to copy to System32 and Program Files, I created a second proof-of-concept program which uses the original exploit to open up a hole which in turn allows it to run any command or program with full elevation without itself requiring elevation or the user’s consent.

All of this is done without using the SendKeys or RunDll32 holes which were found earlier in February. It is done using a method which can attack almost any Windows executable and which is inherent to the changes Microsoft have made to UAC in Windows 7.

The proof-of-concept works on unmodified installs of Windows 7 beta build 7000 (and confirmed on 7022), both 32-bit and 64-bit versions, at default settings.

Setting UAC to its highest level, or using a non-admin account, will prevent the proof-of-concept from working by forcing it to display a UAC prompt. However, neither of those are defaults in the current Windows 7 betas.

As well as discussing the proof-of-concept code I argue that:

  • Microsoft should either admit that local process elevation is a problem and make Windows 7 more secure by default or admit that the Windows 7 default UAC settings are security theater (as they offer no protection) and anti-competitive (as they are inflicted on third-party code despite local elevation supposedly being a non-issue).
  • If there is to be a UAC whitelist, or the equivalent of one, then it should be up to the user which Microsoft and third-party software is on it. Users should not be forced to expose themselves to risks from software they do not use. Conversely, if reducing UAC prompts in frequently-used software is needed to stop people disabling UAC entirely then that applies to third-party software as much as to bundled software (especially once a machine is past the “setup” phase).
  • UAC itself was a good API and a good design that was given a bad name because of the way it was used by Microsoft’s application-level code (such as Explorer and Control Panel). Accordingly, the user experience of having UAC enabled could have been vastly improved by changing the application-level code without opening a huge hole in UAC.
  • Microsoft created these problems themselves and, rather than fixing them properly, have taken the easy way out, unnecessarily making UAC less secure in the process. At the same time Microsoft expect third-party vendors to do a better job than they bothered to do using the API which they themselves designed.

If you’re already shouting, “But it’s only a beta!” then there’s a section for you, too. :-)

And, for the record, I like Windows and much of what Microsoft do, in general. I even like UAC (the API, not the way it has been used). I wrote this page because I care about the platform not because I get a kick out of attacking something Microsoft have done. I call things as I see them. I attack and criticise some of what Microsoft do and I support and defend Microsoft other things that they do.

From: http://www.pretentiousname.com/misc/win7_uac_whitelist2.html

List of binaries which are allowed “auto-elevation” :

http://www.withinwindows.com/2009/02/05/list-of-windows-7-beta-build-7000-auto-elevated-binaries/

Categories: Microsoft, Security, Windows 7 Tags: , , , ,

Windows 7 Pricing revealed!

June 25th, 2009 2 comments

The full version of Windows 7 Home Premium is priced at $199, with an upgrade from Vista or XP costing $119. The full version of Windows 7 Professional is $299, with upgrades going for $199. Windows 7 Ultimate is priced at $319, with the upgrade version at $219. In what’s perhaps a nod to the recession and increased competition in the software market, the prices are about 10% less than what Microsoft charged for the corresponding versions of Windows Vista when that product shipped in January of 2007.

More here: http://www.informationweek.com/news/windows/operatingsystems/showArticle.jhtml?articleID=218101310&subSection=All+Stories

Categories: Microsoft, Windows 7 Tags: , ,

Windows 7 / Win 2008 R2 RTM at July 13th!

June 24th, 2009 No comments

From: http://bink.nu/news/windows-7-windows-server-2008-rtm-set-for-july-13th.aspx

4 days earlier then I had in my previous schedule, Microsoft has now set July 13th for RTM “sign-off”

Sign off is the process where all divisions sign that they agree on the final code, which means the actual RTM build will be created a few days earlier, which is targeted on July 10th.

The general availability (GA) is set to October 22nd, this is when you can buy it in stores in a box or on new PC’s (OEM).

We can expect the RTM much earlier on MSDN, Technet and Volume Licensing download sites, probably a few days after July 13th.

Categories: Microsoft, Windows 2008, Windows 7 Tags: , ,

Lenovo Windows 7 Drivers

June 12th, 2009 3 comments

Lenovo has made BETA windows 7 drivers available to the general public. I use some of them on Windows 7 RC1 without issues… but remember it’s still beta…

You can find them here.

Categories: Lenovo, Windows 7 Tags: , ,

Windows 7 to launch October 22

June 10th, 2009 1 comment

Microsoft confirmed on Tuesday that it is planning for Windows 7 to hit retail shelves and start showing up on new PCs on October 22.

To reach that milestone, Microsoft plans to wrap up development of the operating system by the middle or end of next month, Senior Vice President Bill Veghte said in an interview.

“The feedback from the release candidate has been good,” Veghte said.

Microsoft made the near-final release candidate version available last month. Shortly after its release, Microsoft finally confirmed that it was aiming Windows 7 for a holiday 2009 release, something that was widely anticipated, but not confirmed by those in Redmond.

In an interview, Phil McKinney, chief technology officer of Hewlett-Packard’s computer unit, said that he feels good about Microsoft’s launch date.

“We’re locked and loaded for the launch,” McKinney said. “The quality of code is just absolutely stellar.”

The software maker also confirmed, without giving details, that it plans to offer some sort of “technology guarantee” giving those who buy Vista machines close to the Windows 7 launch a free or discounted copy of the new operating system. As with past similar programs, details on pricing will be up to individual computer makers, although Microsoft did say the upgrade program will apply to Vista Home Premium and higher-priced editions (meaning not Windows Vista Basic).

The tech guarantee program is not beginning immediately, but Microsoft did raise the possibility it will offer some sort of lower-cost upgrade to those who are already using Windows Vista.

From: http://news.cnet.com/8301-13860_3-10253924-56.html

Categories: Microsoft, Windows 7 Tags: , ,