Dalle & DXter

MBSA 2.1.1

By Fredrik Wall

Microsoft released
Microsoft Baseline Security Analyzer 2.1.1 last week.

It can be downloaded here.

 

Stureplan hack

By Fredrik Wall

Cool commercial for an event or a real hack?
You will never know

 

 

Security levels

By Fredrik Wall

Security levels for users PowerShell scripts?

 

 

Question
Wish options do I have If I want to be able to give my
Active Directory users the rights to run PowerShell scripts?

Answer
Built into PowerShell you have 4 different security levels
that you can apply on your users:

Unrestricted
If you chose unrestricted, you let your users run all PowerShell scripts.
This is the easiest way and the least safe way. In this case you will not
have any control of wish PowerShell scripts your users will run.

RemoteSigned
With the option RemoteSigned must all scripts that have been
downloaded from the internet been signed by a “trusted publisher”.
This will let your users create and run own scripts without sign all of them.

AllSigned
With the option AllSigned must all scripts be signed by a “trusted publisher”.
Users need to sign all of there own scripts with the companies certificate or another
certificate trusted by the company. This require a CA (Certificate Authority). 

Restricted
This is the “default” or “Out of the box” setting.
No scripts can be run.

 

If you want to use these settings on your Active Directory you need to have your users
as users on there computers. On a user account with administrator privileges you only
need to open run and write “powershell.exe set-executionpolicy unrestricted”  to be able to
run PowerShell scripts again.

 

You will find the same question and answer on the Swedish Microsoft TechNet – Experternas Arena.
I have an question/answer section about PowerShell there in Swedish.
http://technet.microsoft.com/sv-se/dd776332.aspx

 

Look at remote event log

By Fredrik Wall

This script will look in the Security EventLog at machinenamefor EventId 680 and display the last 5.

$logs=[System.Diagnostics.EventLog]::GetEventlogs("machinename")
$app = $logs |? {$_.log -eq 'security'}
$myError = $app.entries | ? {$_.eventid -eq '680'}
$myError | Select-Object -Last 5

To look at the whole security log you can do like this:

$logs=[System.Diagnostics.EventLog]::GetEventlogs("machinename")
$app = $logs |? {$_.log -eq 'security'}
$app.entries

Last 10 events from the security log

$logs=[System.Diagnostics.EventLog]::GetEventlogs("machinename")$app = $logs |? {$_.log -eq 'security'}$app.entries | Select-Object –Last 10

Updated FireFox 3.5 to 3.5.1

By Fredrik Wall

Take the time to upgrade your FireFox 3.5 to 3.5.1 if you haven’t done it already.

Help –> Check for Updates…

 

 

 

http://www.mozilla.com/en-US/firefox/3.5.1/releasenotes/

Vulnerability in Microsoft Office PowerPoint

By Fredrik Wall

Microsoft Security Advisory (969136)
Vulnerability in Microsoft Office PowerPoint Could Allow Remote Code Execution

The advisory can be found here.

Information about this from Microsoft Security Research & Defense can be found here.
Microsoft Security Response Center have posted information about it here.

More information can be found here:

• SANS
• Sophos
• IBM Internet Security Systems

 

 

Some weekend reading

By Fredrik Wall

I have found two great articles about the MSHTM Host Security on
Microsoft Security & Research Blog.

They can be found here:
The MSHTML Host Security FAQ: Part I of II
The MSHTML Host Security FAQ: Part II of II

 

 

Hyper-V Security Guide

By Fredrik Wall

Microsoft just released the Hyper-V security guide.
You can download it here, or read about it online here.

Chapter 1: Hardening Hyper-V This chapter provides prescriptive guidance
for hardening the Hyper-V role. It discusses several best practices for installing
and configuring Hyper-V on Windows Server 2008 server with a focus on security.
These best practices include measures for reducing the attack surface of a server
running Hyper-V and recommendations for properly configuring secure network
and storage devices.

Chapter 2: Delegating Virtual Machine Management This chapter discusses several
available methods for delegating virtual machine management so that virtual
machine administrators only have the minimum permissions they require.
It describes common delegation scenarios, and includes detailed steps to guide
you through using Authorization Manager (AzMan) and System Center Virtual Machine
Manager 2008 (VMM 2008) to separate virtual machine administrators from
virtualization host administrators.

Chapter 3: Protecting Virtual Machines This chapter provides prescriptive guidance
for securing virtual machine resources. It discusses best practices and includes
detailed steps for protecting virtual machines by using a combination of file
system permissions, encryption, and auditing. Also included are resources for
hardening and updating the operating system instances running within you
virtual machines.