30 October 2007

PDF Vulnerability

We recently got hit with a new threat in the form of a vulnerability in Adobe Acrobat Reader that allows a PDF file with malicious code to download a trojan off the internet.
When you open the pdf file a command line window may appear, and internet explorer or firefox may attempt to open. I have also heard of a case where outlook/outlook express is opened as well.

In order to combat this threat you need to download a patch from the Adobe site here.

You can find out more information on the vulnerability and its exploits below:

27 July 2007

Trend UltraVNC Problem

My Trend Micro Office Scan server has recently started poping up with tons of TROJ_Generic.MRS viruses. I managed to narrow it down and determine that Trend is picking up my UltraVNC Server on some of my computers as this TROJ_Generic.MRS virus.

To stop multiple errors from poping up on the client machine you can temporarily stop the UltraVNC service.
NOTE:
Once you stop the service the UltraVNC exe file will be deleted from the machine so you may need to re-install the application.

To prevent the anti-virus from picking up the UltraVNC server as a trojan again you can add an exclusion to the OfficeScan server via the webconsole.
Click on Clients -> Scan Options -> Real Time Scan Settings.
In the Real Time scan settings page check the Enable Exclusion list.
Click on the Exclusion list link and in the folder section add the UltraVNC directory.
C:\Program Files\UltraVNC and then click add.

04 July 2007

PDF Spam


It looks like the spam community is starting to use PDF files to fool spam filters.

This is going to be difficult to combat as PDF files can not be blocked seeing as they are a commonly used document type.

28 June 2007

Adobe Acrobat Reader 8 Active Directory Roll-out

To install Adobe Acrobat Reader 8 on all your network computers using active directory you con do the following steps:
Please note I am using Mozilla Firefox 2.0 to download the files
Windows 2003 server with GPMC (Group Policy Managment Console)


  1. Download Adobe Acrobat to your computer and install it.
  2. Find the Setup.msi file in the folder: C:\Program Files\Adobe\Reader 8.0\Setup Files\
  3. Copy the files in this folder to your NETLOGON folder on your server
    C:\WINDOWS\SYSVOL\sysvol\scripts\
  4. Add the package in your active directory use group policy management console.
    Right Click on an OU in AD and select "Create and Link GPO here"

    Give the GPO a name. Then Right click on it and select "Edit"
    Expand Computer Configuration -> Software Settings -> Software Installation.
    Right Click on Software Installation and Select New -> Package.
    Browse to \\netlogon\. Click ok.
    Click ok on the assigned dialog and you are done.
  5. You Should see the entry below appear in your window indicating that the package is ready to be installed.
  6. Next time your computers in that OU reboot they should get Adobe Acrobat 8 Installed

04 June 2007

A little bit more on WSUS3

OK, so I have now finally made the full shift to WSUS3. My WSUS2 server is not a thing of the past and I have come to love this change. I have noticed one or two more coll things that make the change a good one.

Some of my favorite things are:
  • Custom views
  • Better filtering
  • Event Log
Custom Views
You can now create a custom update view for your updates using multiple criteria.
I have created custom views for ISA Server 2004 updates, Exchange Updates, Windows 2000 Updates, Windows 2003 Server updates and Windows XP updates. Now what this allows me to do is to find the updates that are needed by using the filters to find the updates which these particular Operating systems or applications require and apply the to the relevant groups I wish to apply them to.

Better Filtering

The WSUS3 MMC console allows you to filter your updates and computer with dropdown lists. You can now set the console to show you only the computers that require your attention and the ones that are 100% up to date will not be displayed. this helps save time by only showing you what you want to see and not everything at once.

Event Log

There is an event log for each and every computer and each and every update. You can now see the status of the update. For instance you can see if it has just been downloaded by the client or if the client had a problem installing it. It even tells you if the update is just waiting for a re-boot to finish the installation.

Conclusion
WSUS3 is a step in the right direction. The system allows for much more control and flexibility compared to its predecessors. I would recommend any admin to upgrade to WSUS3.

29 May 2007

WSUS3 and DCPROMO Problem

I recently installed WSUS3 and then decided I wanted my server to be a domain controller. This however broke the WSUS3 installation. I managed to find some work arounds and isolate that the DCPROMO command makes some rights changes to certain folder in IIS and others. The following articles helped me solve my problem with file system rights.

After I had changed the settings above I was still getting some errors about the database and it would appear that the Windows Internal Database would not start. I added all rights to the folder %SystemRoot%\SYSMSI\SSEE\MSSQL.2005\MSSQL\DATA for the Network Service group.


26 May 2007

WSUS 3

WSUS (Windows Server Update Services) is a Microsoft tool that allows you to provide Microsoft updates to your computers from a single interface. The new WSUS3 that was recently released provides the administrator with an MMC Console to manage all the updates for your computers. A WSUS Server downloads updates from Microsoft Update or from another WSUS server and then the client machines are forced to download the updates from the server via a Group Policy.

The Benefits of WSUS
  • Save bandwidth, because only one machine downloads your updates and distributes them instead of each computer downloading updates individually.
  • Save Time, because you manage all of your computers from one place instead of going from computer to computer.
  • Better Security, with WSUS your control over the updates will be vastly improved and therefore your network will be more secure.
Improvements from WSUS2 to WSUS3
  • MMC console instead of Web interface
  • Better reporting tools
  • More options and settings
Drawbacks of WSUS3
  • You can't sync a WSUS3 Server with a WSUS2 server
  • The MMC console is terribly slow over a WAN connection.
  • There is no web interface, so you have to install the MMC snap-in and the Microsoft Reporting tool in order to manage your server from another computer.