Saturday, June 17, 2006

Microsoft Excel Vulnerability

Original release date: June 16, 2006
Last revised: --
Source: US-CERT

Systems Affected
* Microsoft Excel 2003
* Microsoft Excel XP (2002)
* Microsoft Excel for Mac
Microsoft Excel is included with Microsoft Office. Other versions of
Excel, and other Office programs may be affected or act as attack

An unspecified vulnerability in Microsoft Excel could allow an
attacker to execute arbitrary code on a vulnerable system.

I. Description
Microsoft Excel contains an unspecified vulnerability. Opening a
specially crafted Excel document, including documents hosted on web
sites or attached to email messages, could trigger the vulnerability.
Office documents can contain embedded objects. For example, a
malicious Excel document could be embedded in an Word or PowerPoint
document. Office documents other than Excel documents could be used as
attack vectors.
For more information, please see Vulnerability Note VU#802324.

II. Impact
By convincing a user to open a specially crafted Excel document, an
attacker could execute arbitrary code on a vulnerable system. If the
user has administrative privileges, the attacker could gain complete
control of the system.

III. Solution
At the time of writing, there is no complete solution available.
Consider the following workarounds:
Do not open untrusted Excel documents
Do not open unfamiliar or unexpected Excel or other Office documents,
including those received as email attachments or hosted on a web site.
Please see Cyber Security Tip ST04-010 for more information.
Do not rely on file extension filtering
In most cases, Windows will call Excel to open a document even if the
document has an unknown file extension. For example, if document.x1s
(note the digit "1") contains the correct file header information,
Windows will open document.x1s with Excel.

Thursday, June 15, 2006

Windows XP Tips & Tricks - Part 2

1. Renaming Multiple Files in a Directory:
If you want to rename multiple files in the same directory:
1. Using the Windows Explorer, select all the files you want to rename
2. Press F2 or right click and select Rename
3. Enter the prefix for the name you want
4. This will automatically rename the rest of the files Newname (1).jpg, Newname (2).jpg etc.
5. Make sure you include the extension if you have the Explorer configured to show them.

2. Speeding Up Network Browsing:
There are a lot of things which can negatively impact how fast XP will browse network shares. One has been previously covered regarding browsing to Win9x computers.
Other things you can try, especially when there is slow browsing to network shares with a lot of files:
1. Remove current shortcuts in My Network Places
2. Change the registry so shared folders on remote computers are not automatically added to My Network Places when you even open a document from that shared folder
1. Start Regedit
2. Create a DWORD value:
3. HKEY_Current_User \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer \ NoRecentDocsNetHood to 1.
4. I have also seen setting the following help as well.HKEY_Current_User \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer \ UseDesktopIniCache to 1.

3. Increase the amount of data is buffered at one time to send to a client. On the computer with the shared directory:
1. Start Regedit
2. Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters
3. Create a DWORD Key called SizReqBuf
4. Give it a value of Hex FFFF

3. Make Pictures Smaller Unavailable:
When you try and send pictures through e-mail, you should normally be given the option to make them smaller. If this option is not available, a DLL file may need to be registered.
1. Start
2. Run
3. regsvr32 shimgvw.dll

4. Creating a Suspend Shortcut:
If you would like to create an icon to suspend your computer,
1. Right click on the Desktop
2. New / Shortcut
3. Enter in rundll32.exe PowrProf.dll, SetSuspendState
4. Give it whatever name you want
Now when you click on that shortcut, your computer will shutdown and suspend

5. Determining Which Services are Associated with SVCHOST:
Since so many critical services are run with each svchost,You can see which ones are being used by opening a cmd prompt and running:
tasklist /svc /fi "imagename eq svchost.exe"
Note: This is available only with XP Pro

6. Identify Faulty Device Drivers:
If you are having problems with lockups, blue screens, or can only get to safe mode,often the problem is due to a faulty device driver.
One way to help identify them is through the use of the Verfier program
1. Start / Run / Verifier
2. Keep the default of Create Standard Settings
3. Select the type of drivers you want to confirm
4. A list of drivers to be verified on the next boot will be shown.
5. Reboot
6. If your computer stops with a blue screen, you should get an error message with the problem driver
7. To turn off the Verifier, run verifier /reset

7. Viewing Installed Drivers
If you want to see a list of installed drivers, you can run the driverquery programThere are a lot of available switches to view different types of information.On use can be to export to a CSV file for viewing in ExcelAn example would then be:
Driverquery /v /fo csv > drivers.csv

8. Guest Only Network Access
If you try and connect to an XP computer and are shown a logins screen with only the computername/Guest,You may need to change one of the Local Security Policies:
1. Got to Control Panel - Administrative Tools
2. Go to Local Policies - Security Options
3. Check teh Network access: Sharing and security model for local accounts
4. Set it to Classic - local users authenticate as themselves

9. Not Displaying Previous Network Share Shortcuts:
By default, when you go to Network Places, it will scan and show shortcuts to previous network shares.To turn this off and remove any current shortcuts
1. Open up the Windows Explorer
2. Go to Tools / Folder Options / View
3. The top section should be Files and Folders
4. Uncheck Automatically search for network folders and printers
5. Then go into Network Neighborhood Select all the previous netowork connections Delete them
Next time you look at the Network Neighborhood, they should not repopulate

10. Hiding a XP Computer from Network Neighborhood:
If you want to share files from a XP computer, yet want to remove it from showing up in the Network Neighborhood,
Run net config server /hidden:yes

Good Luck!

Wednesday, June 14, 2006

Windows XP Tips & Tricks - Part 1

1. Cleaning the Prefetch Directory:
WindowsXP has a new feature called Prefetch. This keeps a shortcut to recently used programs. However it can fill up with old and obsolete programs.
To clean this periodically go to:
1. Star / Run / Prefetch.
2. Press Ctrl-A to highlight all the files.
3. Delete them.

2. Not Displaying Logon, Logoff, Startup and Shutdown Status Messages:
1. Start Regedit.
2. Go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system 3. If it is not already there, create a DWORD value named DisableStatusMessages.
4. Give it a value of 1.

3. Bringing Up the Shutdown Dialog Box:
1. Create a new txt file somewhere on your system, open it and put in this one line: (newActiveXObject("Shell.Application")).ShutdownWindows();
2. Save and Close the file. Change the extension to js and your got it.
3. You can make a shortcut to that file to make it easy to shut down your system.

4. Increasing the Folder Cache:
The default setting for WindowsXP is to cache the Explorer settings for 400 folders.To increase it:
1. Start Regedit.
2. Go to HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam.
3. Change the vaule of BagMRU to whatever size you want (hex).
1000 - 3e8
2000 - 7d0
3000 - bb8
4000 - fa0
5000 - 1388

5. Poweroff at Shutdown:
If your computer does not turn off the power when doing a shutdown,you may need to edit the registry. I have all the correct BIOS and Power settings and still needed to do this.
1. Start Regedit.
2. Go to HKEY_CURRENT_USER\Control Panel\Desktop.
3. Edit the key PowerOffActive and give it a value of 1.
4. You can do the same in HKEY_USERS\.DEFAULT\Control Panel\Desktop.

6. Show Hidden Devices:
You can show hidden devices in the Device Manager. One way is by making a simple registry change. The other is through a batch file.

Registry Change:
1. Go to HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet001 \ Control \ Session Manager \ Environment.
3. Give it a value of 1.

Batch File
@Echo Off
Prompt $p$g
start devmgmt.msc

7. Disable Shared Documents:
To disable the Shared Documents folder that shows up on the network:
1. Start Regedit.
2. Go to HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer 3. Create a new DWORD Value.
4. Give it the name NoSharedDocuments.
5. Give it a value of 1.
6. Log off or reboot.

Good Luck!