Category Archives: Microsoft

All Microsoft Products (Exchange, SQL, Windows, Server)

PDF Exploits

I usually don’t do this, but since not all the information seems to be in a single spot I’m compiling a bit.

Adobe released the following:
http://www.adobe.com/support/security/advisories/apsa09-01.html

A critical vulnerability has been identified in Adobe Reader 9 and Acrobat 9 and earlier versions. This vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system. There are reports that this issue is being exploited.

Adobe is planning to release updates to Adobe Reader and Acrobat to resolve the relevant security issue. Adobe expects to make available an update for Adobe Reader 9 and Acrobat 9 by March 11th, 2009. Updates for Adobe Reader 8 and Acrobat 8 will follow soon after, with Adobe Reader 7 and Acrobat 7 updates to follow. In the meantime, Adobe is in contact with anti-virus vendors, including McAfee and Symantec, on this issue in order to ensure the security of our mutual customers. A security bulletin will be published on http://www.adobe.com/support/security as soon as product updates are available.

All documented security vulnerabilities and their solutions are distributed through the Adobe security notification service. You can sign up for the service at the following URL: http://www.adobe.com/cfusion/entitlement/index.cfm?e=szalert

It affects all versions of Adobe’s Acrobat (Pro, Standard, and Reader) version 9, 8, 7, and potentially 6/5. Currently the exploit uses JavaScript to call on memory that hasn’t been allocated properly and causes exceptions and an application failure. So, at a minimum, this exploit will crash out your Adobe Acrobat. At a maximum, it can open up your entire system to “bad things”. The exploit in the wild, as of right now, only uses javascript. Therefore, one can simply follow these steps:

Open Adobe Acrobat Reader (version 8 or 9)
Click Edit >> Preferences
Scroll down to JavaScript and uncheck Enable Acrobat JavaScript
Click OK

Or if you would prefer to use registry keys (and if you’re like me and use GPO’s to deploy the registry key imports at startup) here they are:

Add the key HKCU\software\adobe\acrobat reader\x.0\JSPrefs
Add a DWORD "bEnableJS", set value to 0
also make sure you look in HKCU\software\adobe\adobe acrobat\.. as well. The same thing applies to all versions.

It should be noted that JavaScript is merely used as the compiling tool in this case. Without JS enabled, the exploit STILL EXISTS, it’ll just be harder (in theory) to write for.

Format Large HD FAT32

If anyone has done disk backups using the DOS Ghost client (or other DOS based clients) you have probably had some issues with NTFS. Don’t get me wrong, NTFS is a pretty decent file system, but FAT32 is noticeably more compatible.

Getting a drive that’s NTFS to work on DOS/MAC/Pre-Windows 98/Linux is sometimes a PITA.

Most external drives come preformatted as FAT32 for this very reason. If you need it NTFS that’s no big deal – just open up the disk manager in Windows and blast away (diskmgmt.msc). Windows, however, has a limit on formatting for FAT partitions: 32GB. Whoopie.

The easiest way is to use a disk formatting utility (Hiren’s has some good ones on there). The second easiest is to use DOS style commands.

Start
Run
CMD
format /FS:FAT32 G:
Y

The command can be broken down as follows:
Format – this is the actual command
/FS:FAT32 – Filesystem Fat32
G: – the drive letter of the drive you want to reformat

***EDIT***
Apparently you can also use several freeware programs. One that was given to me is called Swissknife.

Exchange 2007 Not Reading All DCs

When people install programs without fully realizing what they are doing, bad things tend to happen. Installing Exchange can be a tedious process – it has so many prerequisites that it can take several hours just to get to the point that exchange actually starts to install.

As we all know, Exchange 2007 requires a 64bit operating system. At least it’s required in a production environment since Microsoft will not support 32bit 2007 servers. We also know that Exchange 2007 does not read from the Global Catalog if the GC is running on a Windows 2000 Server. The newest Exchange requires a minimum of 2003 standard in order to read fully from Active Directory. And we all know that AD is required for Exchange to be happy. These are things we know.

If you open the Exchange Management Console and navigate to Server Configuration. In the main reading pane you should see your Exchange Server(s). Right click on your Exchange Server and select properties. The bottom two text boxes will show you the current Domain Controller(s) and Global Catalog(s). If you have more than one Domain controller and Exchange is only showing one, you have a problem.

First thing to check is always the Eventviewer. Check the eventvwr!!!
Second thing to check is if you can ping your DC from the Exchange Server, and that you can ping your Exchange Server from your DC.
Third thing is to run the command “dcdiag” on the DC not showing up in Exchange:
Start - Run - CMD - dcdiag - press enter
IF all of those pass with flying colors, you can add the DC and GC manually to Exchange using the PowerShell.

PowerShell Fix Steps:

On the Exchange Server, open the Exchange Management Shell.
set-exchangeserver -identity Name_Of_Server -staticDomainControllers ‘dc.domain.com’, ‘dc2.domain.com’
set-exchangeserver -identity Name_Of_Server -staticglobalcatalogs ‘dc.domain.com’, ‘dc2.domain.com’

IMPORTANT NOTE!!!
the Name_Of_Server MUST BE the name of your server. If you named it exchange07, use that name!
the ‘dc.domain.com’ MUST BE the FQDN Fully Qualified Domain Name of your server. If the servername is exchange07, the FQDN would be something like exchange07.mydomain.local!

Then recheck in the Exchange Management Console to verify that the GC and DCs are properly imported.

If you ever need to remove the additions:
get-exchangeserver -identity Name_of_server -staticdomaincontrollers $NULL
get-exchangeserver -identity Name_of_server -staticglobalcatalogs $NULL
After roughly 15 minutes, the “real” GC and DC’s should be populating. If not, check the eventviewer!

ARP Address Security

ARP, or Address Resolution Protocol, is the primary method for your computer to talk with other network devices. Basically, your computer has an IP address (192.168.1.100) and wants to talk with your email server (192.168.1.101). Your computer will send out an ARP request for the owner of 192.168.1.101. A message will come back saying that 192.168.1.101 has a MAC address of xx-xx-xx-xx-xx-x1. That’s basically how they communicate. It obviously gets a lot more tedious when you add gateways, routers, and switches to the mix. Then add internet devices too with different masks. Oh man!

But there is a problem – broadcast addresses are always the last available IP in a subnet (in our example it’d be 192.168.1.255 with a mac address of FF:FF:FF:FF:FF:FF). Gateway addresses are always the first available IP in the subnet (once again, 192.168.1.1). If someone wanted to poison the ARP cache, they could easily point to the gateway address and spoof everyone else on the network to believe that they’re the gateway.

Computer: Hi everyone, I’m looking for the gateway
Poison: I’M THE GATEWAY!!!
Poison: I’M THE GATEWAY!!!
Computer2: Hi everyone, I’m looking…
Poison: I’M THE GATEWAY!!!
Computer2: … for the gateway
Poison: I’M THE GATEWAY!!!

You can see why the poisoning of ARP can actually work. The poison programs will flood the network with broadcasts saying I’M THE GATEWAY!!!

So, how do you protect against this? The easiest way is to push a startup script to all your machines that deletes the current ARP and puts a static route in for your gateway. The only problem with this approach is if you ever change gateways or switches – the MAC address you enter as the static ARP will no longer be valid, and the routing for internet will cease.

Windows 2000/XP/Vista:

Start -> Run -> CMD
arp -d
arp -s 192.168.1.1 00-18-00-18-00-18

-d is for delete
-s is for static
obviously put your own gateway IP address in there and MAC address. If you need to find it, you can type arp -a and locate the MAC address associated with your gateway.

Vista requires elevated privs to run the arp commands. Right click on your command prompt and that will help with many of the problems.

Vista may require the following:

netsh -c “interface ipv4”
set neighbors “Local Area Connection” “192.168.1.1” “00-18-00-18-00-18”

Then check to make sure with:

arp -a

Unable To Activate Windows

Microsoft keeps making it more difficult to pirate their software, but at a cost: it’s harder for the average user (or corporate one) to activate legitimate software. I’m not a big fan of paying for software when you can find something similar for free, but sometimes you just have to bite the bullet.

After installing Vista Enterprise X64 on a laptop and Server 2008 on a workstation, I had some issues getting Windows to activate. Something about DNS issues. Ok, I can deal with that – I change the DNS entries to use 4.2.2.2 instead of my gateway (4.2.2.2 is a main ATT backbone DNS server that you *should* always be able to access and ping). It didn’t work – same issues.

So then I started reading a bit on the Technet site. Apparently there’s two ways to fix this issue:
1.) Install a KMS server (Key Management Server)
2.) Convert your key to a MAK (Multiple Activation Key)

Since it’s infinitely easier to convert the key when I’m only running a handful of systems, I chose the second option. Here’s what to do:
Open an administrative command (run as administrator) window.
Then type this code:
slmgr -ipk xxxxx-xxxxx-xxxxx-xxxxx-xxxxx
Then a window will pop up with either a positive or negative on the key change.

Images Not Showing In Outlook 2007

We’ve had a couple people that, for whatever reason, have computers that don’t like to play along with the rest of the gang. The primary complaint is that images do not load in the email (mostly screen shots). They will, however, show up when the user attempts to Forward said email.

In 2007, click on New Email to open Word
Click that Giant ugly Microsoft Button on the top left of the window (called the “Office Button”)
Select Editor Options
Click on Advanced
Under Display Email Content, find the Show Picture Placeholders
Uncheck Show Picture Placeholders
Click OK
You may have to restart word/outlook for this setting to stick

Create or Delete a Service in Windows

Not growing up on Windows, I had no idea how to do this. So here it is for all those other people that don’t know how:

1.) Start, Run, regedit
2.) Navigate to HKLM\SYSTEM\CurrentControlSet\Services
3.) Find your service and you can remove it (Delete the whole key folder)

-OR-

if you don’t like messing with the registry (who really does?), then there’s a built-in command to remove and add services:
1.) Start, Run, cmd
2.) sc delete [service name], or sc create [service name]

Either way, you must reboot the system for the changes to take effect.