Once again, Microsoft is bowing to pressure from businesses rather than thinking of possible security ramifications of the features they add to Windows Vista. This time Windows Vista gets an ActiveX installer service so that the controls can be installed on client workstations regardless of the permissions of the user logged in.
The new feature, called ActiveX Installer Service, will be fitted into the next public release of Vista to provide a way for enterprises to cope with the UAC (User Account Control) security mechanism.
UAC, formerly known as LUA (Limited User Account), is enabled by default in Vista to separate Standard User privileges from those that require admin rights to harden the operating system against malware and malicious hacker attacks.
However, because UAC will block the installation of ActiveX controls on Standard User systems, enterprise applications that use the technology will encounter breakages. ActiveX controls are objects used to enhance a user’s interaction with an application.
This sounds like an exploit that many will be salivating to take control of. While it remains to be seen just how vulnerable this “feature” is, the base description certainly leaves a lot to be desired. How long before a privilege escalation exploit is released?
If you have ever forgotten your Windows administrator password then you probably panicked, and ultimately ended up wiping your hard drive and performing a clean install of Windows. I bet you did not know that was completely unnecessary, as there is a pretty simple method for resetting an administrator password on just about every version of Windows.
ERD is an excellent multi purpose product, but you should know it is not a necessary one if you have a healthy system and your sole problem is the inability to logon to Windows due to a forgotten password. Not necessary because you can easily change or wipe out your Administrator password for free during a Windows XP Repair. Here’s how with a step-by-step description of the initial Repair process included for newbie’s.
The main reason I bring this up is because it is an attack vector on to a workstation and, ultimately, network. If the system administrators have not properly locked down a computer then the chances that this simple “attack” succeeds is fairly significant.
If you have ever been concerned with catching a virus, or having your computer exploited, after completing a fresh install of Windows XP then this guide by the SANS Institute is exactly what you need. Windows XP: Surviving the First Day is written for the average computer user, in order to ensure that they are able to successfully complete an installation of Windows XP without fear of getting 0wned, so to speak.
This is probably one of the best written, well laid out articles on this very subject. Whether you are in to computer security or not, this is a guide that should be followed by all.