Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Endpoint Management Community Blog
Showing posts tagged with 7.x
Showing posts in English
BRING | 29 Oct 2013 | 0 comments

Recently, it was observed that when using Servicedesk, clicking on the lightning bolt to edit a user caused the error below to appear:

System.IO.FileLoadException: The located assembly's manifest definition does not match the assembly reference. (Exception from HRESULT: 0x80131040)

The full text of the error 

Error,Friday, October 25, 2013 7:20:24 PM,[global] Application 'LogicBase.Ensemble' error

[global] Client Host Information:

[global] IP: xxx.xxx.xxx.xxx

[global] HostName: xxx.xxx.xxx.xxx

[global] Browser: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; InfoPath.2; MS-RTC LM 8; .NET4.0E)

[global] -- error.ToString() --

[global] System.Web.HttpUnhandledException: Exception of type 'System.Web....

Ludovic Ferre | 09 Sep 2013 | 0 comments

After I posted my previous blog entry [1] I went to implement a solution (for which the documentation is done and awaiting moderation to be release here on Connect).

It worked pretty well, but still we have far too many basic inventory coming in. A look at captured NSE's indicated that there is another problem with inventories hijacking the Basic Inventory Capture Item:

Sample 1:

<?xml version='1.0' ?>
<message>
<from><resource guid='{ffffff-ffff-ffff-ffff-ffffffffffff}' typeGuid='{493435F7-3B17-4C4C-B07F-C23E7AB7781F}'/></from>
<to>1592B913-72F3-4c36-91D2-D4EDA21D2F96</to>
<time>20130905211027.187000-120</time>
<body><inventory><dataClass guid="ca029e6b-f124-4399-9b91-10c41b73165b"><data><resource partialUpdate="true"><row PolicyGuid="ffffff-ffff-ffff-ffff-ffffffffffff" TaskInstanceGuid=...
Ludovic Ferre | 05 Sep 2013 | 2 comments

Today is riddle day. So here it is in full:

When is a basic inventory not a basic inventory?

When it's a custom inventory!!!

So, now this explains why we are getting thousands of customer inventory every day at my customer. The custom inventories are generated by VBS and as documented here on Connect [1] (and I'm sure in much of the product documentation) we generate NSE's with a msgTo element pointing to the Basic Inventory Dataclass:

'----------------------NOTIFICATION SERVER ENTRY STARTS HERE------------------
dim nse
set nse = WScript.CreateObject ("Altiris.AeXNSEvent")
nse.To = "{1592B913-72F3-4C36-91D2-D4EDA21D2F96}" 'Never change this guid, it is needed by NS.
nse.Priority = 1
dim objDCInstance
set objDCInstance = nse.AddDataClass ("{8284a0ad-b37f-4c9b-b0ad-cb92f97d7401}") ' Change this to math the guid of the custom data class
dim objDataClass
set objDataClass...
mmurphy7 | 09 Aug 2013 | 0 comments

In the past 6 months Apple has released 2 Security Updates for their Windows versions of Quicktime and iTunes addressing 52 vulnerabilities. Both of the Apple Security Bulletins released had vulnerabilities that could be used to exploit the rights of the logged on user. Here’s a breakdown of the updates released:

Bulletins 2
Vulnerabilities 52
% of Vulnerabilities with privilege exploits 48%

Apple, unlike Microsoft and other software vendors Arellia has looked at, does not classify their Security Updates. Instead they lump many vulnerabilities into a single security update. Here’s a breakdown of the two security updates and the vulnerabilities with Privilege Exploits:

Security Update Vulnerabilities with Privilege Exploits Total Vulnerabilities
...
mmurphy7 | 09 Aug 2013 | 0 comments

In the past 6 months Adobe has released 16 Security Bulletins addressing 116 vulnerabilities. Of the 16 Adobe Security Bulletins released 81% had vulnerabilities that could be used to exploit the rights of the logged on user. However, if you don’t count the bulletins related to ColdFusion then 100% of the Security Bulletins had vulnerabilities that could be used to exploit user rights. Here’s a breakdown of the Adobe Security Bulletins:

Bulletins 16
Vulnerabilities 116
% of Bulletins with privilege exploits 81.25%
% of Vulnerabilities with privilege exploits 67.24%

Adobe classifies the bulletins as critical, important, moderate, and low. Similar to Microsoft, critical vulnerabilities can run attacker code and install software...

mmurphy7 | 09 Aug 2013 | 0 comments

In the past 6 months Mozilla has released 62 Security Bulletins addressing 88 vulnerabilities. Of the 62 Mozilla Security Bulletins released more than 1 out of every 2 bulletins had vulnerabilities that could be used to exploit the rights of the logged on user. All of the bulletins released affected Mozilla Firefox, which means that any user not keeping up to date with their Firefox browser is in imminent danger unless some privilege management software is in place. Here’s a breakdown of the Mozilla Security Bulletins:

Bulletins 62
Vulnerabilities 88
% of Bulletins with privilege exploits 55%
% of Vulnerabilities with privilege exploits 67%

Mozilla...

mmurphy7 | 09 Aug 2013 | 0 comments

In the past 6 months Microsoft has released 51 Security Bulletins addressing 121 vulnerabilities. Here’s a breakdown of the bulletins and vulnerabilities. Of the 51 Microsoft Security Bulletins released nearly 1 out of every 3 bulletins had vulnerabilities that could be used to exploit the rights of the logged on user.

Bulletins 51
Vulnerabilities 121
% of Bulletins with privilege exploits 35%
% of Vulnerabilities with privilege exploits 34%

Microsoft classifies the bulletins as critical, important, moderate, and low. Vulnerabilities of critical bulletins mean vulnerabilities can be exploited without the user knowing. Vulnerabilities of important bulletins will provide end users some warnings that the exploit is happening, but these...

mmurphy7 | 09 Aug 2013 | 0 comments

One of the most dangerous threats to IT security is abuse of privileged access. Preventing the exploitation of administrator privileges first requires knowledge of who has administrator access whether local or domain based. This is not only good practice, but also driven by many security standards.

One such security compliance standard is the Payment Card Industry Data Security Standard (PCI DSS) which outlines many security requirements to protect consumers’ credit card data. Requirement 8.5.1 states: Control addition, deletion, and modification of user IDs, credentials, and other identifier objects, which clearly identifies the need to monitor and maintain control of the administrators group.

The Center for Internet Security (CIS) releases security configuration guidelines for each Operating System. For Windows 7 section 1.8 defines User Rights and who should have access to certain system capabilities. The key to the user rights defined by CIS is which...

stebro | 26 Jun 2013 | 0 comments

Properly securing privileged accounts is a basic security tenet and often a priority for servers. Unfortunately, the same level of concern is not present for desktops in many organizations. Yet desktops\laptops often contain as much sensitive information as servers and have done so for many years.

Most desktops\laptops have information that doesn’t make it to servers yet is extremely sensitive and valuable. Think about what is on the laptops of the CEO, the HR director, the software architect, or the CFO in any given organization. Much of this information on these systems can create serious risks if compromised as any data on an organizations file or database server. Endpoint security too often focuses solely on the threat of malware and hackers, but ignores the simple threat of insecure privileged user accounts.

For Windows systems, privileged accounts are any accounts that are in the Administrators group. Often there is at least one account that is used by an...

stebro | 06 Mar 2013 | 0 comments

In previous articles, we discussed why users want administrator rights and why they need them. Now let’s explore why they shouldn’t have them. In today’s increasingly dangerous threat landscape, every organization’s security strategy should include the goal to remove administrator rights. Here are the reasons.

  1. Zero-Day Threat Protection: Arellia research has proven that running with reduced privileges can mitigate a majority of software vulnerabilities in Microsoft, Adobe, and Mozilla products. Any vulnerability has the potential to be a zero-day: meaning it is exploited before the vendor or security vendors know about it and have a chance to stop exploits with patches or antivirus \ intrusion prevention signatures. Running software with reduced privileges protects commonly software when exploited by vulnerabilities that...