LUA Buglight 2.3, with support for Windows 8.1 and Windows 10

LUA Buglight is a utility for identifying admin-permissions issues (a.k.a., “LUA bugs“) in desktop applications. That is, it identifies the specific reasons that a particular application works only when run with administrative rights. Version 2.3 is attached to this blog post and adds support for Windows 8.1, Windows Server 2012 R2, and Windows 10. It has…

12

Local Administrator Password Solution, at Ignite

Last Friday, Microsoft announced the release of the Local Administrator Password Solution, which solves the problem of having an identical local account and password on large numbers of domain-joined computers. I’ll be discussing and showing LAPS this Thursday, May 7, at the Microsoft Ignite conference, as part of a session I’m sharing with Mark Simos…

15

It rather involved being on the other side of this airtight hatchway: Unquoted service paths

Or, Why most “Unquoted Service Paths” findings are unnecessarily alarmist In late 2012, the issue of improper quoting in the configuration of paths to service executables seemed to begin getting attention again, possibly due to this article. Or perhaps this one. Or maybe this one, which links to articles describing similar issues going back to…

12

Security baselines for Windows 8.1, Windows Server 2012 R2 and Internet Explorer 11 – FINAL

Microsoft has published its security guidance and baselines for Windows 8.1, Windows Server 2012 R2 and Internet Explorer 11.  If you have been reluctant to evaluate or deploy these technologies in the absence of specific USGCB guidance, NIST essentially says, “Use the vendor’s guidance.”  Here is the vendor’s guidance.  Please see these three new blog…

0

Sysinternals at TechEd US 2014: LIVE

Sorry for the late notice, but I just saw this: Sysinternals Primer: TechEd 2014 Edition will be airing live on Channel 9 starting at 5pm Central Daylight Time today.  (That’s in just over 4 hours from now as I write this.) Not sure about the link – try either https://channel9.msdn.com/Events or https://channel9.msdn.com/Events/TechEd/NorthAmerica/2014/DCIM-B340 [Update 5 September 2014: …

8

Sysinternals at TechEd US 2014

I’ll be presenting “TWC: Sysinternals Primer: TechEd 2014 Edition” in Houston, Tuesday, May 13, 2014, 5:00pm-6:15pm US Central Time.  Lots of cool stuff, including the “App Install Recorder” (I will post the scripts on this blog); great new features that Mark Russinovich has added to AccessChk, SigCheck, Process Explorer, and how you can use them proactively to…

2

Security baselines for Windows 8.1, Windows Server 2012 R2 and Internet Explorer 11

Although the US Government has not published a US Government Configuration Baseline (USGCB) standard for Windows 8 or Windows 8.1, Microsoft has just published a beta release of Microsoft security guidance for Windows 8.1, Windows Server 2012 R2 and Internet Explorer 11.  It includes documentation, GPOs, and scripts for installing the recommended settings to local group…

0

Sysinternals – and Pass the Hash – at TechEd next week.

There are five talks highlighting the Sysinternals utilities at TechEd North America next week in New Orleans.  They all happen to be on Thursday, June 6.  Click the session titles for more information.  The videos should be on Channel 9 within 24 hours of the talks. Hardcore Debugging Andrew RichardsJune 6, 2013 from 10:15AM to…

1

Mitigating "Pass the Hash"…

Microsoft’s Trustworthy Computing (TWC) has just published a whitepaper, Mitigating Pass-the-Hash (PtH) Attacks and Other Credential Theft Techniques, of which I am a co-author.  It discusses PtH attacks against Windows operating systems, how the attack is performed, and recommends mitigations for PtH attacks and similar credential theft attacks.  You can download it from the link…

0