|
Sharing Security Developments, and Best Practices for corporate and home users
November 2005 - Posts
-
-
-
-
-
 FBI Warning on Sober.X Virus
QUOTE: Washington, D.C. - The FBI is warning the public to avoid falling victim to an on-going mass e-mail scheme wherein computer users received unsolicited e-mails purportedly sent by the FBI. These scam e-mails tell the recipients that their Internet use has been monitored by the FBI and that they have accessed illegal web sites. The e-mails then direct recipients to open an attachment and answer questions.
More links for Sober.X information 
|
-
 CHARACTERISTICS OF A ROOTKIT:
1. A rootkit subsitutes malicious code in place of legitimate Operating System routines. It does so in a highly stealth-like manner by turning off certain security routines.
2. They are difficult to detect. Anti-virus (AV) software must be programmed in a special complex way to even detect this software. AV products can't interogate protected operating system files as well as they can other files.
3. Rootkits are difficult to clean as they ingranulate deeply within the Registry and system files. Unless you have a proven rootkit cleaning tool, you should rebuild the PC completely from the ground up, so that there are assurances that all rootkit components are gone.
| Quote: |
| The Sony BMG copy protection debacle has pulled "rootkit" out of the hacker underground and into the wider world of regular computer users. But while those PC owners may now recognize the term, that doesn't necessarily mean they know what kind of threat it describes. And in the Sony case, not even the experts can agree on whether the record label's antipiracy technology meets the technical definition of a rootkit |
CNET Article: What makes a rootkit?
|
-
-
 Opera 8.51 has been released to address critical security issues. I use this as a complementary browser in addition to IE 6 (XP SP2) and the Mozilla Deerpark beta (Firefox 1.5 RC3). After a couple of days of testing, this new version is working well on my work and home PCs. All Opera users should move to the latest version to ensure they enjoy the best protection possible.
 Opera 8.51 for Windows is available for download.
Changes since 8.50
User interface
Added Answers.com search option, with 'a' as keyword to search from address field. The version number of search.ini has not been increased; the change will only be visible in fresh installs.
Security and plug-ins
- Macromedia Flash version shipped with Opera is now 7r61. Addresses issue reported in Secunia Advisory 17437.
- Solved severe stability issue when using the Acrobat Reader 7.0.5 plug-in.
Miscellaneous
- Fixed multiple stability issues.
FrSIRT Critical Advisory Information - Key Security Changes
http://www.frsirt.com/english/advisories/2005/2519
Multiple vulnerabilities were identified in Opera, which could be exploited by attackers to execute arbitrary commands.
The first issue is due to a memory corruption error in Macromedia Flash Player, a third party application redistributed with Opera, which could be exploited by remote attackers to compromise a vulnerable system by convincing a user to visit a specially crafted Web page or open a malicious Flash file. For additional information, see : FrSIRT/ADV-2005-2317
The second vulnerability is due to an error where the shell script used in Unix / Linux based environments to launch Opera parses shell commands enclosed within backticks in the URL provided via the command line, which could be exploited by remote attackers to compromise a vulnerable system by convincing a user to follow a malicious link in an external program (e.g. Thunderbird or Evolution). This issue is similar to FrSIRT/ADV-2005-1794 
|
-
 The link below shares a press release of the Sober.Y which continues to generate large quantities of infected email messages.
MessageLabs Stops Over 2.7 million Copies of New Sober Virus That
Spoofs FBI and CIA
November 22, 2005 - 17:00 GMT/ 12:00 ET - MessageLabs has intercepted
over 2.7-million copies of a new Sober virus, many of which are being
spoofed to appear as though they are sent from the FBI or the CIA.
The first copy was stopped at 19:00 GMT on 21st November. The size of
the attack indicates that this is a major offensive, certainly one of
the largest in the last few months.
Email Overview
These emails suggest to recipients that their Internet use has been
monitored by the FBI or CIA and that they have accessed illegal Web
sites. The email directs users to open the ZIP attachment containing
the executable, which once opened delivers the Sober virus payload.
It then spreads by searching the infected computer for other email
addresses to send copies of itself to, but ignoring any domains for
certain security organizations, including MessageLabs.
My IT Forums: More information on Sober.Y 
|
-
 Microsoft is addressing this new security exposure which has recently emerged as a new zero day proof-of-concept exploit. They offer workarounds and technical information on the exposures in the link below:
Microsoft Security Advisory (911302) - New IE vulnerability with temporary Workarounds
QUOTE: This issue was originally publicly reported in May as being a stability issue that caused the browser to close. Since then, new information has been posted that indicates remote code execution could be possible. Microsoft is concerned that this new report of a vulnerability in Internet Explorer was not disclosed responsibly, potentially putting computer users at risk. We continue to encourage responsible disclosure of vulnerabilities. We believe the commonly accepted practice of reporting vulnerabilities directly to a vendor serves everyone's best interests. This practice helps to ensure that customers receive comprehensive, high-quality updates for security vulnerabilities without exposure to malicious attackers while the update is being developed.
More information and links can be found for a new zero day proof-of-concept exploit that has been published by selecting this link:
Internet Storm Center moves to Yellow Alert Status on zero day IE exploit 
|
-
-
-
A new proof-of-concept (POC) exploit has been published for a critical unpatched IE vulernability. Please be careful of any websites you visit and so far there are no reports of the POC being found in the wild
New Zero Day Internet Explorer Remote Code Execution Exploit
http://www.frsirt.com/english/advisories/2005/2509
http://www.frsirt.com/exploits/20051121.IEWindow0day.php
http://secunia.com/advisories/15546/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1790
QUOTE: A critical vulnerability has been identified in Microsoft Internet Explorer, which could be exploited by remote attackers to execute arbitrary commands. This flaw is due to a memory corruption error when processing malformed HTML pages containing specially crafted calls to the JavaScript "window()" object and the "body onload" tag, which could be exploited remote attackers to take complete control of an affected system by convincing a user to visit a malicious Web page.
This vulnerability has been confirmed on Windows XP SP2 with Internet Explorer 6 (fully patched)
|
-
-
 One of my friends in the security field shared an excellent summary of the failed attempt by Sony BMG to better protect their music from Copyright violations. As an ethical individual, I respect the intellectual property rights of those in the music industry. The approach Sony used created harm and potential security issues for innocent loyal customers, who purchased their CDs in good faith.
The rootkit may have appeared to be a good technical solution on the drawing board for better protecting digital rights. However, they didn't exercise risk management and plan well for things that could go wrong, including opening up the customer's PC to emerging security risks based on new malware that takes advantage of the rootkit architecture.
The following provides an update for this issue with several related links:
QUOTE: Sony/BMG has just recalled 52 music CDs, all of which came with software which will install "rootkit" spyware programs on your Windows computer. If you have any of these CDs and have played them on your Windows PCs, your computers may be infected with some truly nasty software. This problem does NOT affect Macs or Linux computers and may not have affected you if you run a secure Windows setup. More than 500,000 computers are known to be infected worldwide.
List of 52 infected Sony CDs being recalled
http://cp.sonybmg.com/xcp/english/titles.html
More on Sony's recall notice to replace these CDs at no charge to the owner
The Sony/BMG website has an uninstall program that is supposed to clean up the infection. HOWEVER, as of today, their uninstall program leaves your computer MORE VULNERABLE than before! Check with your anti-virus vendor to see if your AV can clean up this problem.
Microsoft is upgrading their Malicious Software Removal Tool, which is updated once a month. It will soon be updated to remove the XCP modifications that Sony/BMG put on your computer, but it's not available currently. More information can be found at these sites:
Sony BMG's copy-protection problems grow
http://securityfocus.com/news/11357
Mark's Sysinternals Blog Victory!
http://www.sysinternals.com/blog/2005/11/victory.html
Sony's DRM Rootkit: The Real Story
http://www.schneier.com/blog/archives/2005/11/sonys_drm_rootk.html
Secunia Advisory
http://secunia.com/advisories/17408/
US CERT Advisory
http://www.us-cert.gov/current/current_activity.html#xcpdrm
http://www.kb.cert.org/vuls/id/312073
Security issues may surface using Sony's XCP uninstall tools
http://secunia.com/advisories/17610/
http://www.frsirt.com/english/advisories/2005/2454
http://www.freedom-to-tinker.com/?p=927
Security issues may surface using Sony's uninstall for SunnComm MediaMax (another DRM)
http://secunia.com/advisories/17639/
http://www.frsirt.com/english/advisories/2005/2493
http://www.freedom-to-tinker.com/?p=931
Rootkits could mean a complete rebuild for your PC
http://insight.zdnet.co.uk/0,39020415,39237277-4,00.htm
QUOTE: How do we remove rootkits? -- There is only one guaranteed way to remove a rootkit. You destroy the system and then rebuild it. There is no other way to reliable remove a rootkit — no other way whatsoever. You can't delete the file or even reinstall the operating system over the top of the existing OS — which is a horrible practice anyway. It is super important to nuke the system because a rootkit's primary function is stealth — what is it hiding? Do you know? Usually not. How can you reliably know what it was hiding, what it was compromising or what it was removing?
Key Advice for now: Please do not play CDs using your PC until this issue is fully addressed (or if you do play CDs not on the list, still be vigilant and cautious). It could require rebuilding your PC.
Ideas for Infected Users: If you are currently infected with the XCP software, some standalone tools and removers are available. Do not try to remove this manually unless you have complete directions and you are highly skilled as a computer technician. Your CD-ROM or PC may no longer work properly if you fail to remove the rootkit properly. I believe further “help is on the way“ and infected users might be better served to wait a little while longer until better tools are published.
|
-
-
 This new risk is rated as “Moderately Critical” and it is can impact system performance. So far there are no published exploits in-the-wild on this newly discovered vulnerability that Microsoft will most likely patch soon.
Microsoft - New unpatched RPC memory allocation vulnerability
http://www.frsirt.com/english/advisories/2005/2468
Microsoft RPC memory allocation POC Exploit
note - actual POC code is published here - please be careful
http://www.frsirt.com/exploits/20051117.Win_upnp_getdevicelist.c.php
Microsoft Security Advisory (911052)
http://www.microsoft.com/technet/security/advisory/911052.mspx
Technical Description: A vulnerability has been identified in Microsoft Windows, which could be exploited by remote attackers to cause a denial of service. This flaw is due to a memory allocation error when processing specially crafted RPC (Remote procedure call) requests, which could be exploited by attackers to crash a vulnerable system or cause the "services.exe" process to consume a large amount of system resources.
Affected Products
Microsoft Windows 2000 Service Pack 4
Microsoft Windows 2000 Service Pack 3
Microsoft Windows 2000 Service Pack 2
Microsoft Windows 2000 Service Pack 1
Microsoft Windows 2000
Microsoft Windows XP Service Pack 1 (for Windows XP Service Pack 1 an attacker must have valid logon credentials to exploit this vulnerability).
Solution: FrSIRT is not aware of any official supplied patch for this issue.
Status: Microsoft is not aware of active attacks that use this vulnerability or of customer impact at this time.
|
-
A new version of the Sdbot Internet worm is circulating in the wild and it can install a rootkit.
W32/Sdbot.worm.gen.w64512
http://vil.nai.com/vil/content/v_136981.htm
http://secunia.com/virus_information/23740/
This worm bears the following characteristics:
* Propagates to machines with poorly secured network shares (weak username & password combinations) or accessible share (where local credentials are sufficient to write files to other systems)
* Propagates to MySQL and Microsoft SQL servers that are poorly secured (again weak username/password combinations)
* Propagates to remote machines by attempting to copy itself to a number of shares
* provides a backdoor to the victim machine, thereby compromising data on that machine (significant remote access functionality is available to the hacker)
* The worm appears to be Windows XP Service Pack 2 aware and makes several references to security features within the new Windows Security Center
* Drops a Rootkit on the comprised system (Detected as FUROOTKIT by current DATS).
It uses the following Exploits to propogate across vulnerable networks:
- MS04-007
- MS04-011
- MS05-039
|
-
-
There are now at least a half dozen new Sober variants that are circulating in the wild. F-Secure has declared medium risk on some of these. I'm getting some in my personal email, so it's out there. 
2005.11.15 Sober.T
2005.11.15 Sober.U
2005.11.15 Sober.V
2005.11.15 Sober.W
2005.11.15 Sober.X
2005.11.16 Sober.Z
EMAIL EXAMPLE:
Subject: Your eMail Password
Body: Thanks for your registration! Your registration will not be complete until you re-confirm it. Please read the following agreement. If you accept it, click the Accept to complete
your registration!
Attachment: Accept_e-Text.zip
|
-
All Sober variants should be carefully watched. This new version is similar to past attacks and uses ZIP based attachments.
http://secunia.com/virus_information/23645/sober.t/
The Sober.T worm was found on November 14th, 2005. This Sober variant is similar to the previous ones - it sends itself as an attachment in e-mail messages with English or German texts. Sober.T worm sends e-mail messages with English and German texts and its file attached. The attachment is a ZIP archive containing the worm's executable.
|
-
-
 SUMMARY: When a PC's security, performance, and reliability are affected by a malware infection, damages can be so severe that rebuilding the PC is the only option. The need to reload the Operating system is usually based on the comfort level in cleaning malware infections. The most important factor is a proven removal tool which will provide assurances that all traces of the infection are gone.
REASONS TO CLEAN ONLY (AND NOT REBUILD)
As I've been actively helping folks clean malware for almost ten years now, you can do remove most malware infections reliabily if you have good cleaning tools.
Most AV, spyware, and standalone cleaners not only remove the main malware driver routines, but they also clean up the associated registry entries and other Windows configuration settings allowing the PC to return to normal operations. If the malware infection is common, there should be good cleaning tools, so that it can be removed as safely.
As an example, I have rarely seen the need to rebuild infected corporate PCs. One of my friends who is a lead technician, mentioned that only two out of hundreds cleaned in the past couple of years required a rebuild.
While corporate systems can be re-imaged quickly to base settings, it still takes some work to copy settings, My Documents, Favorites, etc., across for the user. The user also looses time in readjusting to the newly built system. They almost always loose some items plus they may be less productive for a few days.
On a home PC, a rebuild could be an even greater impact. The user needs to reload the operating system, the latest service packs, activate and register XP, and reinstall from backups. They must then install all Windows updates, plus perform security updates for every product they have on the system. There is also usually a loss of some items in this process.
REASONS TO REBUILD
Still, if someone is infected with a leading edge rootkit, virus, or advanced spyware infection, there may not be cleaning tools available. Thus, a rebuild might be in order to ensure this highly serepticious malware still isn't "phoning home" constantly.
Manually finding and repairing all the rootkit entries by hand could be risky and may not get everything as it should. As an example, about a year ago, I tried to manually remove (with REGEDIT) a new leading edge strain of spyware that was generating popups galore on a friend's PC. Things worked great, until my friend rebooted and I soon learned that this advanced spyware product was dynamically creating registry entries on the fly.
Another key factor in the need to rebuild is multiple malware infections. When there is more than one infection present, the PC environment remain be unstable even after cleaning. This is because the cleaning tools can remove the malware, but it cannot fix permanent damages to the Windows registry or key system files. In these cases, you have not choice but to rebuild.
TEN THINGS TO DO AFTER YOU RECOVER FROM A MALWARE INFECTION
1. Stay up-to-date to date with Windows security (2nd Tuesday of month)
2. Stay up-to-date on all security patches for all other products (e.g., Office, Visual Studio, Firefox, Opera, Macromedia Flash, Real Player, Winamp, etc)
3. Use a good bi-directional firewall
4. Use a good anti-virus product
5. Use an anti-spyware product
6. Change your passwords (esp. if you had a backdoor, rootkit, keylogger, etc)
7. Use best practices - think before you click and think of all email attachments and links as being possibly dangerous -- even if they come from a trusted source.
8. Run routine weekly scans for your system
9. Backup anything you don't want to loose to DVD-R, CD-R, or FlashRAM sticks
10. Keep up with breaking news for emerging security risks
ADDITIONAL RESOURCES
How to remove a difficult virus
Spyware & Adware removal tips
|
-
 One critical update for Windows for issued by Microsoft during November 2005. The MS05-053 security update fixes vulnerabilites associated with heap overflow errors when malformed Windows Metafile (WMF) and Enhanced Metafile (EMF) images are processed. All Windows systems should be patched expediently as reverse engineering and the development of exploits are likely.
Microsoft Security Bulletin MS05-053: Vulnerabilities in Graphics Rendering Engine Could Allow Code Execution (896424)
PATCHES THESE THREE VULNERABILITES
Graphics Rendering Engine - CAN-2005-2123: A remote code execution vulnerability exists in the rendering of Windows Metafile (WMF) and Enhanced Metafile (EMF) image formats that could allow remote code execution on an affected system. Any program that renders WMF or EMF images on the affected systems could be vulnerable to this attack. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
Windows Metafile Vulnerability - CAN-2005-2124: A remote code execution vulnerability exists in the rendering of Windows Metafile (WMF) image format that could allow remote code execution on an affected system. Any program that renders WMF images on the affected systems could be vulnerable to this attack. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
Enhanced Metafile Vulnerability - CAN-2005-0803: A denial of service vulnerability exists in the rendering of Enhanced Metafile (EMF) image format that could allow any program that renders EMF images to be vulnerable to attack. An attacker who successfully exploited this vulnerability could cause the affected programs to stop responding.
AFFECTED PRODUCTS
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 200
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition
OTHER REFERENCES
Microsoft Windows WMF/EMF File Handling Vulnerabilities
http://www.frsirt.com/english/advisories/2005/2348
MS05-053 - More Graphic Rendering Buffer Overflow Vulnerabilities
http://isc.sans.org/diary.php?storyid=831
WINDOWS UPDATE LINK
http://www.microsoft.com/windowsupdate
|
-
 Microsoft has launched a new online version of their full anti-virus scanner that can be used to double check other installed products. This new facility also provides disk cleanup and defragmentation controls from an easy to use menu approach. This is a beta product, so use it carefully. So far in early testing, it has worked accurately for me.
Microsoft launches Windows Live Safety Center beta
Windows Live Safety Center is a new, free service designed to help ensure the health of your PC.
* Check for and remove viruses
* Learn about threats
* Improve your PC's performance
* Get rid of junk on your hard disk
Use the full service scan to check everything, or turn to the scanners and information in the service centers to meet your specific needs.
Windows Live Download Site - Links for SP2, MSAS, etc
|
-
This article was published by Security Focus and provides a good description of this threat and how it works in detail.
Article: Windows Rootkits an in-depth analysis by SecurityFocus
In 2005, the bar has been raised in the arena of malicious software. This has never before been more evident than in the recent deployments of Windows rootkit technology within some of the latest viruses, worms, spyware, adware, and more. It has become increasingly important to understand what this threat is and what can be done to detect malicious use.
|
-
Sharing planning info for the standard 2nd Tuesday of the month updates from Microsoft
| Quote: |
On 8 November 2005 Microsoft is planning to release:
Security Updates
•1 Microsoft Security Bulletin affecting Microsoft Windows. The highest Maximum Severity rating for this is Critical. These updates will require a restart. These updates will be detectable using the Microsoft Baseline Security Analyzer (MBSA).
Microsoft Windows Malicious Software Removal Tool
•Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services and the Download Center.
Note that this tool will NOT be distributed using Software Update Services (SUS).
Non-security High Priority updates on MU, WU, WSUS and SUS:
•Microsoft will release two NON-SECURITY High-Priority Updates on Microsoft Update (MU), and Windows Server Update Services (WSUS).
•Microsoft will release one NON-SECURITY High-Priority Updates on Windows Update (WU), and Software Update Services (SUS). |
|
-
 A new Linux based Internet worm is starting to spread. More information is noted below
Lupper Internet Worm - Key Links
http://vil.nai.com/vil/content/v_136821.htm
http://secunia.com/virus_information/23339/
This worm spreads by exploiting web servers hosting vulnerable PHP/CGI scripts. It is a modified derivative of the Linux/Slapper and BSD/Scalper worms from which it inherits the propagation strategy. It scans an entire class B subnet created by randomly choosing the first byte from an hard-coded list of A classes and randomly generating the second byte.
The worm blindly attacks web servers by sending malicious http requests on port 80. If the target server is running one of the vulnerable scripts at specific URLs and is configured to permit external shell commands and remote file download in the PHP/CGI environment, a copy of the worm could be downloaded and executed.
Like its precedents, the infected computers form a global network of compromised servers based on peer to peer communication principles. This network can be used, for example, for Distributed Denial of Service (DDoS) attacks or other purposes because it can accept remote commands. It is also capable of harvesting email addresses stored in files on the web server.
Symptoms
Presence of the following file: /tmp/lupii
Ports Used: UDP 7111, UDP 7222
Sends HTTP requests to the URLs it generates, and attempts to spread by exploiting the following Web server-related vulnerabilities:
- The XML-RPC for PHP Remote Code Injection vulnerability (as described in Bugtraq ID 14088)
- The AWStats Rawlog Plugin Logfile Parameter Input Validation Vulnerability (as described in Bugtraq ID 10950)
- The Darryl Burgdorf Webhints Remote Command Execution Vulnerability (as described in Bugtraq ID 13930)
|
-
 Macromedia has performed a security update for it's Flash Player to improve security, including a critical vulnerability that can be exploited by visiting a malicious web page or a specially crafted email attachment. Everyone using this software should update as quickly as possible.
Macromedia Flash Player Remote Command Execution Vulnerability
Advisory ID : FrSIRT/ADV-2005-2317
CVE ID : CVE-2005-2628
Rated as : Critical
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2005-11-05
Technical Description: A critical vulnerability has been identified in Macromedia Flash Player, which may be exploited by remote attackers to execute arbitrary commands. This issue is due to a memory corruption error in "Flash.ocx" when using frame type identifiers read from malformed SWF files as indexes of certain arrays, which could be exploited by remote attackers to compromise a vulnerable system by convincing a user to visit a specially crafted HTML Web page or open a malicious Flash file.
Affected Products: Macromedia Flash Player 7.0.19.0 and prior
Solution: Upgrade to Flash Player 8 version 8.0.22.0 or Flash Player 7 versions 7.0.60.0 or 7.0.61.0 :
Download site for latest Flash Player versions
More information at Macromedia
Test your Flash Player with this link
|
-
 Microsoft offers much improved security in XP SP2 for Internet Explorer and applying the latest tightening of controls can break some applications and web pages that may not be following the best practices. This manual regedit based fix can help resolve these issues.
KEY LINK
A Web page that contains a custom ActiveX control may not load as expected in Internet Explorer due to defense in depth changes introduced in cumulative security update 896688 (MS05-052)
SYMPTOMS
After you install cumulative security update 896688, a Web page that contains an ActiveX control does not load as expected in the products that are listed in the "Applies to" section. You may also receive an error message that is similar to the following when you try to open Add/Remove Programs in Control Panel:
Object doesn't support this property or method
RESOLUTION
To resolve this issue, add the required subkeys to the registry. To do this, follow these steps:
1. Click Start, click Run, type Notepad.exe, and then click OK.
2. Paste the following text in the Notepad document:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{0000031A-0000-0000-C000-000000000046}]
@="ClassMoniker"
[HKEY_CLASSES_ROOT\CLSID\{0000031A-0000-0000-C000-000000000046}\InprocServer32]
@="ole32.dll"
[HKEY_CLASSES_ROOT\CLSID\{0000031A-0000-0000-C000-000000000046}\ProgID]
@="clsid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\CLSID]
@="{0000031A-0000-0000-C000-000000000046}"
3. Click File, and then click Save.
4. In the Save in box, click Desktop.
5. In the File name box, type KB909889.reg.
6. In the Save as type box, click All Files, and then click Save.
7. Click File, and then click Exit.
8. On the desktop, double-click KB909889.reg, and then click Yes to add the information to the registry.
9. Click OK to confirm that the information in the KB909889.reg file has been added to the registry.
10. Restart the computer.
Important: This article contains information that shows you how to help lower security settings or how to turn off security features on a computer. You can make these changes to work around a specific problem. Before you make these changes, we recommend that you evaluate the risks that are associated with implementing this workaround in your particular environment. If you implement this workaround, take any appropriate additional steps to help protect your system.
|
More Posts Next page »
|
|
|