Bugtraq mailing list archives
Re: First vulnerabilities in the SP2 - XP ?...
From: Robert Decker <rdecker () esbsystems com>
Date: Wed, 18 Aug 2004 23:57:53 -0400
As a work around to the issue - although not to easy to configure for the home user,
I would think if you have users who are ignorant, gullable, or just plain stupid - a windows sysadmin might consider a GPO in AD with one or more of the following policies:
User Configuration --> Administrative Templates --> System --> Prevent Access to Command Prompt
User Configuration --> Administrative Templates --> System --> Run Only Allowed Windows Applications
User Configuration --> Administrative Templates --> System --> Don't Run Specified Windows Applications
Another huge advantage would be the proper implementation of the following in an AD GPO:
Configure some Software Restriction Policies in User Configuration --> Windows Settings --> Security Settings --> Software Restrictions
and if possible, couple it with certificates. (although, i'm not too familiar with this one)
Computer Configuration --> Windows Settings --> Security Settings --> Local Policies --> Security Options --> System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies
Current thread:
- First vulnerabilities in the SP2 - XP ?... Jérôme (Aug 16)
- Re: First vulnerabilities in the SP2 - XP ?... Colin Alston (Aug 17)
- Re: First vulnerabilities in the SP2 - XP ?... Oliver Schneider (Aug 17)
- RE: First vulnerabilities in the SP2 - XP ?... Larry Seltzer (Aug 19)
- Re: First vulnerabilities in the SP2 - XP ?... Radoslav Dejanović (Aug 18)
- Re: First vulnerabilities in the SP2 - XP ?... Robert Decker (Aug 19)
- <Possible follow-ups>
- RE: First vulnerabilities in the SP2 - XP ?... Thor Larholm (Aug 19)
- Re: First vulnerabilities in the SP2 - XP ?... Matthew Roberts (Aug 20)
- RE: First vulnerabilities in the SP2 - XP ?... Larry Seltzer (Aug 23)