OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: dumbwabbit (dumbwabbityahoo.com)
Date: Mon Jan 07 2002 - 10:19:12 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    The patch information that Internet Explorer displays
    in website logfiles may be safely modified to not
    reflect current patches applied to the client browser.
    The relevant registry key/location is as follows
    (wrapped for readability):
    Hive:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CurrentVersion\
    Internet Settings\User Agent\Post Platform
    String Value: T312461
    Data: "" (empty)

    If you modify the NAME of the string value "T312461"
    to something else like "CanYouGuessMyIEVersion" then
    that text is what will show up in the webserver's
    logfiles, under the UserAgent field.
    I have NOT tested this for length of the value, but I
    have successfully modified and even deleted this value
    - all without any apparent or noticeable loss of
    functionality on the part of IE. Additionally, after
    deleting this value, running both Windows Update and
    HFNETCHK.exe still show the machine as fully patched.

    Platforms tested on:
    Win2k Pro SP2
    IE 6.0.2600.0000 fully patched.

    Win2k Pro SP2
    IE 5.5 SP2 fully patched

    I imagine the key/values will be the same on 98, Me,
    NT4, XP, but have not verified this.

    I found this by searching my Registry for "T312461",
    finding it in this location, modifying first the value
    (no change) and then the name of the key. You MUST
    restart IE for this to take effect.

    Additionally, I have discovered that you can create
    multiple values here, and have them ALL show up in the
    webserver's logfiles if you wish.

    Extracts from my webserver logfiles before and after
    modifying the registry entries above:

    Before:
    HTTP/1.0
    Mozilla/4.0+(compatible;+MSIE+5.5;+Windows+NT+5.0;+T312461)

    After (I have modified the T312461 value to
    "ThisWas-T312461" and ADDED a value named
    "MSBrowserHere" - type: String, value: ""):
    HTTP/1.0
    Mozilla/4.0+(compatible;+MSIE+5.5;+Windows+NT+5.0;+MSBrowserHere;+ThisWas-T312461)

    I also question the value and wisdom in such an
    implementation by Microsoft... thoughts anyone?

    __________________________________________________
    Do You Yahoo!?
    Send FREE video emails in Yahoo! Mail!
    http://promo.yahoo.com/videomail/