OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: Security settings to disable IE 5.5/Outlook security vulnerab ility - com.ms.activeX.ActiveXComponent
From: Kevin Bohacz (kbCPROMPTGURU.COM)
Date: Thu Oct 05 2000 - 09:56:31 CDT

In the the "Georgi Guninski security advisory #23, 2000," the solution
is not viable for most Internet users. The recommendation of disabling
all "active content Java/JavaScript/ActiveX." would render many web
sites and native programs non-functional.

A huge number of web sites use Java & JavaScript for i-commerce, page
rendering, information retrieval, etc. Disabling all active content
would disable most of the interactive functionality of these Internet
sites. Disabling all active content would also disable the operation of
native programs that use the I.E. API/Interface such as Intuit's
QuickBooks 2000.

The typical I.E. setup recommendations given out to C Prompt's clients
would prevent this attack (recommendation listed below). Disabling the
security option: "Script Active-X controls marked safe for Scripting"
will prevent the coms.ms.activeXComponent attack from succeeding i.e.
disables: http://www.guninski.com/javaea1.html
<http://www.guninski.com/javaea1.html> and
http://www.guninski.com/javaea2.html
<http://www.guninski.com/javaea2.html> .

>>>>>> C PROMPT RECOMMENDATIONS <<<<<<<

It is recommended to all C Prompt client's that they customize the
security settings in Microsoft Internet Explorer.
To customize security settings you need to open the following dialog in
Microsoft Internet Explorer (I.E.):

(a) Open the "Internet Options" menu found under View or Tools, then
select the Security tab.
(b) For the "Internet Zone" press the custom Level (or Settings) button
and change your settings to match those listed below.

**Many security settings are not listed below. If a option is not listed
then its setting should not be changed.

SECURITY OPTION SETTINGS:

1. Active Controls & Plug-ins
    a. Download signed Active-X controls = PROMPT
    b. Download unsigned Active-X control = DISABLE
    c. Initialize and script Active-X controls not marked as safe =
DISABLE
    d. Run Active-X controls and plug-ins = PROMPT
    e. Script Active-X controls marked safe for Scripting = DISABLE

2. Java
    a. Java Permission = Medium or High Safety

3. Miscellaneous
    a. Access data source across domains = DISABLE
    b. Launching programs and files in an IFRAME = PROMPT

4. Scripting
    a. Active Scripting = ENABLED
    b. Allow paste operations via script = ENABLED
    c. Scripting of Java Applets = ENABLED

Kevin Bohacz
----------------
C Prompt
10723 Preston Rd. #153
Dallas, TX. 75230
214 750-1478
http://www.cpromptguru.com <http://www.cpromptguru.com/>

(C) Copyright 2000 KJB Software Development Inc. d/b/a C Prompt. All
Rights Reserved.

  • application/x-pkcs7-signature attachment: smime.p7s

_____________________________________________________________________
** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
SEND ALL COMMANDS TO: listservlistserv.ntsecurity.net