Saw this today…. “Error while aging folder “Inbox” in store “Personal Folders”. File access is
denied. You do not have the permission required to access the file
C:\WINDOWS\Application Data\Microsoft\Outlook\archive.pst.”
It was on an older Outlook 98/Windows 98 system, but it was something that might be applicable to others as well.
Basically, this system has two different profiles, both of which are password protected.
Well, in the article the other day about the Windows wireless problem/(feature that could be exploitable?) there was a mention that the default behaviour for Windows would be changed with the next service pack, for XP users that’s SP3. So, when can we expec this? It seems that service pack three for Windows XP probably won’t be publicly available until the second half of 2007.
This sounds like a serious vulnerability. The SecurityFix is reporting on a very serious vulnerability in AOL.
The problem affects AOL version 8.0, AOL version 8.0+, and AOL version 9.0 Classic.
The vulnerability could allow a remote attacker to take control of a users PC. Basically, all that would be needed is for the AOL user to visit a specially crafted web page.
It seems the WMF patch that was recently released for Windows 2000 and XP (and 2003) has been ported to Microsoft Windows Vista Beta…. This makes it the first security patch for Vista. eweek has an article on the issue. So, if you’re beta testing Vista, get it updated ASAP. Hopefully though, if you’re beta-testing it’s not a production machine and no great loss if you get infested with beaucoup spyware….
There’s another patch for those Win98 users that are nervous about the WMF vulnerability that was announced at the tail end of the year. This site has made the patched version of gdi32.dll available to any and all. Their patch is open source. They basically say “it works for them…” no warranties. Steve Gibson has also said that he’ll be writing a Win9x patch.
Brian Krebs has a post today on a Windows wireless networking “feature” which can be somewhat of a security risk. You see, it seems that With wireless networking enabled, Windows remembers the last wireless SSID that you connected to, so let’s say you were at a public Wireless access point called “Bob’s hotel” and you carry your laptop somewhere else. When the machine boots up, Windows tries to find “Bob’s hotel”, but of course, it’s not available at this other location, so… it assigns a 169.254.x.x ip address and broadcasts looking for “Bob’s hotel” the most recent wireless lan.
Good news for Windows XP users (especially XP Home). Microsoft has extended the support period for XP Home and Pro. Originally, security patch related support was expected to end December 31st of this year. According to the article for XP Home…
So for the consumer versions of Windows XP, mainstream support was going to end on December 31, 2006 and there was no guarantee of any security hot-fixes beyond that time. Microsoft has now extended the mainstream support deadline for the consumer versions to an undefined date that is two years after the release of the follow-on operating system.
Brian Krebs at the Security Fix has done an interesting study related to how long it takes Microsoft to release a security fix for a problem, starting from the time they are notified of the security vulnerability. For the most part, 134.5 days has been the window between notification and vulnerability patching for the last 2 years from Microsoft. (That is for vulnerabilities that were submitted to Microsoft through the normal process…)
There’s a good post at Spyware Confidential about the removal of the SpyAxe and SpywareStrike pests that are circulating widely these days. There is a good CastleCops Wiki page with Malware removal information on SpyAxe (With screenshots). Also, there is a good walkthrough of removal here, which includes instructions for smitremfix.
Microsoft has issued two advisories related to patches coming out today. Both are remote code execution vulnerabilities, the first affects Outlook and Exchange server, the second is related to embedded Web fonts. The links above don’t yet seem active, but should go to the technet Security bulletins once Microsoft finishes publishing those.