I’ve done one or two mentions in the past of ways to recover/reset lost windows passwords and thought it was probably time for another “brain dump/web research dump” of things that I’ve run across. This is not just for lost administrator passwords, but could apply to a lost user account password as well. (I’ve found that the mileage varies on the system. NT/2000/XP/2003 are not the only variations, there seem to be variations related to certain Windows updates/etc.) I should also put a disclaimer here that this information is not so you can break into someone else’s windows installation (without their permission), at the very least that’s a privacy violation and at the worst, against the law and unethical. What this is for is a guide to someone that has accidentally locked themself out of their windows install (or in some cases where someone ELSE has locked you out of your own pc.) In other words – don’t use this to crack.
Category: Windows Software
-
IE 7 address bar spoofing issue
Another issue was reported with the new IE 7 and confirmed by Microsoft. It seems that it’s possible for a malicious link to spoof the information in the address bar (make it look like you’re at a site that you’re NOT at.) Incidents.org gives the following possible workaround…
As a quick workaround you may want to configure MSIE 7.0 to open new windows in a new tab. In order to do this, Tools -> Internet Options -> Tabs Settings -> When a pop-up is encountered: Always open pop-ups in a new tab.
-
Internet Explorer 7 final release – AND first vulnerability…
Looks as though IE 7 release is imminent and will be in automatic updates on November 1st. Here’s one persons take on the user interface “improvements”. Now, there are many improvements in core functionality, but I’m annoyed by the user interface changes. I have spent quite a while with people getting use to the way the interface for windows programs have been for the last 10 years, now I feel like many of them will take another 5-8 years to get used to a NEW way to expect programs to be laid out….
-
Firefox 2.0 RC3 out
Baring big problems, the final release candidate for the new 2.0 version of Mozilla Firefox is out reported here and here.
-
Exploit Thursday – this months winner – Powerpoint
The SecurityFix reminds us of what usually comes close behind Patch Tuesday…. exploit Wednesday or Thursday and this month, the exploits seemed to start coming out Thursday. There’s a new Powerpoint exploit starting to make the rounds right on the heels of Patch day. The main goal is likely to get the most mileage out of the exploit before the NEXT patch Tuesday. Microsoft is reported to be investigating the reports of this vulnerability.
-
What wasn’t patched Tuesday…
Sunbelt reminds us that the daxctle.ocx exploit was NOT among those patched Tuesday by Microsoft. They remind us of the following workaround…
Mitigation: The DirectAnimation Path control can be disabled by setting the kill bit for the following CLSID: {D7A7D7C3-D47F-11d0-89D3-00A0C90833E6}
More info at Microsoft’s Knowledge Base
-
Updating Windows XP SP2 serial number
Intelliadmin published this earlier today… with all the problems some people have had with the Genuine advantage notification that their copy of Windows may not be legitimate (many reasons for this…) it may be necessary to buy a new copy of Windows and it would be a nuisance to have to reinstall. So, there is a way to just update the serial number to the new copy. The download from Microsoft can be found here and checks the main system files (for patching/changes to circumvent WGA) and then asks for the new Product Key. Reboot and it should have updated the serial number and maybe WGA will let you do updates.
-
Preventing the automatic update to Internet Explorer 7
Internet Explorer 7 is set to be released this month (October 2006) and it will likely be an automatic update for Windows users either November or December of this year. (I’m thinking November.) Now, it’s been a long time in the making, at one point Microsoft said there wouldn’t be another version past 6 of IE, but… it’s finally coming and some people will not want it installed automatically until they’ve had more time to investigate it and test with their critical uses.
-
Microsoft October 2006 patch Tuesday
The first thing I should mention is that this months update from Microsoft is the last for XP SP1 users should plan a migration path to SP2 to keep getting updates to XP. Multiple vulnerabilities this month have been patched in Office There are 4 advisories, but a total of 15 issues covered by those four. Powerpoint, Excel, Word and Office/Publisher there are a variety of exploits, some public (like the powerpoint) others that were privately reported. Also, Incidents.org gives a nice summary of the advisories and the severity of each (urgency of updating.) The setslice vulnerability is patched in this batch by the way.