Microsoft vulnerability, now served with plain text files

It is the year 2011 and we learn that even opening plain text files in Microsoft Windows is not as safe as you thought.

The vulnerability could allow remote code execution if a user opens a legitimate rich text format file (.rtf), text file (.txt), or Word document (.doc) that is located in the same network directory as a specially crafted dynamic link library (DLL) file. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user.

You’ve got all your buzz words here: remote code execution; legitimate rich text, text, or Word document; network directory; local user rights, etc.  It’s good to know that it’s fixed.  Yet it’s still worrying as to what else is there …

The purpose of an operating system

I came across a good reminder of the operating system’s purpose in this Slashdot comment:

The point of an OS is to make the software independent of the underlying hardware. Windows lost that independence a LONG while ago (Windows NT / 95). Linux still has it because of the underlying design of the whole thing.

The same comment also brought back some memories of the times when I was working as a system administrator at what is now known as PrimeTel.

Move a Windows server – you can be in for a world of hurt unless you want to fresh-deploy it every time. Move a Windows-client, historically you’d be prepared for blue-screens because you have the “wrong” processor type (Intel vs AMD – requires disabling some randomly named service via the recovery console, for example), reinstalling the vast majority of the drivers (probably from a 640×480 safe mode) and even then can’t be guaranteed to get anything back and working – not to mention activation, DRM, different boot hardware (e.g. IDE vs SATA), etc.

Move a Linux server – unless your OWN scripts do something incredibly precise and stupid with an exact piece of hardware, it will just move over. At worst, you’ll have to reassign your eth ports to the names you expect using their MAC address (two seconds in Linux, up to 20 minutes in Windows and a couple of reboots).

It’s been a few years since I did that.  But I remember vividly how we used to move servers from one piece of hardware to another, and since we used a mixture of Windows and Linux servers, the difference was obvious.  With everything else being equal, we could migrate a dozen of Linux servers in two-three hours, moving them in parallel.  Windows machines took days and had to be approached with very little concurrency.

Disable automatic restart in MS Windows

At my current work, MS Windows is a corporate standard, so I have to spend my days in a VMware virtual machine.  With two large monitors, that’s not a big issue at all.  However there is one really annoying bit about my Windows machine.  If I leave it on overnight, it sometimes reboots by itself.  Yes, it tries to save the state of most applications and even my virtual machine state is restored more often than not, but it is still annoying and unnecessary.   Gladly, there is a solution:

Alright, first off let’s click the Start button. Once the menu pulls up we can click on “Run”. Now you should have a field to type in, let’s type “gpedit.msc” and hit enter. Once the screen comes up click the + next to “Local Group Policy” than “Computer Configuration” than “Administrative Template” than click on the “Windows Updates” folder. In here you will find a bunch of different variables. If you click on them in the right pane there should be some definitions of what each one does. I will not go in-depth on all of them because you can obviously read. The key we are looking for is “No auto-restart for scheduled Automatic Updates Installations”. Right click on that value and hit properties. Now click on Enabled, than hit “Apply” and “Ok”. Now close the Console1 window. It will prompt you to save, choose “Yes” and than “Save”. Now that you have saved the settings a reboot is necessary for the policy to take effect.

 

The Microsoft experience

I smiled after reading this post.  It reminded me of the fact that in our office, designers use my laptop to test web sites on Microsoft Internet Explorer 6.  We have two guys doing the designs, and one of the uses Windows Vista, which runs MSIE 7.  Another one uses, I think, Windows XP, but with MSIE upgraded to version 7 too.  I heard it’s possible to have several versions of Internet Explorer running on the same Windows installation, but nobody around here knows how to do it or cares enough to experiment.

But the funniest thing in this whole story is that my laptop is running on Fedora Linux.