MowGreen

Issue:

When accessing the Microsoft Update site with the OS being Windows 2000, error code 0x8024402C appears in Internet Explorer

1) Navigate to HKLM\Software\Microsoft\Windows\CurrentVersion\Internet
Settings

2) If you see a Connections folder, look inside and there should be a
default key and a WinHttpSettings key.

3)Export the Connections folder and the right click it in the registry and delete it. (Note: Export it so you have a backup of it, just in case)

4) You should now be able to go to Microsoft Update and scan without seeing
the error code: 0x8024402C

Posted by MowGreen at 8:27 AM | Permalink | Comments (0) | TrackBacks (0)

Issue:

I get this error on a fresh Windows 2000 SP4 installation with IE6 SP1. I
have tried the workaround to delete/rename the files in the %windir%\SoftwareDistribution directory, and this did not work.
I have also tried to disable my virus scanner, and to remove all files from IE and restart.

After I posted, I started searching for software on my computer that might be causing problems. I went to the Event Viewer and found a TON of warnings and errors related to paging operations and "unexpected" Windows errors in WUAU.

I looked through my software, and found that I had installed the Intel Application Accelerator IDE driver as part of my mobo drivers. This application has caused problems for me in the past, so I uninstalled it, and everything works.

Posted by MowGreen at 8:21 AM | Permalink | Comments (0) | TrackBacks (0)

Click Start and then click Run
Type ( or copy and paste ) the following command then click OK:

rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %windir%\inf\au.inf

(Note: that the above should be one line including the spaces)

If you are prompted for the XP CD and and the OS is XP SP1 or SP2 then browse to %windir%\ServicePackFiles\i386 or Winnt\ServicePackFiles\i386 (depending on who installed the OS) to complete the installation.

Posted by MowGreen at 8:09 AM | Permalink | Comments (0) | TrackBacks (0)

Issue:

On accessing WU - progress bar keeps going and then the 0x80248011 error appears

2006-11-08 17:54:42 2564 130 Misc = Process:
C:\WINDOWS\system32\wuauclt.exe
2006-11-08 17:54:42 2564 130 AUClnt FATAL: Error:
0xc8000408. wuauclt datastore: failed to spawn COM server
2006-11-08 17:54:42 1304 678 DtaStor FATAL: DS: Out of
proc datastore process exited with error 0xc8000408 before signalling
ready event.
2006-11-08 17:54:42 1304 678 Agent * WARNING: Exit code
= 0x80248011

Additonally, when attempting to run System Restore, the resultant error message is
Error 15: Cannot find the drive specified

Also System restore tells me that it is not able protect the computer and I should restart the machine.

XP Pro - right click C:\ >, choose Properties, Security
Add System with Full Control
XP Home Editon - boot to Safe Mode to access the Security tab by logging on as Administrator

For XP, the command can be shortened to regsvr
Windows 2000 requires the full command

3- regsvr32 wups.dll

4- regsvr32 wuaueng.dll

5- regsvr32 wucltui.dll

6- regsvr32 wuweb.dll

7- regsvr32 jscript.dll

8- regsvr32 atl.dll

9- regsvr32 softpub.dll

10- regsvr32 msxml3.dll

11- net start wuauserv

Reboot and try the Windows Update site again.

Posted by MowGreen at 7:31 AM | Permalink | Comments (0) | TrackBacks (0)

A Security Vulnerability in the Java Runtime Environment Swing Library may Allow an Untrusted Applet to Access Data in Other Applets

* Date Released: 14-Nov-2006
* Date Closed: 14-Nov-2006

1. Impact

A security vulnerability in the Java Runtime Environment Swing library may allow an untrusted applet to access data in other applets.

Sun acknowledges, with thanks, Tom Hawtin, for bringing this issue to our attention.
2. Contributing Factors

This issue can occur in the following releases (for Solaris, Linux and Windows platforms):

* JDK and JRE 5.0 Update 7 and earlier

Note: SDK and JRE 1.4.2_xx and earlier and 1.3.1_xx and earlier are not affected by this issue.

To determine the default version of the JRE on a system for Solaris and Linux, the following command can be run:

% java -version

Note: The above command only determines the default version. Other versions may also be installed on the system.

To determine the default version of the JRE on a system for Windows:

1. Click "Start"
2. Select "Run"
3. Type "cmd" (starts a command-line)
4. At the prompt, type "java -version"

Note: The above command only determines the default version. Other versions may also be installed on the system.
3. Symptoms

There are no reliable symptoms that would indicate the described issue has been exploited.

Solution Summary Top
4. Relief/Workaround

There is no workaround. Please see the "Resolution" section below.

5. Resolution

This issue is addressed in the following releases:

* JDK and JRE 5.0 Update 8 and later (for Solaris, Linux and Windows)

J2SE 5.0 is available for download at the following links:

* http://java.sun.com/j2se/1.5.0/download.jsp
* http://java.com

Why does Sun behave in such an arrogant manner ? If Microsoft behaved as Sun does it would be a big media circus with the whining and gnashing of teeth over MS' arrogant, monopolistic behavior .
So, just what is it with Sun ?
The java autoupdater is BROKEN . I waited over a month for it to update the java package on my system just out of curiousity. The latest update brought the J2SE up to v. 1.5.0_09. Now, what if v.1.5.0_07 had been the J2SE and the system had been to a site with a malicious java applet that had used the vuln to ... access data in other java applets.
WHAT would have happened ? Should I guess or wait until Sun imparts their knowledge to the rest of the World ?
AND, the autoupdating mechanism does NOT remove older, vulnerable versions of the runtimes.

Acccording to Sun, starting with the v.1.5.0_06 J2SE, no runtimes could be utilized by malwares. OK, thanks.
Now, why are applets exploitable and just what the heck IS the exploit ?

Posted by MowGreen at 7:29 PM | Permalink | Comments (0) | TrackBacks (0)

From DSL Reports -
MySpace Phish Met With Hosting Provider Apathy: What's the responsibility of hosting providers?

Yesterday we reported on a widespread phishing attack on MySpace, in which personal profiles had their HTML gamed to entirely overlay the usual look and feel with what appeared to be a real MySpace login page. A valid page should be hosted at login.myspace.com, but since this one was at myspace.com, it would have fooled even most phishing experts. Users have been told to watch the URL, and we're sure many did. Oops.

When the user submitted the phake form, it passed the user's name and password to a login.php script hosted on a third-party website, which dumped the data into a file. The user was then rerouted to the standard MySpace login. Users would presumably believe they had simply mistyped their password and would try again, unaware that they had been conned.

The directory holding this accumulated booty was visible to anybody who looked into the HTML source, and the file containing the user information could be downloaded by anyone. These unfortunate victims were now in the public domain. It's common for phishing drop boxes to be located in hard-to-reach jurisdictions. Because this one was in the United States, there was hope that the matter could be resolved in short order.

A number of the users in our security forums attempted to contact the web host, iPowerWeb, in an attempt to get them to shut this site down. However, users were shocked to find that the provider had positively no interest in mitigating the damage of this phishing operation.

One of our resident security experts informs us they were told that since the phished site was hosted elsewhere, nothing could be done. The easily accessible treasure trove of user information was "just a file of names," users were told. "They would not even consider looking at the MySpace page in order to reach their own judgement," one security expert tells us. "They simply did not care."

Others resident phish-trackers got the same response from iPowerWeb and were told there simply wasn't ample evidence this was even a phish. Users pointed out that the login.php script clearly involved the MySpace login page, and that the purported website fashion-infos.com had no obvious connection to MySpace. None of this information had any impact.

A long six hours later, the drop-box site was finally removed. We're unsure what triggered the hosting provider to finally take action, but we're curious about how many new users the phish grabbed during those six hours.

Posted by MowGreen at 10:14 PM | Permalink | Comments (1) | TrackBacks (0)