Keeping Up with Windows

Security Hole in IE Add-ons, Disabled Accounts; a Hotfix Filter Problem; Wireless Connection Failures and More

Security Hole in IE Add-ons
One of Microsoft Internet Explorer's (IE's) new security features is the ability to examine and disable add-ons that a Web site might install on your system without your knowledge. Add-ons extend browser functionality by running scripts that display extra toolbars, stock tickers, ad blockers, and animated cursors. An oversight in the implementation of this new feature lets developers use a registry setting to enable or disable the display of a specific add-on in the Manage Add-ons list (on the Tools menu). The end result is that the add-on list might not accurately reflect the number of add-ons that are installed and enabled on a system. Microsoft Product Support Services (PSS) has an XP update available that forces all installed items to be visible in IE’s Manage Add-ons list. The update is a new version of extmgr.dll with a file release date of October 25. The Microsoft article "Some add-ons are not listed in the Manage Add-ons dialog box in Internet Explorer on your Windows XP Service Pack 2-based computer" (http://support.microsoft.com/?kbid=888240) documents this security hole.

Disabled Account Security Hole
By default, Windows systems cache usernames and passwords to permit a user to log on locally when a domain controller (DC) isn't available. When a user logs on successfully, the OS saves account information, suitably encrypted, on the local system. If, during a subsequent logon, a DC can't be reached, the system uses cached credentials to log on a user. Here's the security hole: Even though you disable user access, either by disabling the account or revoking a smart card certificate, the cached credentials are still stored on the local workstation. This means that a user can log on by using the cached credentials and potentially access network resources with another valid username and password. A cached logon doesn't authenticate the user during the logon procedure, but it does grant network access, with the caveat that the user must provide valid credentials when connecting to other network resources. The Microsoft article " A user may log on successfully after a smart card certificate is revoked or after their user account is disabled in Windows XP" (http://support.microsoft.com/?kbid=887535) states that PSS has a hotfix you can install on XP systems. The hotfix is a new version of Kerberos.dll with a file release date of October 7.

October Hotfix Reminder
Last month, I discussed how filter drivers can interfere with the installation of Microsoft issued patches on XP SP2 systems. If you missed this note, filter drivers can block successful installation of 16 previously released updates, including several I discuss today. If a filter driver is causing the problem, the system will hang sometime during the update process. To keep your system stable, you should download and install "Update for Windows XP Service Pack 2 (KB885894) before you install any other fixes. Read more about this problem and download the hotfix at http://support.microsoft.com/?kbid=885894.

Intermittent Wireless Connection Failure
Do your users complain that they lose wireless connectivity unexpectedly? Instead of a signal strength problem, they may be experiencing a bug that occurs when an XP system resumes from standby. The Microsoft article "Your computer may indicate that your wireless network connection is unavailable after you resume your computer from hibernation in Windows XP" (http://support.microsoft.com/?kbid=885293) states that you can work around the problem by stopping and starting the Wireless Zero Configuration service. To eliminate the problem, call PSS and ask for the patch, a new version of Ndisuio.sys, with a file release date of November 6.

Standby Request Hangs System
If you try to go into standby power when there is limited or no power coming from the wall outlet, XP might hang. PSS released hotfixes for SP1 and SP2 systems in late October. The hotfix contains new versions of four kernel files and is available only from PSS. When you call, cite the article "Your portable computer stops responding when you try to put it on standby in Windows XP" (http://support.microsoft.com/?kbid=887823) as a reference.

USB Flash Storage Blue Screen
The USB device driver on XP has bugs that cause the system to crash with a stop code of 0x0000007e when you access USB 2.0 flash storage devices. The Microsoft article "0x7E Stop error occurs after you disconnect your USB 2.0 flash storage device" (http://support.microsoft.com/?kbid=884868) states that the system crash can occur in a variety of ways, including when you connect or remove a flash storage device on a docking station, when you access a file on a flash storage device, and, potentially, when you disconnect your laptop from a docking station. The new improved driver, Usbhub.sys, with a file release date of September 16, is available only from PSS.

XP VPN Clients Might Not Register in DNS
A DHCP bug in the code responsible for registering a remote computer name in DNS might fail for VPN users, especially on slow dial-up connections. When this bug crops up, the connected system isn't visible on the network and thus can't be contacted by other users. The article " Other computers on the network cannot connect to your Windows XP Service Pack 2-based DHCP client computer after you log on to a network that is running the DHCP Server service" (http://support.microsoft.com/?kbid=885865) says that Microsoft has corrected this problem in a new version of the DHCP service component, Ddhcpcsvc.dll, with a file release date of September 27. The update is available directly from PSS.

XP Fast User Switching Might Hang System
A keyboard corruption problem can hang XP when you use the fast user-switching feature. The symptoms for this problem are: After you switch to a different user and log off you see a blank screen and the system hangs; and when you restart the system, it hangs during the shutdown process. The hotfix for this problem, a new version of win32k.sys, has been available from PSS since August 19. Cite the Microsoft article "Logging off or restarting the computer after switching users may cause Windows XP to stop responding" (http://support.microsoft.com/?kbid=872789) as a reference.