Smokey's Security Weblog

veritas odium parit

KB 2008373: Upgrading Vista to Windows 7 fails with error 0xc0000359 and reference to iastor.sys

Symptoms

When trying to upgrade from Vista to Windows 7, upgrade process fails with error message and rolls back to Vista.

\$windows.~bt\windows\system32\drivers\iastor.sys

Status: 0xc0000359
Windows failed to load because a critical system driver is missing or corrupt

Cause

During upgrade process the incorrect version of the iastor is referenced resulting in the above error.

Resolution

To resolve this issue perform the following steps:

1. Access Driver Repository Folder under C:\Windows\System32\DriverStore\FileRepository and move any folders that contain the file: iastor.inf to a temporary location.

Note: To move the files from the FileRepostiry you may require additional permissions which can be accomplished by taking ownership of the the folder:

– Right-click on the folder and choose Properties,
– Click Security tab.
– Click Advanced button.
– Click Owner tab.
– Click Edit button.
– Select your account.

2. Search for references to iastor within the oem inf files in the c:\windows\inf folder.

Example Command: findstr /i /c:”iastor” %windir%/inf/oem*.inf

3. Make a note of the oem##.inf files reported where ## is a numeral. Move the oem##.inf and corresponding oem##.pnf from c:\windows\inf folder to a temporary folder.

4. Delete $~bt, $~LS and $~Upgrade folders from c:\ drive if they exist

5. Download and install the latest version of the iastor.sys driver from Intel website on the Vista machine: http://downloadcenter.intel.com/Detail_Desc.aspx?agr=Y&DwnldID=17882&lang=eng

6. Start the Windows 7 upgrade process. It should complete successfully now.

Author/source: Microsoft Support

November 26, 2009 Posted by | Uncategorized | , , , , , , , , | Leave a comment

[VULNERABILITY] IE6 and IE7 0-Day Exploit Reported

SANS | 2009-11-22

A vulnerability has been identified in Microsoft Internet Explorer, which could be exploited by attackers to compromise a vulnerable system. This issue is caused by a dangling pointer in the Microsoft HTML Viewer (mshtml.dll) when retrieving certain CSS/STYLE objects via the “getElementsByTagName()” method, which could allow attackers to crash an affected browser or execute arbitrary code by tricking a user into visiting a malicious web page.

Symantec has verified the exploit:

November 21, 2009 – “A new exploit targeting Internet Explorer was published to the BugTraq mailing list yesterday. Symantec has conducted further tests and confirmed that it affects Internet Explorer versions 6 and 7 as well. The exploit currently exhibits signs of poor reliability, but we expect that a fully-functional reliable exploit will be available in the near future… To minimize the chances of being affected by this issue, Internet Explorer users should ensure their antivirus definitions are up to date, disable JavaScript and only visit Web sites they trust until fixes are available from Microsoft.”

Sources:

SANS, Symantec, SecurityFocus BugTraq

November 22, 2009 Posted by | Advisories, Alerts, Anti-Virus, Recommended External Security Related Links | , , , , , , , , | Leave a comment

New flash attack has no real ‘fix’: ‘everyone is vulnerable’

We all know Adobe Flash, it’s the most widely installed software product possibly in the Internet environment. And of course, the internet-creeps abuse that fact and misuse flash to drop their malicious crap on PC’s that are not well protected against flash attacks.

Past week I stumbled (again) over an article that describe the dangers of flash very well, I will share an excerpt of that article with my blog readers, to warn them and do the necessary to defend them against the dangers of flash.

New flash attack has no real ‘fix’: ‘everyone is vulnerable’
Dark Reading | nov 12, 2009

Researchers have discovered a new attack that exploits the way browsers operate with Adobe Flash — and there’s no simple patch for it.

The attack can occur on Websites that accept user-generated content — anything from Webmail to social networking sites. An attacker basically takes advantage of the fact that a Flash object can be loaded as content onto a site and then can execute malware from that site to infect and steal information from visitors who view that content by clicking it.”Everyone is vulnerable to this, and there’s nothing anyone can do to fix it by themselves,” says Michael Murray, CSO for Foreground Security, which today posted demonstrations of such an attack against Gmail, SquirrelMail, and cPanel’s File Manager. “We’re hoping to get a message out to IT adminstrators and CIOs to start fixing their sites one at a time.”An attacker could upload malicious code via a Flash file attachment or an image, for instance, and infect any user that clicks on that item to view it. “If I can trick a system to let me upload anything, I can run code in any browser, and Adobe can’t fix this,” Murray says. “If I can upload a picture to a site and append it with Flash code to make it look like an image, once a user views that, the code executes and I can steal your cookies and credentials.”

The only thing close to a “fix” is for the Website to move its user-generated content to a different server, according to Michael Bailey, the senior researcher for Foreground Security who discovered the attack.

Bailey says the attack is similar to a cross-site scripting attack. “This is very easy to perform,” he says.

The researchers don’t expect Adobe to issue any fixes to Flash’s origin policy, mainly because it would affect so many applications.

Web application developers could help prevent the attack by denying Flash content by default, which isn’t a very realistic option: “Doing that will break a lot of applications,” Bailey says. “And that’s the problem.”

For end users, the Firefox browser add-in NoScript provides some protection from this attack, as does Toggle Flash for Internet Explorer, the researchers say.

 

I produced the same article on DSLReports, feel free to join the DSLR-discussion, and to look for suggestions how to protect yourself.

November 15, 2009 Posted by | Advisories, Alerts, Anti-Spyware, Anti-Virus, Bundleware, Downloads, News, Recommended External Security Related Links, Vulnerabilities | , , , , , , , , , , , , | Leave a comment

What is it with MSN Space?

I am Starbuck, substitute site owner at ‘Smokeys’ and will sometimes blog here.

For a few days i’ve been unable to get into my Msn Space. so i emailed them to see if the ‘Spaces’ were down.
this is the reply i had from them:

Hello Peter,

Thank you for writing to Windows Live Spaces Customer Support.

My name is Joy and I acknowledge that you are unable to access your Space, starbuck50. I know how inconvenient this may have been for you and I am here to assist you.

We have found your Space, starbuck50, to be in violation of the Windows Live Spaces Code of Conduct as it has inappropriate content. As this violation is serious in nature, we were forced to close down your Space.

Please note that there is no Adult rating for Windows Live Spaces. Posting of profane messages, pornographic, sexually suggestive or provocative images is not allowed in our service, even if your Space is set to Private or Messenger.

Also, if your Space is disabled, you will not be able to access your Windows Live SkyDrive and Windows Live Profile accounts.

We encourage you to review the Windows Live Spaces Code of Conduct by visiting this link:

http://help.live.com/help.aspx?mkt=en-us&project=tou&querytype=keyword&query=coc

Windows Live Spaces has comprehensive online help available to you. For more information, click the “Help” button at the top of any Spaces page.

Thank you for using Windows Live Spaces.

Sincerely,

Mary Joy
Support Specialist
Windows Live Support Team

My Msn Space is all about helping people and providing help on ‘Pc Security’ matters.
If there’s anything ‘Pornographic’ on my Space, i’d love to see it!!!
Why are these replies from MSN always sent using ‘Canned speeches’…. i wanted a reply from a human.

The reply i received didn’t actually explain what the problem was.
If MS and MSN want to convey a good working relationship with people, then start by answering questions and problems using normal speech and explain things to members.
I still don’t know what the problem is!

The ridiculous reply didn’t even say how to correct things!
How can i even think about correcting things if i can’t even get into my Msn Space? … or even see what they are talking about.

Starbuck

November 14, 2009 Posted by | Recommended External Security Related Links, Uncategorized | , , , , , , , | 13 Comments