Monthly Archives: September 2010

Blog wrap-up for September 2010

Last record to first:

The report of my first reported vulnerability

The CLI nostalgic series continues (Driverquery, fc, find)

The CLI nostalgic series continues (clip, color, comp)

Yeah. MS issued MS Chrome Winking smile

The start of CLI Series. Nostalgia begins here Smile

MS CTA and discounts for MS Partners’ employees

Viruses go x64. Beware!

Call me if you want, I’m on my phone if I’m online

Vulnerability in VMWare Workstation installer. Not a 0-day anymore.

The only reason for mentioning the vulnerability is… Bragging. Yes, I’m going to brag about the first vulnerability I had discovered and reported before the CVE was issued =) I found several vulnerabilities earlier, but all of them already had a CVE published, so it was useless.

The vulnerability in VMWare Workstation and Player installer allowed criminal to launch any code you may embed into a .htm page. Well, the page must be placed in the same directory where the installer is placed and it will shoot your computer only if you are installing the new version, but, hey, it’s my firstling and my work is not to look for those! =)

What it looked like before version 7.1.2:

1) If we have a folder where there is an index.htm file and, say, VMWare Workstation 7.1.1 file


2) and run our installation, then, after elevation prompt all of a sudden:


What the heck is this???!!! Well, this is what our malicious .htm file does. Of course, no one is going to click the link if it looks like this (and with such a text), though… Well, that’s another story. Nevertheless, if we will succeed in putting into that file some script or will make the page look like installer window and place some link in it… Then our malicious file will be executed with elevated privileges.

Very narrow attack vector, of course, but still I’m glad it is closed now.

P.S. Of course bragging is not the only reason to write about this topic: finding the issue gave me two more ideas for discussion, so consider this article as an introductory one.

Old good command line #2…

Let’s continue overview of what was found by me in command line tools.

  • driverquery. List drivers, installed into your system with various information about them. For example, we can obtain information about signed drivers:


May be handy in case of some drivers problems.

  • fc. Whoa, kind of déjà vu… Haven’t we such a command described in the previous issue of “old good command line”? Isn’t it the same as “comp command”? Well, not exactly. While “comp” compares byte-by-byte, this command has some different options and is more powerful in some cases. It can compare in ASCII mode, be case-sensitive or insensitive and so on and so forth. By default the command outputs lines which are different between the files being compared:


It should even be able to synchronize files, if they are different, but I failed to do that =)

  • find. Well… It should be named BING: But It Is Not Grep. Still, it is powerful enough to be useful.


That is all for today, we’ll continue Winking smile

Old good command line…

You know what? What struck me after I had written the post about cmdkey is that while reading about cmdkey’s syntax, I saw many commands which… Well, it’s a shame but I didn’t know them. Really. Though I still remember what did “expand” word in DOS I can’t tell you what does “comp” or “clip”. Actually, I couldn’t, because I’ve done some research and in this message I’ll tell you about some command which seem to be interesting to me. Of course there are many commands, which either deprecated (break), or cannot be used directly from a script or in CLI (autochk, call), nevertheless, there are some commands which may be useful in a day to day life of a system administrator. Here they are (these are just those which have interested me or look fun, so I could omitted some interesting for you or include some rubbish, you know):

  • clip. Sometimes we just need to put results of a command or a program run-time into clipboard and being pasted into email, IM windows or somewhere else. Just copied somewhere and get rid of it. What I usually do is:


Open file.txt with notepad:


and copy/paste it. Now I can do just


and what I have in my clipboard is:

I’m thinking
40% done…

No more creatingFile-openingFile-selectingAllInTheFile—copying-pasting-closingTheFile-deletingTheFile. It was too boring, now it is much quicker, I guess.

  • color. Just for fun make your CLI look like Norton Commander


turn it back to normal


  • comp. Suddenly: very powerful command. Compares files byte-by-byte. If, for instance, we have two files:




and run the command:

comp file.txt file2.txt /a


we’ll receive the following:


Isn’t it cute useful?

The next chunk of utilities overview is to follow…

IE 9 Beta starts

imageYeah, we are receiving it. Come to on the 15th of September (UPD: the download links are already accessible) to get more info about it, to download it and try it any way you want. The brief and not very full list of what’s new:

– HTML5 support

– Faster than previous

– Many improvements in CSS and HTML compatibility

– And more and more and more… Enjoy! =)

Utilities: cmdkey

imageWe use credentials to surf the Internet, access resources on an intranet and our home network may require them too. Managing them may be easy or hard, secure or not, but many people consider saving credentials locally good enough comparing to having enter them every time. Another situation when we save a credentials is by mistake. Anyway, sometimes we just need to assess what saved info we are having or automate adding and deleting those. In windows 7 we can solve the task partially accessing Windows Vault:



but it is unavailable in more earlier OSs like Vista, it is unavailable (at least directly) in server OSs at all and it cannot be automated. And this is where we move to the utility of the day: cmdkey. Reading on the link above will tell you about the syntax, so I will just show you a couple of examples.

This is how looks credential storage for a “newborn” user:


Let us add a credential for user “user” in domain “domain2” to access server “server” in domain “domain1”:


And this is how it looks now:


And now we can delete it if it is not needed anymore:


This utility may be handy not only in cases I described above, but in some not obviously connected with it (look at an example here, question about DFS path), so keep it in mind.

Certification News

Just news, briefly:

  1. New certification program for students and newbies without IT experience just started. You already can pass several exams to become MS Certified Technology Associate. More info in the program site. Brilliant way to start your certified life, I think Smile
  2. Another freebies… Well, almost. MS gives discount up to 30% on certification exams for employees of companies which are MS partners. And, though you are to by the exams wholesale, those who work for MS partners know that you are sometimes to pass them wholesale too, so enjoy. Details.

x64 attacks, part II

malwareWhen I wrote about the surge of 64-bit platform which had come to the client computers I didn’t think about one obvious things: as some platform becomes mass and popular, it attracts all sorts of ill-minded persons to it. In our age it means that all the instruments that hackers use to do what they do will become adapted to the new reality. Unfortunately it is happening whether I think about it or no (maybe someone else had thought about it? Quit it, then Winking smile). Guys from MS have reported that we have received a 64bit version of Alureon malware. At the moment of report it produced non-bootable XP or 2003 and ruined some disk functionality in the later systems, but I have no doubt: the bad guys will correct these mistakes and make this malware even better (for them, of course and worse for you and me). That will again tell me, that every statistics about vulnerabilities, virus quantities and such kind of things must be normalized to the user base or else it just tells you wrong.

Kaspersky Lab has implemented UC

Completely as advertising Winking smile  We did it! “We” is somewhat exaggerated: my participation in the project was not very bold but still we have OCS and it is convenient. What think our management team you can read here (Russian). Actually, the management don’t lie: it is cool and convenient. I don’t mind where I am unless I have Internet access: I can call anyone.  The real check for me was the time I fled to our Saint Petersburg’s office from turf fires and smog. Of course I could have got a phone in the office and configure it to answer my extension… And I could go to some cafe with internet and nobody would even notice, I’m not in the office:

– Hello can I visit you?

– Yeah, sure, but it’s hard: I’m 700 kilometres from you =)

Overall, I like it. There still is something to improve, but what we have now is very convenient.