Search

Tom's Blog

My weird and wonderful blog…

Category

Windows Server 2003

Windows left exposed (again…) by 0-day exploit found for IE 7, 8 & 9

Image

Microsoft has managed to do it yet again. A new 0-day exploit has been found for IE 7, 8 & 9 running on any version of Windows released in the last 10 years. Computers can get compromised simply by visiting a malicious website, which gives the attacker the same privileges as the current user.

Now would be a good time for you to switch to a web browser that doesn’t give you anything short of cancer like Chrome or Firefox.

Check out The Verge link for more info as well as the Metasploit link for the demos.

 

Advertisements

NTDS 1136 Errors on Domain Controllers

I recently noticed NTDS errors (EventID 1136) with the below details getting logged every minute:

Active Directory failed to create an index for the following attribute.

Attribute identifier:
591789
Attribute name:
msFVE-RecoveryGuid

A schema cache update will occur 5 minutes after the logging of this event and will attempt to create an index for the attribute.

Additional Data
Error value:
-1403 JET_errIndexDuplicate, Index is already defined

After a bit of extensive searching I discovered that one of our Domain Admins had done a Schema update on the forest to add BitLocker Drive encryption. BitLocker Drive encryption is not supported on a 2003 domain and this is what’s causing the problems. Below is the solution on how to fix these errors:

To work around this problem, you must determine which domain controller is the schema operations master, and then remove the containerized index for the msFVE-VolumeGuid schema object and for the msFVE-RecoveryGuid schema object. To do this, follow these steps:

  1. On a domain controller, click Start, click Run, type cmd, and then click OK.
  2. To determine which domain controller is the schema operations master, type the following command at the command prompt, and then press ENTER:
    netdom query fsmo
  3. Log on to the domain controller that is hosting the schema operations master role by using an account that is a member of the Schema Admins security group.

    Note By default, the built-in Administrator account in the root domain of the forest is a member of the Schema Admins group.

  4. Click Start, click Run, type adsiedit.msc, and then click OK.

    Note The ADSIEdit Microsoft Management Console (MMC) snap-in is included in the Windows Support Tools for Windows Server 2003. To download the Windows Support Tools for Windows Server 2003 with Service Pack 1, visit the following Microsoft Web site:

  5. Open the Schema container, and then open the folder that contains the schema objects.
  6. Double-click the msFVE-RecoveryGuid schema object.
  7. In the schema object dialog box, click searchFlags, and then click Edit.
  8. In the Integer Attribute Editor dialog box, change the value from 27 to 25, and then click OK two times.
  9. Repeat steps 6 through 8 for the msFVE-VolumeGuid schema objects.

Note A container index is specified in the SearchFlags attribute of an Active Directory AttributeSchema object. When you update the SearchFlags attribute to remove the container index, you do not affect BitLocker Drive Encryption functionality.

http://support.microsoft.com/kb/932862

Blog at WordPress.com.

Up ↑