Zero-day Microsoft Internet Explorer

A new high risk zero Internet Explorer day exploit is currently being active in the wild.

That means that anyone using Internet Explorer 7,8 or 9 to browse the internet has the potential of getting infected by simply visiting a webpage with the specific bad code in it. The code will then download an exploit pack to your computer and can give the unauthorized people access into the infrastructure.

There is currently no patch or solution to the issue from Microsoft, so the only viable option is to switch to another browser. Thinking “I won’t click any links from unknown people” is unfortunately not enough, as it’s getting more and more common for these kind of people to either hack known sites and add the code, or to purchase banner space etc for well known sites which then launches the code without you noticing anything at all.

Two browsers you could use are:
Firefox: http://www.getfirefoxcom
Chrome: http://www.google.com/chrome/

For more information: http://www.kb.cert.org/vuls/id/480095

Update: Since, Microsoft has released an update. Run Windows Update to get the latest versions available.

Default = PowerShell

In a earlier blog post I wrote about how to generate passwords using PowerShell. Here comes another PowerShell advice for you.

Now that Windows Server 2012 will be officially available many servers will be installed as ‘core’ servers. That is in itself a very good thing. The bad thing about it is that Microsoft have set the default command Shell to be CMD.EXE. Nothing wrong with that per se but these days administrators should go PowerShell all the way. If you’re like me and want PowerShell to be your default shell even in core servers, do this to make PowerShell your default shell:

$Path = 'Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\winlogon'
Set-ItemProperty -Confirm -Path $Path -Name Shell -Value 'PowerShell.exe -noExit -Command Set-Location "$env:userprofile"

The next time you login to the machine you will get PowerShell as the default shell 🙂