IE7 RDP web client fix


We have a security appliance that manages user passwords.  One feature of this appliance is it can initiate a RDP session to a Windows box and pass the user’s credentials for authentication, which allows the users to access the remote system without knowing their password. 

This appliance uses the Remote Desktop Web Connection ActiveX control, and works great with Internet Explorer 6 and Internet Explorer 8.  It does not work with Internet Explorer 7 at all in our environment.
 
When trying to initiate the RDP web connection in IE7, the RDP Transparent Connection window has a red X on it, and the following error message is shown:
 
Remote Desktop Web Connection ActiveX control could not be installed. A connection cannot be made without a working installed version of the control. Please contact the server administrator.
 
The fix for this problem is:
 
Download and install the Remote Desktop Web Connection for Windows Server 2003 (actually for XP clients) on the IE7 machine.
 
The Remote Desktop Web Connection for Windows installer will create
the C:\InetPub\wwwroot\TSWeb\ directory.  Within that folder you will find the msrdp.cab file.  
 
Extract the msrdp.cab file, and place the two extracted files ( msrdp.inf  and msrdp.ocx ) in the C:\Program Files\Internet Explorer\PLUGINS directory.
 
Finally, you’ll need to registered the msrdp.ocx file using the following syntax:
 
regsvr32 “c:\program files\internet explorer\plugins\msrdp.ocx”
 
I restarted IE, and was able to successfully use the Remote Desktop ActiveX control without issue.  Tested on Windows XP SP2.
Thanks to Ster who pointed me in the right direction.

Howto disable the Internet Explorer popup: This page contains both secure and non-secure items. Do you want to display the nonsecure items?


The  Internet Explorer nag  This page contains both secure and non-secure items. Do you want to display the nonsecure items is sooo annoying.

To disable this popup in IE6:

Tools > Internet Options > Security 

Highlight the Internet zone
 
Select the Custom Level button
 
Under the Miscellaneous section, change Display Mixed Content from Prompt to Enable > OK > Yes > OK
 
To disable this popup in IE7:
 
Tools > Internet Options > Security > Custom Level
 
Under the Miscellaneous section, change Display Mixed Content from Prompt to Enable > OK > Yes > OK
 
The setting change should take effect without restarting the browser.  You will need to change the setting under the Trusted Sites zone as well.

New Internet Explorer 7 0-day exploit


SANS has reported a Microsoft IE7 0-day expoit that is now in the wild. This vulnerability is not adderssed by the forthcoming December 2008 patch Tuesday releases, or by the MS08-073 patch that was released on 12-09-2008.

Analysis shows the current exploit checks for the following conditions:

The user has to be running Internet Explorer
The version of Internet Explorer has to be 7
The operating system has to be Windows XP or Windows 2003

SANS has not yet confirmed if other versions are affected (Internet Explorer 6 or Internet Explorer 7 on Microsoft Windows Vista).

ThreatExpert has a very nice overview of the modifications the exploit makes to compromised computers.

Additional Resources:

ZDNet Security Blog
Secunia Advisory

Internet Explorer 7 Extended Verification Certificates and the Phishing Filter


IE7’s Phishing filter, which is supposed to be a layer of defense against Internet bad guys, drives me crazy.  The performance impact is noticeable, since every DNS request made by the browser has to be redirected to Microsoft to be checked against a database of known malicious sites.  I typically disable the Phishing filter the first time I start a fresh IE7 installation because of this problem. 

Unfortunately, one of the nice things that was present in IE7 that disappears once the Phishing filter is disabled is the green bar that shows you are on a web site that uses Extended Validation (EV) certificates.  EV certs are harder to obtain because the end user must pass a more rigorous identity verification screening process in order to purchase the certificate.  According to Verisign:

“Extended Validation SSL Certificates were created in direct response to the rise in Internet fraud, eroding consumer confidence in online transactions. In 2005, 84% of respondents to a Forrester Research study said they don’t think retailers are doing enough to protect their customers online and 24% did not make purchases online due to security concerns.* Before customers share their confidential data online, they want proof of identification from a trusted source. The Extended Validation SSL Standard raises the bar on verification of SSL Certificates and enables visual displays in high security browsers.”

You can see IE7 is not displaying the EV Certificate green bar for Paypal.com when the Phishing filter is disabled.

I’m not sure what the rationale was behind the decision to make the EV certificate display go away when the Phishing filter is not in use, but here’s how to re-enable it in IE7:

In Internet Explorer select Tools – Internet Options – Advanced.  Down at the bottom of the list check the Check for Server Certificate Revocation box.  Restart Internet Explorer for the change to take effect.

Now you can see the green bar associated with Paypal’s EV certificate is visible.

Please see Microsoft KB 928089 for a Phishing filter patch that may increase performance.

Cannot Uninstall IE7 from Windows Server 2003


When trying to uninstall Internet Explorer 7 on a Windows Server 2003 SP2 machine, the Remove button may not be visible in Add/Remove programs. Sometimes the button is visible, but clicking it displays the following:

“An error occurred while trying to remove Windows Internet Explorer 7. It may have already been uninstalled.
Would you like to remove Windows Internet Explorer 7 from the Add or Remove programs list?”

KB 948093 explains “This behavior occurs if Internet Explorer 7 was installed on Windows Server 2003 Service Pack 1. Service pack 2 was installed later than that.”

Microsoft’s resolution is to

  1. Uninstall SP2 and reboot
  2. Uninstall IE7 and reboot
  3. Reinstall SP2 and reboot

Personally, if I was Microsoft I would have included step 4, go directly to Microsoft Update and apply all applicable patches and updates, then reboot again.

Howto: Thwart Internet Browser Third Party Cookies


According to Wikipedia,

“HTTP cookies, sometimes known as web cookies or just cookies, are parcels of text sent by a server to a web browser and then sent back unchanged by the browser each time it accesses that server. HTTP cookies are used for authenticating, tracking, and maintaining specific information about users, such as site preferences or the contents of their electronic shopping carts.”

and

“Images or other objects contained in a Web page may reside in servers different from the one holding the page. In order to show such a page, the browser downloads all these objects, possibly receiving cookies. These cookies are called third-party cookies if the server sending them is located outside the domain of the Web page. Third-party cookies are used to create an anonymous profile of the user. This allows the advertising company to select the banner to show to a user based on the user’s profile. The advertising industry has denied any other use of these profiles.”

The problem with third party cookies is they are set on your computer by web servers you likely had no intention of visiting, and are used to track your web surfing habits. Steve Gibson’s Security Now! podcast episode #119 has a very detailed discussion about why third party cookies are bad. He also describes how PayPal and DoubleClick have a relationship that allows DoubleClick to place third party cookies when you are logged into PayPal’s secure web site, and why that’s probably not a good thing for privacy.

When I setup a new computer or image I generally block all third party cookies. It’s easy to do in Internet Explorer 7:

Tools – Internet Options – Privacy – Advanced – Override Automatic Cookie Handling – Block Third Party Cookies

It’s not quite as easy to block third party cookies with Firefox 2.x. You’ll have to follow these steps:

1) In the Firefox address bar (where you type the web site address), type about:config

2) In the filter box type network.cookie.cookieBehavior

3) Right click network.cookie.cookieBehavior and select Modify

4) Change the value from 0 to 1

Some web sites may not work properly without the ability to accept third party cookies, so instead of totally disabling third party cookies you can use a hosts file to specify which web sites you never want your browser to access. According to mvps.org,

“The Hosts file contains the mappings of IP addresses to host names. This file is loaded into memory (cache) at startup, then Windows checks the Hosts file before it queries any DNS servers, which enables it to override addresses in the DNS. This prevents access to the listed sites by redirecting any connection attempts back to the local machine. Another feature of the HOSTS file is its ability to block other applications from connecting to the Internet, providing the entry exists.

You can use a Hosts file to block ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and even most hijackers. This is accomplished by blocking the connection(s) that supplies these little gems.”

You can manually edit your hosts file to add entries for web sites you don’t want to ever visit. Or, you can use a freeware hosts file mangement application such as HostsMan or HostsXpert.

To manually edit your hosts file in Windows XP,

1) Click startrunnotepad c:\windows\system32\drivers\etc\hosts

2) add the IP address and name of the offensive web site

3) Click filesaveexit

If you have Windows Vista’s UAC enabled you’ll have to follow these directions in order to edit your hosts file.

If you don’t want to update your own hosts file and would rather use one pre-populated with offensive web sites, you can download one from MVPS. You’ll probably need to restart your computer to ensure the hosts file is reloaded.

If you experience poor performance when using a large hosts file, try disabling the DNS Client service. To do this:

1) Click startrun – and type services.msc

2) Right click DNS Client and select stop

3) Once the service stops, right click on DNS Client again and select Properties

4) Change the startup type from Automatic to Manual and click OK

IE7: How to stop http://runonce.msn.com/runonce2.aspx from loading every time IE is started


Every time I launch IE7 the Internet Explorer customization screen, http://runonce.msn.com/runonce2.aspx, has been displayed instead of the three home pages I specified in Tools – Internet Options. I had completed the whole customization processs many times, but Internet Explorer never seemed to remember the settings.

IE7 runonce

I found this thread that pointed me in the right direction for fixing this problem. To fix the problem, edit the following registry keys, or create them if they do not exist:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
“RunOnceComplete”=dword:00000001
“RunOnceHasShown”=dword:00000001

Once I made the registry changes and restarted IE, all was good. My home page opened up as expected.

This site also has five different ways of deploying this change, from scripts to a small executable file.

[updated 02-06-2008]

Updated broken link to five different ways of deploying this change