http://msinfluentials.com/blogs/jesper/archive/2008/02/06/mitigate-the-image-uploader-vulnerabilities.aspxThe big security news this week is the six vulnerabilities found in various image uploader ActiveX controls. In case you haven&#39;t seen the news , there are exploits available publicly for remote vulnerabilities in five different ActiveX controls. USenCommunityServer 2008.5 SP2 (Build: 40407.4157)http://msinfluentials.com/blogs/jesper/archive/2008/02/06/mitigate-the-image-uploader-vulnerabilities.aspx#7430Fri, 15 Feb 2008 07:04:45 GMT91db4bc3-5a69-4a9f-94bf-eedb569902ab:7430Anthony Perkins<p>Jesper, thanks for your work on this.</p> <div style="clear:both;"></div><img src="http://msinfluentials.com/aggbug.aspx?PostID=7430" width="1" height="1">http://msinfluentials.com/blogs/jesper/archive/2008/02/06/mitigate-the-image-uploader-vulnerabilities.aspx#7427Thu, 14 Feb 2008 16:39:17 GMT91db4bc3-5a69-4a9f-94bf-eedb569902ab:7427Roshan James<p>Sorry for a comment that is a little out of place. What brings me to your website is your article about ACLs and such. </p> <p><a rel="nofollow" target="_new" href="http://www.microsoft.com/technet/community/columns/secmgmt/sm1105.mspx">www.microsoft.com/.../sm1105.mspx</a></p> <p>There you say strange things like this:</p> <p>&quot;Power Users are administrators who simply have not made themselves administrators yet.</p> <p>You cannot remove the ACLs on the file system, or even the registry, and prevent that. Power Users are ingrained in the operating system, and they have sufficient privileges to escalate to an administrator fairly easily.&quot;</p> <p>At the risk of sounding obnoxious I must say, I am baffled by how anyone is expected to know this. Is there some place where this is all written down is a accessible way? Maybe a lattice of builtin users and a lattice of ACL permissions? </p> <p>I am try to decipher the ACL format of icacls, at it is simply so hard to find any readable and reliable information about this. Would you know where I might find some?</p> <p>I see from your technet webpage that you left the company. Congratulations. </p> <div style="clear:both;"></div><img src="http://msinfluentials.com/aggbug.aspx?PostID=7427" width="1" height="1">http://msinfluentials.com/blogs/jesper/archive/2008/02/06/mitigate-the-image-uploader-vulnerabilities.aspx#7425Sun, 10 Feb 2008 18:19:25 GMT91db4bc3-5a69-4a9f-94bf-eedb569902ab:7425jesper<p>Of course Aaron. I meant to say startup script. Fixing now.</p> <div style="clear:both;"></div><img src="http://msinfluentials.com/aggbug.aspx?PostID=7425" width="1" height="1">http://msinfluentials.com/blogs/jesper/archive/2008/02/06/mitigate-the-image-uploader-vulnerabilities.aspx#7424Sun, 10 Feb 2008 14:15:04 GMT91db4bc3-5a69-4a9f-94bf-eedb569902ab:7424Aaron Margosis<p>I think it&#39;s more accurate to call it a &quot;startup script&quot; rather than a &quot;logon script&quot;: &nbsp;logon scripts run in the security context of the user logging on, while startup scripts run as System. &nbsp;You need the latter here, since users can&#39;t set those kill bits. &nbsp;(The instructions you wrote indicate a &quot;startup script&quot;, which is correct, so it&#39;s just about terminology.)</p> <div style="clear:both;"></div><img src="http://msinfluentials.com/aggbug.aspx?PostID=7424" width="1" height="1">