Re: First vulnerabilities in the SP2 - XP ?...
As a work around to the issue - although not to easy to configure for
the home user,
I would think if you have users who are ignorant, gullable, or just
plain stupid - a windows sysadmin might consider a GPO in AD with one or
more of the following policies:
User Configuration --> Administrative Templates --> System --> Prevent
Access to Command Prompt
User Configuration --> Administrative Templates --> System --> Run Only
Allowed Windows Applications
User Configuration --> Administrative Templates --> System --> Don't
Run Specified Windows Applications
Another huge advantage would be the proper implementation of the
following in an AD GPO:
Configure some Software Restriction Policies in User Configuration -->
Windows Settings --> Security Settings --> Software Restrictions
and if possible, couple it with certificates. (although, i'm not too
familiar with this one)
Computer Configuration --> Windows Settings --> Security Settings -->
Local Policies --> Security Options --> System settings: Use
Certificate Rules on Windows Executables for Software Restriction Policies