In a kiosk environment, or just a special case environment, sometimes the need for automatically logging in a specific user after a reboot, or during a logoff is needed. This works from Windows XP through Windows 8.1 Update 1.
This registry file will force an automatic logon of the user specified (and password if applicable). Automatic Logon
Note: If DefaultPassword does not exist (which it doesn’t by default), then AutoAdminLogon is set to zero (0) to not automatically log in the administrator account.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon]
AutoAdminLogon=0
DefaultUserName=Rich
DefaultPassword=s3cr3t
Force Automatic Logon at Logoff or After Screen Lock
This is done by adding two additional values to the registry.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon]
ForceUnlockLogon=dword:00000001
ForceAutoLogon=dword:00000001
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
CRITICAL_STRUCTURE_CORRUPTION (109)
This bugcheck is generated when the kernel detects that critical kernel code or
data have been corrupted. There are generally three causes for a corruption:
1) A driver has inadvertently or deliberately modified critical kernel code
or data. See http://www.microsoft.com/whdc/driver/kernel/64bitPatching.mspx
2) A developer attempted to set a normal kernel breakpoint using a kernel
debugger that was not attached when the system was booted. Normal breakpoints,
bp, can only be set if the debugger is attached at boot time. Hardware
breakpoints, ba, can be set at any time.
3) A hardware corruption occurred, e.g. failing RAM holding kernel code or data.
Arguments:
Arg1: a3a01f58921465fa, Reserved
Arg2: b3b72bdee4946739, Reserved
Arg3: 00000000000001a0, Failure type dependent information
Arg4: 0000000000000007, Type of corrupted region, can be
0 : A generic data region
1 : Modification of a function or .pdata
2 : A processor IDT
3 : A processor GDT
4 : Type 1 process list corruption
5 : Type 2 process list corruption
6 : Debug routine modification
7 : Critical MSR modification
Debugging Details:
------------------
PG_MISMATCH: 40000
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
BUGCHECK_STR: 0x109
PROCESS_NAME: mscorsvw.exe
CURRENT_IRQL: 2
ANALYSIS_VERSION: 6.3.9600.17029 (debuggers(dbg).140219-1702) amd64fre
DPC_STACK_BASE: FFFFF80049477FB0
STACK_TEXT:
fffff800`494778a8 00000000`00000000 : 00000000`00000109 a3a01f58`921465fa b3b72bde`e4946739 00000000`000001a0 : nt!KeBugCheckEx
STACK_COMMAND: kb
SYMBOL_NAME: ANALYSIS_INCONCLUSIVE
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Unknown_Module
IMAGE_NAME: Unknown_Image
DEBUG_FLR_IMAGE_TIMESTAMP: 0
IMAGE_VERSION:
BUCKET_ID: BAD_STACK
FAILURE_BUCKET_ID: BAD_STACK
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:bad_stack
FAILURE_ID_HASH: {75814664-faf6-4b70-bbc7-dc592132ecdd}
Followup: MachineOwner
---------
Update 1: Applying Security Updates
I decided to apply just Security Updates right now. So far so good.
After that completed, these are the remaining updates for this pass.
I will install these on a one-by-one basis.
Interestingly enough, that first update (685KB) failed install; re-checked for updates and there was only one update (9.6MB) so I assume it to have been a roll-up? Anyway it installed fine.
Now, I re-checked updates and I have a Windows 2012 R2 Update (~800MB).
Working on installing this now.
That update installed, ran check and found additional updates; those installed as well.
One last update remains, 97MB and it installed and rebooted seemingly OK.
After prompt to restart, got the following error on boot though:
Booted back into Windows OK but I see the update did not install.
This update is the Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 update rollup: May 2014
Prerequisite indicates KB2919355.
Checking system for KB2919355 shows I have it:
Re-attempting to install this update.
Resolution
All updates installed, however, still getting a Bugcheck code of 0x109 randomly.
Microsoft has released an out-of-band security patch for Internet Explorer versions 6 through 11. If you do not have Windows Update enabled and set to Automatic, please make sure to do so. You can confirm if the patch has been applied to your system by running the following from the command line.
wmic qfe | find 2964358
If the result of that command outputs nothing, you are not patched.
Visit windowsupdate.microsoft.com to get patched!
I’m working on a small Visual Basic.NET application to help apply one of Microsoft’s proposed workarounds to the latest Internet Explorer vulnerability by unregistering the vgx.dll file.
This tool is available free of charge and can be downloaded from my site. You can also download the source code.
Please check the download with your antivirus software before running it.
System Requirements
Windows XP SP2+, Vista, 7, 8/8.1, 2003, 2008/2008R2, 2012/2012R2
I have been inundated with questions about the latest vulnerability relating to Microsoft Internet Explorer and thought I would put together a brief post to use for reference. Microsoft has issued a Security Advisory detailing this a bit more in-depth if you’re interested.
Am I Affected?
If you use Internet Explorer on Windows XP, Vista, 7, or 8/8.1/8.1U1 — yes, you are affected.
If you use Internet Explorer on Microsoft Windows Server platforms (2003, 2003R2, 2008, 2008R2, 2012, 2012R2) you may not be affected ifEnhanced Security Configuration is still enabled as this mitigates the vulnerability. ESC is enabled by default on the Microsoft Windows Server platforms but server administrators have been known to disable this not only for Administrators but for Users which would make the systems vulnerable. Affected version of Internet Explorer:
Internet Explorer 6
Internet Explorer 7
Internet Explorer 8
Internet Explorer 9
Internet Explorer 10
Internet Explorer 11
Note Windows RT is affected, but not really. Windows RT does not allow installation of software outside the Windows Store, so although it is technically affected, it’s technically also not affected.
How can I Protect Myself?
Get EMET 4.0+
I cannot strongly enough recommend downloading and installing Microsoft’s EMET tool.
This tool mitigates this vulnerability, as well as many more and is available free from Microsoft. EMET is the Ehanced Mitigation Experience Toolkit designed to help protect applications from exposure to certain vulnerabilities by adding another layer of protection.
Windows 8 and Internet Explorer 10: If you have Internet Explorer 10 and are on Windows 8, KB2790907 must be installed to use EMET.
Windows XP users take note: You will not be receiving a patch when Microsoft publishes a fix, however, you can still download and use EMET to mitigate this as well as use a few of the workarounds mentioned below.
Is there a Workaround?
Yes, there are quite a few options actually to help mitigate this vulnerability. The following method is what I prefer. Other methods include:
Enable Enhanced Protection Mode
Requires Internet Explorer 10 or 11 and 64-bit Windows operating system. Click image for larger version.
Set Internet Zone security to High to make running ActiveX objects Prompt before running.
This would be extremely annoying to most users since it would be prompting almost all the time when visiting any modern website.
Change ACL on VGX.dll
This method can cause headaches down the road during Windows Updates if you do not remember to change the ACL back.
Unregister VGX.DLL
This is my preferred method and will get re-registered upon later Windows Updates installations.
Unregister VGX.DLL
I think this is ultimately the best workaround. Why? This is targeting the source of the problem.
Unregister the vgx.dll file. This is the source of the issue and by disabling this file, you will no longer have support for VML. Don’t know what VML is? You probably don’t need it.
Maybe double-check with your IT folks before doing this.
Open a command prompt, or paste the following (including the quotes) into the Start > Run box.
I have been inundated with questions about the latest vulnerability relating to Microsoft Internet Explorer and thought I would put together a brief post to use for reference. Microsoft has issued a 
