Unspecified Potential Security Risk! Take 2

Some additional questions have been raised here and elsewhere about what precisely causes the "Unspecified Potential Security Risk" dialog - the one from Internet Explorer that looks like:

Internet Explorer

This page has an unspecified potential security risk.
Would you like to continue?

The dialog is displayed when the setting "Launching applications and unsafe files" is set to "Prompt" for the security zone that Windows / Internet Explorer believes itself to be operating in.

Changing the setting to "Enable" for the specific zone eliminates the dialog, while changing the setting to "Disable" produces a "Security Alert" dialog stating that "Your current security settings do not allow this action."



Madz said...

I have no idea why Microsoft is so intent on integrating their web browser into the OS. If they wouldn't blur the lines between a file manager and a web browser, then we wouldn't have to suffer this sort of security rubbish.

Why browsing files on the intranet should have anything at all to do with my web browser and it's settings is beyond me. There are other security measures in place to control network file access.

Anyway, this message is driving me crazy and I can't seem to get rid of it. I've tried changing my intranet zone settings in the way(s) suggested (ie set to Enable rather than Prompt and I've tried turning off auto detection) none of it makes any difference. I'm logging off after each change..... Any ideas? I'm accessing a UNC path like \\Server\Software\Office\OO_Dictionaries and trying to right-click on a Zip file (I haven't even got as far as opening it! Talk about ridiculous).

Anonymous said...

I just notice this bugger tonight when opening AIM. I never saw it before, but i can't get rid of it - it's stickier than fly paper. I had an automatic update last night - any possibility that this was the cause?

«/\/\Ø|ö±ò\/»®© said...

Hi, Madz.

Aw, c'mon. MS is actually decoupling the browser. :) See "Separation of Internet Explorer 7 from the Windows shell" in the MS KB. For example, in IE6, type "C:\temp" in the address bar and note what happens. Do the same thing in IE7. Different results. Or, in Windows Explorer, type in a URL. If you have IE6 installed, the Explorer window displays the web page. With IE7, the web browser displays the page.

I guess it's not really about network file access so much as it's about files from untrusted or less-trusted sources - presumably, if a file resides somewhere that is not local, it is less trustworthy.

I suspect the message is a result of the WinZip Explorer Shell Extension wanting to open the file when you right-click on it, and Explorer stepping in and warning based on settings for the current zone.

Changing from Prompt to Enable doesn't seem to work for you... Does the setting persist - between logoffs, does the setting stay at what you last set it to be? Are you changing the setting for the appropriate security zone (the one that Explorer lists in the status bar when you've browsed to [\\Server\Software\Office\OO_Dictionaries])?

«/\/\Ø|ö±ò\/»®© said...

Hi, Anonymous (DM? ;) )

Regarding the automatic update - it's hard to say if it's related. Was the AU IE7, perchance?

You get the message about an "Unspecified Potential Security Risk" when you open AIM. I don't use AIM, so my comments may not be applicable / accurate, but my initial take on it is that it would be odd if it was happening as a result of AIM displaying banners, at least if AIM is using Internet URLs for banner display. I guess it would depend on the mechanism AIM is using - if it's caching / "prefetching" (selected?) banners into a restricted area and displaying banners based on the path to the cached banner, then perhaps the message is expected. If some banners aren't displayed in this fashion, then that would seem to explain why the message isn't presented for each banner. Or perhaps AIM is somehow compressing banners in a ZIP or similar format, and programmatic extraction is triggering the message? What are your results if, as a test, you temporarily change the "Launching applications and unsafe files" setting for all security zones (Internet, Local intranet, Trusted sites, and Restricted sites) to "Enable", and then use AIM long enough to note if the message goes away? If it works, you can change the setting back one zone at a time and isolate which zone is triggering the message. Or, if the banners are a pain, you could change the setting to "Disable". Then, you'd just have to "OK" the "Your current security settings do not allow this action" dialog every time. ;)

If you wanted to investigate further, you might consider using Sysinternals' Process Monitor to monitor AIM when it's "acting up". Then you'll know what files in the filesystem are being accessed, and potentially identify what is triggering the message. You may also want to consider using Sysinternals' TCPView to see what remote connections AIM is making. If it's using standard HTTP, Fiddler (a HTTP Debugging Proxy) might aid in the discovery.

Anonymous said...

Hi «/\/\Ø|ö±ò\/»®©,

I tried resetting my security settings, still no good. I did find the resolution in simply choosing to turn on the "pop-up blocker" under privacy. Very weird. Thanks for your suggestions, it put me on the right track.

«/\/\Ø|ö±ò\/»®© said...

Interesting. Perhaps popup windows come into play with the way AIM displays banner ads, and blocking them takes care of the "unspecified potential security risk"...

Glad you got it working the way you want it to!

Eugene said...

Hey Guys, I have the same problem as the above person. Every time I start AIM, that message pops up. I have tried enabling the Launching applications and unsafe files on all security zones and it didn't solve the problem, I tried turning on pop-up blocker and still get the same message every time I start AIM. Is there anything else I can do to solve this?

Thanks for any advice.

«/\/\Ø|ö±ò\/»®© said...

Hi, Eugene.

You get the message every time you start AIM? Anonymous specifically indicated (privately) that it happened most of the time, but not always. I wonder if perhaps the situations are similar, but not entirely the same. At any rate, if the problem was happening to me, I would use the techniques outlined in my response to Anonymous to attempt to determine what's going on.

One other question (you may wish to address this first) - in the registry, what's the value of [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1806]? I expect it to be 0, 1, or 3. Actually, it should be 0, but if yours is set to 1 that may explain the behavior. Care to inspect and change if necessary? You will probably want to exit all instances of IE prior to making the change...

If that doesn't do anything, do the same thing at [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1806] (note this is HKEY_LOCAL_MACHINE as opposed to HKEY_CURRENT_USER).

Eugene said...

Yes the message appears every time I start AIM, well I actually noticed it appears every time, the AIM Today web page loads, because sometime it take a few seconds for that page to come up and the message appears right after the page comes up. The thing is in the AIM options you can choose not to have the AIM Today page load, which I did, but the IE message still comes up, so that page loading is what probably causes the message to come up. I tried going the registry editor and in the zones under the 0 folder the file 1806 when i right click and select modify it says the value data is 0. ( is that what you mean?) It's also zero in the second registry key that you mentioned to check.
I believe that the problem can simply be fixed by enabling something in the security folder of IE. And since it came on so suddenly one would think that this occurred after a windows update. Maybe enabling active X or .netframe will solve the problem.
I don't even use IE, I use Firefox, and only keep IE just in case a website doesn't load in firefox, or if I need to update windows.
It seems like IE is integrating and monitoring any program that access the internet, is there anyway to turn that off? I don't need the extra security, I run anti-spyware and anti-virus software weekly. I really don't use IE at all only basically to perform the updates.

Anyway if you think of anything else I can do or if there's anyway to just turn off the monitoring part of IE please let me know.

Also what I was thinking since this just started this past week, what if I just uninstall the updates one by one and see if that solves my problem. I have read on another sites that the security update KB921398, is what causes this error message to come up when trying to access the Temporary Internet Files Folder. I tried searching for that update on my computer and it's not there. But maybe some other update is causing this. What are your thoughts on that?

Thank you very much for all your help.

Eugene said...

Okay after my previous post I started looking around the security option on IE and saw that there's a tab for "trusted sites" I simply added the aim today website to that list, and now the IE message doesn't come up anymore. Thanks again for your help.
I knew it was something simple.


«/\/\Ø|ö±ò\/»®© said...

Hi, Eugene.

Glad you figured it out. Seems odd that adding the site to the Trusted Sites zone would take care of things, especially if the "Launching applications and unsafe files" setting was set to enabled for all zones. Perhaps there is another setting that impacts the display of the "Unspecified Potential Security Risk" message that has a default that differs between the Trusted Sites zone and the zone the AIM Today website had previously been in. The "Launching applications and unsafe files" setting certainly had an impact on the problem I was experiencing... In spare time (heh, heh, heh), I may grab AIM and see if I can get the message to come up, and then figure out what settings have an impact on its display.

James H said...

Another Possible Solution: