I know why they don't validate the signature - because many computers are not Internet connected. This is an ongoing issue in Exchange 2007 that has some validated assemblies which require authorization. An upcoming UR of 2007 will remove that requirement on those assemblies - because people bitch moan and complain about it.
Regards, Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP My blog: http://TheEssentialExchange.com/blogs/michael Link with me at: http://www.linkedin.com/in/theessentialexchange From: Ziots, Edward [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 18, 2008 10:16 AM To: NT System Admin Issues Subject: RE: New .NET Rootkits are you safe? Yep they metioned that also, in the slides, and I figured it makes sense. A lot of folks are logged on as administrators of there computers sometimes, browsing internet, etc, so one-drive by exploit, a Trojan dropper, putting there trojanized dll in the GAC is a pretty sinister exploit. God knows what they are going to think of next. Honestly, those library should be signed and the if the signature isn't from Microsoft ( Versign CA signed and validated) it should be removed from the system and reinstalled from trusted media, but from first read it doesn't seem like that is what M$ is doing there, unless I am not understanding Ngen right ( its early, and I been patching since 4:00am est) Z Edward E. Ziots Network Engineer Lifespan Organization Email: [EMAIL PROTECTED] Phone: 401-639-3505 MCSE, MCP+I, ME, CCA, Security +, Network + _____ From: Michael B. Smith [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 18, 2008 8:49 AM To: NT System Admin Issues Subject: RE: New .NET Rootkits are you safe? It's post-exploitation, i.e., you must already have been hacked to do this. It's a payload, not a direct exploitation itself. It requires Administrative privileges. It isn't unique to .NET; Java is just as vulnerable. I remember MSIL injection discussed before .NET languages were ever released. But yes, still a little scary. Regards, Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP My blog: http://TheEssentialExchange.com/blogs/michael Link with me at: http://www.linkedin.com/in/theessentialexchange From: Ziots, Edward [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 18, 2008 8:06 AM To: NT System Admin Issues Subject: New .NET Rootkits are you safe? http://www.applicationsecurity.co.il/english/NETFrameworkRootkits/tabid/161/ Default.aspx Some scary stuff J Z Edward E. Ziots Network Engineer Lifespan Organization Email: [EMAIL PROTECTED] Phone: 401-639-3505 MCSE, MCP+I, ME, CCA, Security +, Network + _____ From: Robert Cato [mailto:[EMAIL PROTECTED] Sent: Monday, November 17, 2008 6:19 PM To: NT System Admin Issues Subject: Re: Adobe Acrobat won't convert files to PDF after MS Update ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
