Nothing really, was just seeing if someone knew about a tool that did this already before I created my script.
Dave From: Carl Houseman [mailto:c.house...@gmail.com] Sent: Wednesday, July 08, 2009 7:41 AM To: NT System Admin Issues Subject: RE: New IE zero day exploit in the wild If you're comfortable writing in Kix, what's stopping you? I'd do it with for /f + list-of-computers + psexec + reg query. You don't have to look for all of the reg keys, the existence of just 1 means the workaround got installed. Carl From: David Lum [mailto:david....@nwea.org] Sent: Wednesday, July 08, 2009 10:24 AM To: NT System Admin Issues Subject: RE: New IE zero day exploit in the wild You are correct of course, I stand corrected on my terminology. However, like I said, I have 400 systems and I'd rather not manually look at 400 registries to know I'm covered. The only thing that comes to mind is creating a KiX script that looks for the key values and sends output to a common .CSV file. Dave From: Carl Houseman [mailto:c.house...@gmail.com] Sent: Tuesday, July 07, 2009 2:51 PM To: NT System Admin Issues Subject: RE: New IE zero day exploit in the wild What patch? Killbit workaround is not a patch. Open the registry and look for the registry keys. Carl From: David Lum [mailto:david....@nwea.org] Sent: Tuesday, July 07, 2009 5:49 PM To: NT System Admin Issues Subject: RE: New IE zero day exploit in the wild Anyone know how to confirm this patch is applied? Any tools around yet? I'd just as soon not manually check 4 or 5 machines sand assume all 400 are OK...and if I don't have to write my own script to check 'em, all the better... David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
