I am beating my TAM and his MGR over the head right now, trying to find out if the ACTIVE X 0 day is going to be included in next Tuesdays patches, for his sake he better hope so, or there is going to be some hate-mail coming his way.
Z Edward Ziots Network Engineer Lifespan Organization MCSE,MCSA,MCP+I, ME, CCA, Security +, Network + ezi...@lifespan.org Phone:401-639-3505 ________________________________ From: paul chinnery [mailto:pdw1...@hotmail.com] Sent: Thursday, July 09, 2009 3:27 PM To: NT System Admin Issues Subject: RE: New IE zero day exploit in the wild Thanks. I am so forwarding this to our Clincal Analyst; she's a licensed RN who use to work in CCU. > Date: Thu, 9 Jul 2009 11:44:54 -0700 > Subject: Re: New IE zero day exploit in the wild > From: kurt.b...@gmail.com > To: ntsysadmin@lyris.sunbelt-software.com > > Since I don't work with doctors in my capacity of IT geek, I don't > know for sure. However, I was married to a critical care nurse for 7 > years, and I'll put my money on the doctors. > > Heh. > > On Thu, Jul 9, 2009 at 05:04, paul chinnery<pdw1...@hotmail.com> wrote: > > A third of my users are doctors. I wonder which group is harder to work > > with: engineers or doctors? > > > >> Date: Wed, 8 Jul 2009 11:51:09 -0700 > >> Subject: Re: New IE zero day exploit in the wild > >> From: kurt.b...@gmail.com > >> To: ntsysadmin@lyris.sunbelt-software.com > >> > >> Truth. However, there are also political and training issues. > >> > >> 1) We haven't, as a company (nor within IT) figured out how to make > >> our standard apps work under under non-admin accounts. This will take > >> time and resources to figure out, and then further time and resources > >> to figure out how to "productionise" the application of these settings > >> and apply them across the domain, including two offices overseas. > >> > >> 2) A large portion of our users are engineers who have a rabid > >> aversion to the idea that they can't be admins on their own boxes. I'm > >> in the (multi-year!) process of simply trying to convince engineering > >> managers that none of the staff need two NICs in their boxes - one for > >> the production LAN and one for the test/dev LAN. > >> > >> 3) The overseas offices are also politically resistant to this idea. > >> > >> While I agree that the load would be lessened, and we'd have a much > >> better managed and more secure environment, this is not a trivial > >> effort, and at times I despair. But, I persist, and have it as a goal > >> to work toward this fiscal year. > >> > >> The first step is to get signoff by company management, in the form of > >> an actual policy - something of which there are no good examples. > >> There are practices and recommendations regarding IT, but very little > >> in the way of a real IT policy that has been agreed to by management. > >> > >> Kurt > >> > >> On Wed, Jul 8, 2009 at 07:52, Jonathan Link<jonathan.l...@gmail.com> > >> wrote: > >> > After taking local admin rights away from users my plate is less full. > >> > YMMV. > >> > > >> > On Wed, Jul 8, 2009 at 10:47 AM, Kurt Buff <kurt.b...@gmail.com> wrote: > >> >> > >> >> Yes, unfortunately, all our users are admins. It sucks, but I use it > >> >> to my advantage when I can. > >> >> > >> >> The reason we've not done a GP is because we haven't had the luxury of > >> >> studying to understand them. Our plates always seem to be full with > >> >> other things. > >> >> > >> >> On Tue, Jul 7, 2009 at 19:04, Ken Schaefer<k...@adopenstatic.com> wrote: > >> >> > Are all your users admins? Otherwise, how is that logon script going > >> >> > to > >> >> > update HKLM? > >> >> > > >> >> > Machine-based startup script would be better idea, no? > >> >> > > >> >> > Cheers > >> >> > Ken > >> >> > > >> >> > ________________________________________ > >> >> > From: Kurt Buff [kurt.b...@gmail.com] > >> >> > Sent: Wednesday, 8 July 2009 2:41 AM > >> >> > To: NT System Admin Issues > >> >> > Subject: Re: New IE zero day exploit in the wild > >> >> > > >> >> > I'm just pushing out the .reg file in the login script: > >> >> > > >> >> > regedit /s \\fileserver\public\patches\videokillbits.reg > >> >> > > >> >> > The file was easy to create, in a capable editor (not notepad or > >> >> > wordpad) that allows metacharacter search and replace, such as '\n' > >> >> > for CRLF and '\t' for tab. I used the ancient, no-longer-supported > >> >> > PFE32. I really should switch to VIM, I suppose. > >> >> > > >> >> > On Tue, Jul 7, 2009 at 08:40, Eric > >> >> > Wittersheim<eric.wittersh...@gmail.com> wrote: > >> >> >> I'm pushing out the .reg via GP. So far so good. > >> >> >> > >> >> >> On Tue, Jul 7, 2009 at 10:38 AM, David Lum <david....@nwea.org> > >> >> >> wrote: > >> >> >>> > >> >> >>> The "Microsoft fix-it" is an MSI that I am pushing via SMS and is > >> >> >>> pushing > >> >> >>> fine (so far just a few test cases have it, but no issues). Beats > >> >> >>> trying to > >> >> >>> push out a .REG or something... > >> >> >>> > >> >> >>> > >> >> >>> > >> >> >>> David Lum // SYSTEMS ENGINEER > >> >> >>> NORTHWEST EVALUATION ASSOCIATION > >> >> >>> (Desk) 971.222.1025 // (Cell) 503.267.9764 > >> >> >>> > >> >> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > >> >> > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > >> >> > > >> >> > > >> >> > >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > >> >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > >> >> > >> > > >> > > >> > > >> > > >> > >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > >> > > > > ________________________________ > > Insert movie times and more without leaving Hotmail(r). See how. > > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > ________________________________ Windows Live(tm): Keep your life in sync. Check it out. <http://windowslive.com/explore?ocid=TXT_TAGLM_WL_BR_life_in_synch_06200 9> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~