And this will let WSUS work where the GPO didn't..

From: Joe Tinney [mailto:jtin...@lastar.com]
Sent: Friday, July 10, 2009 9:32 AM
To: NT System Admin Issues
Subject: RE: IE zero day exploit Microsoft new for 1+ yrs of this flaw

That's the feeling I got from the MSRC Team blog..

"Customers who have already implemented the killbits manually or through the 
FixIt workaround won't need to implement next week's security update, though we 
recommend that you apply the update to ensure that reporting accurately shows 
that the systems are fully protected."

http://blogs.technet.com/msrc/archive/2009/07/09/questions-about-timing-and-microsoft-security-advisory-972890.aspx

From: Carl Houseman [mailto:c.house...@gmail.com]
Sent: Friday, July 10, 2009 11:54 AM
To: NT System Admin Issues
Subject: RE: IE zero day exploit Microsoft new for 1+ yrs of this flaw

They're probably just setting the same killbits that most of us already did 
this week.

Carl

From: Rob Bonfiglio [mailto:robbonfig...@gmail.com]
Sent: Friday, July 10, 2009 10:08 AM
To: NT System Admin Issues
Subject: Re: IE zero day exploit Microsoft new for 1+ yrs of this flaw

It won't be.  They say so in the article.
On Fri, Jul 10, 2009 at 9:55 AM, HELP_PC <g...@enter.it<mailto:g...@enter.it>> 
wrote:


And who will assure us that Tuesday patches will be really definitive ?

GuidoElia
HELPPC


________________________________
Da: Rob Bonfiglio [mailto:robbonfig...@gmail.com<mailto:robbonfig...@gmail.com>]
Inviato: venerdì 10 luglio 2009 14.56
A: NT System Admin Issues
Oggetto: Re: IE zero day exploit Microsoft new for 1+ yrs of this flaw
I'm not defending them....not knowing much about how the attack works it's hard 
for me to defend them; 16-18 months does seem like an excessive amount of time. 
 But the fact that one of the discoverers of the vulnerability did kind of 
defend them in the article should be taken into account.  This is a quote from 
the article:

Although Reavey declined to get specific today, Smith, one of the researchers 
who reported the vulnerability, hinted at reasons. "The nature of this flaw is 
sort of unique," he said. "The mechanics of this are sort of unique as well. It 
was those unique qualities that required more time than Microsoft would 
normally need."

Smith refused to criticize Microsoft for not patching sooner. "All along the 
way, they've told me how far things have progressed," he said of Microsoft's 
security team. "They would ping me every time they reached a milestone on the 
fix."
On Fri, Jul 10, 2009 at 8:37 AM, Ziots, Edward 
<ezi...@lifespan.org<mailto:ezi...@lifespan.org>> wrote:
http://www.computerworld.com/s/article/9135370/Microsoft_admits_it_knew_of_critical_IE_bug_in_early_08?source=CTWNLE_nlt_dailyam_2009-07-10

You know this type of stuff really burns me up, they knew since early 08 of 
this flaw, and did nothing about it, to fix it and get a patch out. No they 
gotta wait till hackers start exploiting this on a mass scale, and then they 
start paying attention. Scary part is how many other exploits do they know 
about that could have system-compromise type payloads, and haven't done 
anything about it.

Again another PR nightmare and another black-eye for M$ because of there lack 
of due-diligence, has put customers at risk.

Now note the fix is supposed to be coming out Tuesday for the various reported 
flaws ( including the last 2 IE ones) but it's a little too late when the bad 
guys already have plowed through thousands of computers and websites, with 
there exploits, and now those machines are apart of botnets, that are probably 
behind the spamming, and DDOS/DOS of GOVT sites, which has been posted on ISC 
from SANS.

Any thoughts folks? Tell yeah TAM's

Z


Edward Ziots
Network Engineer
Lifespan Organization
MCSE,MCSA,MCP+I, ME, CCA, Security +, Network +
ezi...@lifespan.org<mailto:ezi...@lifespan.org>
Phone:401-639-3505
________________________________________
From: Eric Wittersheim 
[mailto:eric.wittersh...@gmail.com<mailto:eric.wittersh...@gmail.com>]
Sent: Thursday, July 09, 2009 6:35 PM
To: NT System Admin Issues
Subject: Re: Trend Micro and IE zero day exploit

hmm, makes me wonder if OpenDNS is offering something like this.  I think I'll 
take a look.
On Thu, Jul 9, 2009 at 5:07 PM, Devin Meade 
<devin.me...@gmail.com<mailto:devin.me...@gmail.com>> wrote:
FYI - If you have Trend Micro Office Scan and are using the web reputation 
feature, you are covered:

http://us.trendmicro.com/us/threats/microsoft-mpeg-vulnerability/index.html
"Trend Micro products with Web Reputation technology currently block malicious 
URLs associated with this exploit."

-- Devin






~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~























~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Reply via email to