R: Insecure Library Loading Vulnerability

Wed, 25 Aug 2010 23:42:14 -0700 

Can you explain to me how to apply it ? Launch the MS file locally and revisit 
the registry ? Is it doable through GPO?
 
TIA
 
GuidoElia
HELPPC
 

  _____  

Da: Carl Houseman [mailto:c.house...@gmail.com] 
Inviato: giovedì 26 agosto 2010 8.21
A: NT System Admin Issues
Oggetto: RE: Insecure Library Loading Vulnerability



I don't see where MS advised that "many things" may not work after implementing 
the 2264107 patch.  I just re-read the security advisory and there is no 
"impact of workaround" mentioned for the patch.  In short, MS has fairly much 
implied that the patch is without severe consequences.

 

You should test the 2264107 patch with your chosen registry setting(s) that 
enable the patch, just the same as you would test any security patch, before 
putting it into production.

 

Carl

 

From: HELP_PC [mailto:g...@enter.it] 
Sent: Thursday, August 26, 2010 1:29 AM
To: NT System Admin Issues
Subject: R: Insecure Library Loading Vulnerability

 

You are right! The problem is not I don't like the workaround but the unknown 
results I can get in a network. MS advices many things may not work after. ( Or 
did I misunderstand?)

 

GuidoElia

HELPPC

 

 

  _____  

Da: Carl Houseman [mailto:c.house...@gmail.com] 
Inviato: giovedì 26 agosto 2010 7.19
A: NT System Admin Issues
Oggetto: RE: Insecure Library Loading Vulnerability

And these as well:  Firefox, Dreamweaver, Opera, Teamviewer, VLC Media player, 
Avast, Camtasia, SnagIt, Live Mail, Powerpoint.

 

And those are likely just the beginning. I'd expect the number to get to 100's 
of apps.

 

As for remedy, you either wait for the apps be updated or patched with secure 
DLL loading code, or you implement the workaround patch from Microsoft that you 
don't like.

 

Carl

 

From: HELP_PC [mailto:g...@enter.it] 
Sent: Thursday, August 26, 2010 1:04 AM
To: NT System Admin Issues
Subject: Insecure Library Loading Vulnerability

 

 

According to Secunia already found vulnerabilities on Windows Address Book and 
Office Groove. 
Are we going to an out of band remedy ? 

GuidoElia 
HELPPC 

 

 

 

 

 

 

 


 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Reply via email to