I didn't forget, I read the patch documentation thoroughly. With registry value=2, if the app is run from a network share then loading DLLs from a network share is *allowed*.
I guess that means vulnerable apps running from a network share aren't protected by the patch with registry value=2. But keeping in mind that attackers will look for the vulnerable apps that are most popular, your ERP software probably isn't at risk unless your business is being specifically targeted by an attacker. Carl -----Original Message----- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Thursday, August 26, 2010 11:11 AM To: NT System Admin Issues Subject: Re: Insecure Library Loading Vulnerability On Thu, Aug 26, 2010 at 11:05 AM, Carl Houseman <c.house...@gmail.com> wrote: > Never mind, and Outlook's behavior (assuming it does need .DLLs from the CWD) > isn't significant to the problem at hand. I doubt that any COTS app will > break with the Microsoft patch installed and system-wide registry setting=2. You forget about all the COTS software designed to run from a network share. I'm guessing CWDIllegalInDllSearch=2 will break our ERP system. Granted, our ERP system is a case study in bad software design, but there's a lot of that out there... -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
