If you are supporting a WinXP and/or Server 2003 environment you can use a tool such as 'Exe to MSI Converter' to wrap the executable in an MSI package and deploy via GPO.
'Exe to MSI Converter' can be found here. http://www.qwertylab.com/FreeTools.aspx -Jeff On Thu, Aug 26, 2010 at 2:41 AM, HELP_PC <g...@enter.it> wrote: > Can you explain to me how to apply it ? Launch the MS file locally and > revisit the registry ? Is it doable through GPO? > > TIA > > *GuidoElia* > *HELPPC* > > > ------------------------------ > *Da:* Carl Houseman [mailto:c.house...@gmail.com] > *Inviato:* giovedì 26 agosto 2010 8.21 > > *A:* NT System Admin Issues > *Oggetto:* RE: Insecure Library Loading Vulnerability > > I don't see where MS advised that "many things" may not work after > implementing the 2264107 patch. I just re-read the security advisory and > there is no "impact of workaround" mentioned for the patch. In short, MS > has fairly much implied that the patch is without severe consequences. > > > > You should test the 2264107 patch with your chosen registry setting(s) that > enable the patch, just the same as you would test any security patch, before > putting it into production. > > > > Carl > > > > *From:* HELP_PC [mailto:g...@enter.it] > *Sent:* Thursday, August 26, 2010 1:29 AM > *To:* NT System Admin Issues > *Subject:* R: Insecure Library Loading Vulnerability > > > > You are right! The problem is not I don't like the workaround but the > unknown results I can get in a network. MS advices many things may not work > after. ( Or did I misunderstand?) > > > > *GuidoElia* > > *HELPPC* > > > > > ------------------------------ > > *Da:* Carl Houseman [mailto:c.house...@gmail.com] > *Inviato:* giovedì 26 agosto 2010 7.19 > *A:* NT System Admin Issues > *Oggetto:* RE: Insecure Library Loading Vulnerability > > And these as well: Firefox, Dreamweaver, Opera, Teamviewer, VLC Media > player, Avast, Camtasia, SnagIt, Live Mail, Powerpoint. > > > > And those are likely just the beginning. I'd expect the number to get to > 100's of apps. > > > > As for remedy, you either wait for the apps be updated or patched with > secure DLL loading code, or you implement the workaround patch from > Microsoft that you don't like. > > > > Carl > > > > *From:* HELP_PC [mailto:g...@enter.it] > *Sent:* Thursday, August 26, 2010 1:04 AM > *To:* NT System Admin Issues > *Subject:* Insecure Library Loading Vulnerability > > > > > > According to Secunia already found vulnerabilities on Windows Address Book > and Office Groove. > Are we going to an out of band remedy ? > > *GuidoElia* > *HELPPC* > > > > > > > > > > > > > > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~