Is there a script out there to move contacts entered in a specific OU and different distribution groups to EXCH's Public Folders? It's a weird request by a client!
Alex -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alex Alborzfard Sent: Tuesday, August 29, 2006 2:43 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Microsoft Security Bulletin MS06-041 Vulnerability in DNS Resolution Could Allow Remote Code Execution Oddly enough today we got hit by a virus(worm actually) that had exploited MS-06-040 vulnerability. Our AV (Trend) didn't catch it in time. Though I brought it up to my boss & fellow Admins' attention more than 2 weeks ago, they decided to ignore it! We ended up going around with the helpdesk team to clean the mess up. I'm sure it'll be swept under the rug! Alex -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Sent: Friday, August 11, 2006 1:05 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Microsoft Security Bulletin MS06-041 Vulnerability in DNS Resolution Could Allow Remote Code Execution ..and plant that flag and get it raised. You cannot protect what is not managed. Alex Alborzfard wrote: > Yes I'm aware of both tools. WSUS requires dedicated server and > configuration. > MBSA doesn't list installed patches, date of application, versions, etc. > It basically tells you what is missing. > I was talking about a tool that I can run from my PC, which I have used > in the past. I think you could also remove the patch or roll it back > right from the interface. For some reason I thought it was Windows > Defender, but I installed it and it doesn't have that capability. > > No I'm not managing patching in our networks...well not yet anyway! > I'm just trying to raise the flags, so to speak. > > Alex > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley, > CPA aka Ebitz - SBS Rocks [MVP] > Sent: Friday, August 11, 2006 11:53 AM > To: ActiveDir@mail.activedir.org > Subject: Re: [ActiveDir] Microsoft Security Bulletin MS06-041 > Vulnerability in DNS Resolution Could Allow Remote Code Execution > > E-Bitz - SBS MVP the Official Blog of the SBS "Diva" : The threats and > risk level today: > http://msmvps.com/blogs/bradley/archive/2006/08/10/107303.aspx > > > Alun's "Holy Crap" post: > Tales from the Crypto : How do I rate today's patches?: > http://msmvps.com/blogs/alunj/archive/2006/08/08/107097.aspx > > > MBSA -http://www.microsoft.com/technet/security/tools/mbsahome.mspx > > WSUS - > http://www.microsoft.com/windowsserversystem/updateservices/default.mspx > > You are managing patching in your networks now right? > > Alex Alborzfard wrote: > >> Thanks John this is really helpful, though only for this >> > vulnerability. > >> Alex >> >> -----Original Message----- >> From: [EMAIL PROTECTED] >> [mailto:[EMAIL PROTECTED] On Behalf Of John Singler >> Sent: Friday, August 11, 2006 11:22 AM >> To: ActiveDir@mail.activedir.org >> Subject: Re: [ActiveDir] Microsoft Security Bulletin MS06-041 >> Vulnerability in DNS Resolution Could Allow Remote Code Execution >> >> For MS06-040 you can use the tool from eeye.com to ID vulnerable >> machines: >> >> http://www.eeye.com/html/resources/downloads/audits/NetApi.html >> >> Alex Alborzfard wrote: >> >> >>> What about MS06-040? I've heard it's a nasty one like blaster. >>> DHS has already issued a recommendation to apply this patch. >>> >>> I remember using a utility tool that would list all applied patches >>> > on > >>> >>> >> a >> >> >>> Windows box with all kind of information. >>> Anyone has ever used or knows anything about it? >>> >>> Alex >>> -----Original Message----- >>> From: [EMAIL PROTECTED] >>> [mailto:[EMAIL PROTECTED] On Behalf Of Susan >>> >>> >> Bradley, >> >> >>> CPA aka Ebitz - SBS Rocks [MVP] >>> Sent: Tuesday, August 08, 2006 1:55 PM >>> To: ActiveDir@mail.activedir.org >>> Subject: [ActiveDir] Microsoft Security Bulletin MS06-041 >>> >>> >> Vulnerability >> >> >>> in DNS Resolution Could Allow Remote Code Execution >>> >>> One of 12 today...but since it's DNS related >>> >>> Microsoft Security Bulletin MS06-041 Vulnerability in DNS Resolution >>> Could Allow Remote Code Execution (920683): >>> http://www.microsoft.com/technet/security/Bulletin/MS06-041.mspx >>> >>> For an attack to be successful the attacker would either have to be >>> > on > >>> >>> >> a >> >> >>> subnet between the host and the DNS server or force the target host >>> > to > >>> >>> >> >> >>> make a DNS request to receive a specially crafted record response >>> > from > >>> >>> >> >> >>> an attacking server. >>> >>> (and Brett...just a FYI... in my twig forest... any attacker that >>> > ends > >>> >>> >> >> >>> up on a subnet between a host and my DNS server [aka the Kitchen sink >>> > > >>> service server] ... that attacker is dead meat and has a 2x4 aimed >>> > his > >>> >>> >> >> >>> way... one advantage of being little) >>> >>> Your patch folks may be calling up you AD guys for testing passes. >>> >>> Workarounds: >>> >>> *Block DNS related records at network gateways* >>> >>> Blocking the following DNS record types at network gateways will help >>> > > >>> protect the affected system from attempts to exploit this >>> >>> >> vulnerability. >> >> >>> * >>> >>> ATMA >>> >>> * >>> >>> TXT >>> >>> * >>> >>> X25 >>> >>> >> List info : http://www.activedir.org/List.aspx >> List FAQ : http://www.activedir.org/ListFAQ.aspx >> List archive: http://www.activedir.org/ml/threads.aspx >> List info : http://www.activedir.org/List.aspx >> List FAQ : http://www.activedir.org/ListFAQ.aspx >> List archive: http://www.activedir.org/ml/threads.aspx >> >> >> > > -- Letting your vendors set your risk analysis these days? http://www.threatcode.com If you are a SBSer and you don't subscribe to the SBS Blog... man ... I will hunt you down... http://blogs.technet.com/sbs List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
