RE: New IE zero day exploit in the wild

Piled Higher and Deeper. From: Rob Bonfiglio [mailto:robbonfig...@gmail.com] Sent: Friday, July 10, 2009 9:22 AM To: NT System Admin Issues Subject: Re: New IE zero day exploit in the wild Exactly! I don't know what happens when they give out the PhD'sbut a good 85% of

Re: New IE zero day exploit in the wild

all facets of life. >> >> On Fri, Jul 10, 2009 at 11:18 AM, Ziots, Edward >> wrote: >> >> Below Dr and Above Lawyers, because you can’t go lower than the bottom ( >> Lawyers) >> >> >> >> Z >> >> >> >> Edwar

Re: New IE zero day exploit in the wild

o:robbonfig...@gmail.com] > *Sent:* Friday, July 10, 2009 11:40 AM > > *To:* NT System Admin Issues > *Subject:* Re: New IE zero day exploit in the wild > > > > I've worked in EDU quite a bit, but never for an MD or a lawyer. But from > what I've heard, I'd

RE: New IE zero day exploit in the wild

[mailto:robbonfig...@gmail.com] Sent: Friday, July 10, 2009 11:40 AM To: NT System Admin Issues Subject: Re: New IE zero day exploit in the wild I've worked in EDU quite a bit, but never for an MD or a lawyer. But from what I've heard, I'd probably have to agree. The PhD'

Re: New IE zero day exploit in the wild

ME, CCA, Security +, Network + > > ezi...@lifespan.org > > Phone:401-639-3505 > -- > > *From:* Devin Meade [mailto:devin.me...@gmail.com] > *Sent:* Thursday, July 09, 2009 5:09 PM > *To:* NT System Admin Issues > *Subject:* Re: New IE zero day exploi

RE: New IE zero day exploit in the wild

Meade [mailto:devin.me...@gmail.com] Sent: Thursday, July 09, 2009 5:09 PM To: NT System Admin Issues Subject: Re: New IE zero day exploit in the wild Where do your rate Grad School Professors? Below or above Dr's and/or Lawyers (grin)? On Thu, Jul 9, 2009 at 4:06 PM, Kurt Buff wrote: Yeah, w

RE: New IE zero day exploit in the wild

See also: Alec Baldwin in Malice. -sc -Original Message- From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Thursday, July 09, 2009 3:52 PM To: NT System Admin Issues Subject: RE: New IE zero day exploit in the wild +1 (Agreed) When you tend to play GOD for a living, which

Re: New IE zero day exploit in the wild

a >> > licensed RN >> > who use to work in CCU. >> > >> >> Date: Thu, 9 Jul 2009 11:44:54 -0700 >> >> Subject: Re: New IE zero day exploit in the wild >> >> From: kurt.b...@gmail.com >> >> To: ntsysadmin@lyris.sunbelt-softwar

Re: New IE zero day exploit in the wild

9 at 12:27, paul chinnery wrote: > > Thanks. I am so forwarding this to our Clincal Analyst; she's a licensed > RN > > who use to work in CCU. > > > >> Date: Thu, 9 Jul 2009 11:44:54 -0700 > >> Subject: Re: New IE zero day exploit in the wild > >> From:

Re: New IE zero day exploit in the wild

11:44:54 -0700 >> Subject: Re: New IE zero day exploit in the wild >> From: kurt.b...@gmail.com >> To: ntsysadmin@lyris.sunbelt-software.com >> >> Since I don't work with doctors in my capacity of IT geek, I don't >> know for sure. However, I was marrie

RE: New IE zero day exploit in the wild

al Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Thursday, July 09, 2009 3:21 PM To: NT System Admin Issues Subject: Re: New IE zero day exploit in the wild On Thu, Jul 9, 2009 at 8:04 AM, paul chinnery wrote: > A third of my users are doctors.  I wonder which group is harder to

RE: New IE zero day exploit in the wild

I, ME, CCA, Security +, Network + ezi...@lifespan.org Phone:401-639-3505 -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Thursday, July 09, 2009 3:21 PM To: NT System Admin Issues Subject: Re: New IE zero day exploit in the wild On Thu, Jul 9, 2009 at 8:04 AM,

RE: New IE zero day exploit in the wild

Organization MCSE,MCSA,MCP+I, ME, CCA, Security +, Network + ezi...@lifespan.org Phone:401-639-3505 From: paul chinnery [mailto:pdw1...@hotmail.com] Sent: Thursday, July 09, 2009 3:27 PM To: NT System Admin Issues Subject: RE: New IE zero day exploit in the wild

Re: New IE zero day exploit in the wild

They would call it precise. On Thu, Jul 9, 2009 at 3:21 PM, Ben Scott wrote: > On Thu, Jul 9, 2009 at 8:04 AM, paul chinnery wrote: > > A third of my users are doctors. I wonder which group is harder to work > > with: engineers or doctors? > > Doctors. Engineers know they're being arrogant. >

RE: New IE zero day exploit in the wild

Thanks. I am so forwarding this to our Clincal Analyst; she's a licensed RN who use to work in CCU. > Date: Thu, 9 Jul 2009 11:44:54 -0700 > Subject: Re: New IE zero day exploit in the wild > From: kurt.b...@gmail.com > To: ntsysadmin@lyris.sunbelt-software.com > >

Re: New IE zero day exploit in the wild

On Thu, Jul 9, 2009 at 8:04 AM, paul chinnery wrote: > A third of my users are doctors.  I wonder which group is harder to work > with: engineers or doctors? Doctors. Engineers know they're being arrogant. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~

Re: New IE zero day exploit in the wild

der which group is harder to work > with: engineers or doctors? > >> Date: Wed, 8 Jul 2009 11:51:09 -0700 >> Subject: Re: New IE zero day exploit in the wild >> From: kurt.b...@gmail.com >> To: ntsysadmin@lyris.sunbelt-software.com >> >> Truth. Howeve

Re: New IE zero day exploit in the wild

Sent: Thursday, July 09, 2009 8:04 AM Subject: RE: New IE zero day exploit in the wild A third of my users are doctors. I wonder which group is harder to work with: engineers or doctors? > Date: Wed, 8 Jul 2009 11:51:09 -0700 > Subject: Re: New IE zero day exploit in the wild

RE: New IE zero day exploit in the wild

ATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 -Original Message- From: Richard Stovall [mailto:richard.stov...@researchdata.com] Sent: Thursday, July 09, 2009 8:11 AM To: NT System Admin Issues Subject: RE: New IE zero day exploit in the wild I've deployed a startup script via Gr

RE: New IE zero day exploit in the wild

I've deployed a startup script via Group Policy to a couple of machines in a test OU that successfully sets the killbit for all 45 CLSIDs relevant to this vulnerability. I'm about ready to link it to our production OUs, but wanted to ask if anyone has experienced any negative consequences after

RE: New IE zero day exploit in the wild

may not be representative, but not a one of them would I consider the typical lawyer snake. Dave From: Jon Harris [mailto:jk.har...@gmail.com] Sent: Thursday, July 09, 2009 5:16 AM To: NT System Admin Issues Subject: Re: New IE zero day exploit in the wild Depends on the engineering type. I know

RE: New IE zero day exploit in the wild

chinnery [mailto:pdw1...@hotmail.com] Sent: Thursday, July 09, 2009 8:05 AM To: NT System Admin Issues Subject: RE: New IE zero day exploit in the wild A third of my users are doctors. I wonder which group is harder to work with: engineers or doctors? > Date: Wed, 8 Jul 2009 11:51:09 -0

Re: New IE zero day exploit in the wild

nnery wrote: > > > > Subject: RE: New IE zero day exploit in the wild > > Date: Wed, 8 Jul 2009 14:56:01 -0400 > > From: don.gu...@prufoxroach.com > > To: ntsysadmin@lyris.sunbelt-software.com > > > > We're going through something similar right now

RE: New IE zero day exploit in the wild

> Subject: RE: New IE zero day exploit in the wild > Date: Wed, 8 Jul 2009 14:56:01 -0400 > From: don.gu...@prufoxroach.com > To: ntsysadmin@lyris.sunbelt-software.com > > We're going through something similar right now. Although, not "everyone" is > a loca

RE: New IE zero day exploit in the wild

A third of my users are doctors. I wonder which group is harder to work with: engineers or doctors? > Date: Wed, 8 Jul 2009 11:51:09 -0700 > Subject: Re: New IE zero day exploit in the wild > From: kurt.b...@gmail.com > To: ntsysadmin@lyris.sunbelt-software.com > > Truth.

Re: New IE zero day exploit in the wild

I took that list of CLSIDs, and used PFE32 to search and replace '{' with '[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{' I then did a search and replace of '}' with '}]\n"Compatibility Flags"=dword:0400' Note the \n at the beginning -

RE: New IE zero day exploit in the wild

ilto:kurt.b...@gmail.com] Sent: Wednesday, July 08, 2009 2:51 PM To: NT System Admin Issues Subject: Re: New IE zero day exploit in the wild Truth. However, there are also political and training issues. 1) We haven't, as a company (nor within IT) figured out how to make our standard ap

Re: New IE zero day exploit in the wild

sed startup script would be better idea, no? >> > >> > Cheers >> > Ken >> > >> > ________________ >> > From: Kurt Buff [kurt.b...@gmail.com] >> > Sent: Wednesday, 8 July 2009 2:41 AM >> > To: NT System Adm

Re: New IE zero day exploit in the wild

ent:* Wednesday, July 08, 2009 10:53 AM > *To:* NT System Admin Issues > *Subject:* Re: New IE zero day exploit in the wild > > After taking local admin rights away from users my plate is less full. > YMMV. > > On Wed, Jul 8, 2009 at 10:47 AM, Kurt Buff wrote: > >> Ye

RE: New IE zero day exploit in the wild

+1 Phillip Partipilo Parametric Solutions Inc. Jupiter, Florida (561) 747-6107 _ From: Jonathan Link [mailto:jonathan.l...@gmail.com] Sent: Wednesday, July 08, 2009 10:53 AM To: NT System Admin Issues Subject: Re: New IE zero day exploit in the wild After taking local admin

RE: New IE zero day exploit in the wild

Also, the FixIt works under Vista when run interactively. From: Carl Houseman [mailto:c.house...@gmail.com] Sent: Wednesday, July 08, 2009 12:07 PM To: NT System Admin Issues Subject: RE: New IE zero day exploit in the wild My mistake, I actually did the testing under XP, and David Lum

RE: New IE zero day exploit in the wild

My mistake, I actually did the testing under XP, and David Lum just confirmed in a separate post it doesn't work under XP. Carl From: Jon Harris [mailto:jk.har...@gmail.com] Sent: Wednesday, July 08, 2009 11:50 AM To: NT System Admin Issues Subject: Re: New IE zero day exploit in the

RE: New IE zero day exploit in the wild

:47 AM To: NT System Admin Issues Subject: RE: New IE zero day exploit in the wild Couple of questions about this: Where does the slayocx.vbs (that gets called by your .cmd file) live? Is it trivial to change the log location from "SystemDrive" to a network share? (LogFileNam

RE: New IE zero day exploit in the wild

Issues > Subject: RE: New IE zero day exploit in the wild > > Couple of questions about this: > > Where does the slayocx.vbs (that gets called by your .cmd file) live? > > Is it trivial to change the log location from "SystemDrive" to a network > share? (

Re: New IE zero day exploit in the wild

; Carl > > -Original Message- > From: Ziots, Edward [mailto:ezi...@lifespan.org] > Sent: Wednesday, July 08, 2009 10:57 AM > To: NT System Admin Issues > Subject: RE: New IE zero day exploit in the wild > > Question, > > According to the Microsoft article it lo

RE: New IE zero day exploit in the wild

ginal Message- From: Tim Evans [mailto:tev...@sparling.com] Sent: Wednesday, July 08, 2009 11:18 AM To: NT System Admin Issues Subject: RE: New IE zero day exploit in the wild A while back, Jesper Johansson published a VBScript that helps with this. http://msinfluentials.com/blogs/jesper

RE: New IE zero day exploit in the wild

Original Message- From: Carl Houseman [mailto:c.house...@gmail.com] Sent: Wednesday, July 08, 2009 8:14 AM To: NT System Admin Issues Subject: RE: New IE zero day exploit in the wild It appears that's what we're left to do on our own. Not sure why MS couldn't just provide us the .

Re: New IE zero day exploit in the wild

Version 5.00 > [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX > Compatibility\{----}] > "Compatibility Flags"=dword:0400 > > You can apply this .reg file to individual systems by double-clicking it. > You can also apply it acro

RE: New IE zero day exploit in the wild

gineer Lifespan Organization MCSE,MCSA,MCP+I, ME, CCA, Security +, Network + ezi...@lifespan.org Phone:401-639-3505 -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Wednesday, July 08, 2009 10:48 AM To: NT System Admin Issues Subject: Re: New IE zero day exploit in the

RE: New IE zero day exploit in the wild

found. I've got a CMD file that consists of nothing but a bunch of slayocx.vbs commands. .Tim > -Original Message- > From: Ziots, Edward [mailto:ezi...@lifespan.org] > Sent: Wednesday, July 08, 2009 7:57 AM > To: NT System Admin Issues > Subject: RE: New IE zero day

RE: New IE zero day exploit in the wild

it's done. Carl -Original Message- From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Wednesday, July 08, 2009 10:57 AM To: NT System Admin Issues Subject: RE: New IE zero day exploit in the wild Question, According to the Microsoft article it looks like you need to add a whol

RE: New IE zero day exploit in the wild

Nothing really, was just seeing if someone knew about a tool that did this already before I created my script. Dave From: Carl Houseman [mailto:c.house...@gmail.com] Sent: Wednesday, July 08, 2009 7:41 AM To: NT System Admin Issues Subject: RE: New IE zero day exploit in the wild If you&#x

RE: New IE zero day exploit in the wild

(Excel is your friend if you want to go manually creating a .REG file from their list). Dave -Original Message- From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Wednesday, July 08, 2009 7:57 AM To: NT System Admin Issues Subject: RE: New IE zero day exploit in the wild Question, A

Re: New IE zero day exploit in the wild

idual systems by double-clicking it. > You can also apply it across domains by using Group Policy. For more > information about Group Policy, visit the following Microsoft Web sites: > > > Please advise, going to be undertaking this shortly, and don't want to > screw it up.

RE: New IE zero day exploit in the wild

MCP+I, ME, CCA, Security +, Network + ezi...@lifespan.org Phone:401-639-3505 -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Wednesday, July 08, 2009 10:48 AM To: NT System Admin Issues Subject: Re: New IE zero day exploit in the wild Yes, unfortunately, all our users

Re: New IE zero day exploit in the wild

; Machine-based startup script would be better idea, no? > > > > Cheers > > Ken > > > > > > From: Kurt Buff [kurt.b...@gmail.com] > > Sent: Wednesday, 8 July 2009 2:41 AM > > To: NT System Admin Issues >

Re: New IE zero day exploit in the wild

; Sent: Wednesday, 8 July 2009 2:41 AM > To: NT System Admin Issues > Subject: Re: New IE zero day exploit in the wild > > I'm just pushing out the .reg file in the login script: > >     regedit /s \\fileserver\public\patches\videokillbits.reg > > The file was ea

RE: New IE zero day exploit in the wild

___ From: Carl Houseman [mailto:c.house...@gmail.com] Sent: Wednesday, July 08, 2009 10:41 AM To: NT System Admin Issues Subject: RE: New IE zero day exploit in the wild If you're comfortable writing in Kix, what's stopping you? I'd do it with for /f + list-of-computers + psexec +

RE: New IE zero day exploit in the wild

o:david@nwea.org] Sent: Wednesday, July 08, 2009 10:24 AM To: NT System Admin Issues Subject: RE: New IE zero day exploit in the wild You are correct of course, I stand corrected on my terminology. However, like I said, I have 400 systems and I'd rather not manually look at 400 regis

RE: New IE zero day exploit in the wild

a common .CSV file. Dave From: Carl Houseman [mailto:c.house...@gmail.com] Sent: Tuesday, July 07, 2009 2:51 PM To: NT System Admin Issues Subject: RE: New IE zero day exploit in the wild What patch? Killbit workaround is not a patch. Open the registry and look for the registry keys.

RE: New IE zero day exploit in the wild

. 246 From: tony patton [mailto:tony.pat...@quinn-insurance.com] Sent: Wednesday, July 08, 2009 3:18 AM To: NT System Admin Issues Subject: Re: New IE zero day exploit in the wild PFE32 was a life saver in the day :-) think Notepad++ is now the most used app on my work PC, for

Re: New IE zero day exploit in the wild

ease respond to "NT System Admin Issues" To "NT System Admin Issues" cc Subject Re: New IE zero day exploit in the wild I'm just pushing out the .reg file in the login script: regedit /s \\fileserver\public\patches\videokillbits.reg The file was easy to cre

Re: New IE zero day exploit in the wild

or above. On Tue, Jul 7, 2009 at 11:12 AM, paul chinnery wrote: I know, Sherry. But try to teach that to all the users. I still have a few who think the monitor IS the computer. Date: Tue, 7 Jul 2009 10:54:41 -0500 Subject: Re: New IE zero day exploit in the wild From: saber...@gmail.

RE: New IE zero day exploit in the wild

Subject: Re: New IE zero day exploit in the wild I'm just pushing out the .reg file in the login script: regedit /s \\fileserver\public\patches\videokillbits.reg The file was easy to create, in a capable editor (not notepad or wordpad) that allows metacharacter search and replace, su

RE: New IE zero day exploit in the wild

What patch? Killbit workaround is not a patch. Open the registry and look for the registry keys. Carl From: David Lum [mailto:david@nwea.org] Sent: Tuesday, July 07, 2009 5:49 PM To: NT System Admin Issues Subject: RE: New IE zero day exploit in the wild Anyone know how to

RE: New IE zero day exploit in the wild

Anyone know how to confirm this patch is applied? Any tools around yet? I'd just as soon not manually check 4 or 5 machines sand assume all 400 are OK...and if I don't have to write my own script to check 'em, all the better... David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk)

RE: New IE zero day exploit in the wild

System Admin Issues Subject: Re: New IE zero day exploit in the wild yes On Tue, Jul 7, 2009 at 12:49 PM, Ziots, Edward wrote: Are you doing it in a Startup script via the GP? Z Edward Ziots Network Engineer Lifespan Organization MCSE,MCSA,MCP+I, ME, CCA, Security +, Network + ezi

Re: New IE zero day exploit in the wild

t;> >> trying to >> >> push out a .REG or something… >> >> >> >> >> >> >> >> David Lum // SYSTEMS ENGINEER >> >> NORTHWEST EVALUATION ASSOCIATION >> >> (Desk) 971.222.1025 // (Cell) 503.267.9764 >> >> >> >> >> >>

Re: New IE zero day exploit in the wild

t no issues). Beats trying > to > >> push out a .REG or something… > >> > >> > >> > >> David Lum // SYSTEMS ENGINEER > >> NORTHWEST EVALUATION ASSOCIATION > >> (Desk) 971.222.1025 // (Cell) 503.267.9764 > >> > >

Re: New IE zero day exploit in the wild

10:54:41 -0500 > Subject: Re: New IE zero day exploit in the wild > From: saber...@gmail.com > > To: ntsysadmin@lyris.sunbelt-software.com > > IE Tabs will work for just about everything IE in FF. > > On Tue, Jul 7, 2009 at 10:51 AM, paul chinnery wrote: > > Same h

Re: New IE zero day exploit in the wild

gt; > ezi...@lifespan.org > > Phone:401-639-3505 > -- > > *From:* Eric Wittersheim [mailto:eric.wittersh...@gmail.com] > *Sent:* Tuesday, July 07, 2009 11:41 AM > > *To:* NT System Admin Issues > *Subject:* Re: New IE zero day exploit in the wi

RE: New IE zero day exploit in the wild

] Sent: Tuesday, July 07, 2009 11:41 AM To: NT System Admin Issues Subject: Re: New IE zero day exploit in the wild I'm pushing out the .reg via GP. So far so good. On Tue, Jul 7, 2009 at 10:38 AM, David Lum wrote: The "Microsoft fix-it" is an MSI that I am pushing via SMS and

Re: New IE zero day exploit in the wild

On Tue, Jul 7, 2009 at 11:54 AM, Sherry Abercrombie wrote: > IE Tabs will work for just about everything IE in FF. That wouldn't help the IE security issue that kicked off this thread. (Well, assuming the luser went and invoked an IE tab to get the ActiveX control that wouldn't run, to run.

Re: New IE zero day exploit in the wild

>> (Desk) 971.222.1025 // (Cell) 503.267.9764 >> >> >> >> >> >> >> >> From: J Kyo [mailto:jky...@gmail.com] >> Sent: Tuesday, July 07, 2009 8:18 AM >> To: NT System Admin Issues >> Subject: Re: New IE zero day exploit in the wi

RE: New IE zero day exploit in the wild

ing to push out a .REG or something... David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 From: J Kyo [mailto:jky...@gmail.com] Sent: Tuesday, July 07, 2009 8:18 AM To: NT System Admin Issues Subject: Re: New IE zero day exploit i

RE: New IE zero day exploit in the wild

ROFL! Yeah. I have that problem too! John-AldrichTile-Tools From: paul chinnery [mailto:pdw1...@hotmail.com] Sent: Tuesday, July 07, 2009 12:12 PM To: NT System Admin Issues Subject: RE: New IE zero day exploit in the wild I know, Sherry. But try to teach that to all the users. I

Re: New IE zero day exploit in the wild

: > I know, Sherry. But try to teach that to all the users. I still have a > few who think the monitor IS the computer. > > -- > Date: Tue, 7 Jul 2009 10:54:41 -0500 > Subject: Re: New IE zero day exploit in the wild > From: saber...@gmail.com >

RE: New IE zero day exploit in the wild

I know, Sherry. But try to teach that to all the users. I still have a few who think the monitor IS the computer. Date: Tue, 7 Jul 2009 10:54:41 -0500 Subject: Re: New IE zero day exploit in the wild From: saber...@gmail.com To: ntsysadmin@lyris.sunbelt-software.com IE Tabs will work for

Re: New IE zero day exploit in the wild

- > Date: Tue, 7 Jul 2009 11:29:13 -0400 > Subject: Re: New IE zero day exploit in the wild > From: lee.doug...@gmail.com > To: ntsysadmin@lyris.sunbelt-software.com > > Yes, on several XP machines. So far nothing is broken, at least. > > > On Tue, Jul 7, 2009 at 11:17

RE: New IE zero day exploit in the wild

Same here. (I so wish we could use FF but a couple of our apps won't run if we do so I have to be content with using it myself.) Date: Tue, 7 Jul 2009 11:29:13 -0400 Subject: Re: New IE zero day exploit in the wild From: lee.doug...@gmail.com To: ntsysadmin@lyris.sunbelt-software.com Ye

RE: New IE zero day exploit in the wild

I did, but can't say I feel good about myself for doing it. -sc From: J Kyo [mailto:jky...@gmail.com] Sent: Tuesday, July 07, 2009 11:18 AM To: NT System Admin Issues Subject: Re: New IE zero day exploit in the wild Curious if anyone has used the "Microsoft Fix It&q

Re: New IE zero day exploit in the wild

G or something… > > > > *David Lum** **// *SYSTEMS ENGINEER > NORTHWEST EVALUATION ASSOCIATION > (Desk) 971.222.1025 *// *(Cell) 503.267.9764 > > > > > > > > *From:* J Kyo [mailto:jky...@gmail.com] > *Sent:* Tuesday, July 07, 2009 8:18 AM > *To:* NT System Adm

RE: New IE zero day exploit in the wild

64 From: J Kyo [mailto:jky...@gmail.com] Sent: Tuesday, July 07, 2009 8:18 AM To: NT System Admin Issues Subject: Re: New IE zero day exploit in the wild Curious if anyone has used the "Microsoft Fix It" from: http://support.microsoft.com/kb/972890. On Mon, Jul 6, 2009 at 6:

RE: New IE zero day exploit in the wild

I just installed it in most of my organization. John-AldrichTile-Tools From: J Kyo [mailto:jky...@gmail.com] Sent: Tuesday, July 07, 2009 11:18 AM To: NT System Admin Issues Subject: Re: New IE zero day exploit in the wild Curious if anyone has used the "Microsoft Fix It"

Re: New IE zero day exploit in the wild

;> *Sent:* Monday, July 06, 2009 9:06 PM >> *To:* NT System Admin Issues >> *Subject:* RE: New IE zero day exploit in the wild >> >> >> >> Seems to be XP / Windows Server 2003 only? >> >> Cheers >> >> Ken >> >> >> ----

RE: New IE zero day exploit in the wild

...@gmail.com] Sent: Tuesday, July 07, 2009 10:18 AM To: NT System Admin Issues Subject: Re: New IE zero day exploit in the wild Curious if anyone has used the "Microsoft Fix It" from: http://support.microsoft.com/kb/972890. On Mon, Jul 6, 2009 at 6:24 PM, Carl Houseman wrote: Recommendati

Re: New IE zero day exploit in the wild

/972890.mspx > > > > Carl > > > > *From:* Ken Schaefer [mailto:k...@adopenstatic.com] > *Sent:* Monday, July 06, 2009 9:06 PM > *To:* NT System Admin Issues > *Subject:* RE: New IE zero day exploit in the wild > > > > Seems to be XP / Windows Server 2003 on

RE: New IE zero day exploit in the wild

wild Seems to be XP / Windows Server 2003 only? Cheers Ken _ From: Alex Eckelberry [al...@sunbelt-software.com] Sent: Tuesday, 7 July 2009 5:56 AM To: NT System Admin Issues Subject: New IE zero day exploit in the wild Our labs have confirmed this and it is quite nasty. Best bet

RE: New IE zero day exploit in the wild

Seems to be XP / Windows Server 2003 only? Cheers Ken From: Alex Eckelberry [al...@sunbelt-software.com] Sent: Tuesday, 7 July 2009 5:56 AM To: NT System Admin Issues Subject: New IE zero day exploit in the wild Our labs have confirmed this and it is quite nasty

New IE zero day exploit in the wild

Our labs have confirmed this and it is quite nasty. Best bet for now is to set the killbits. Or don't use IE. Some references: Microsoft: http://www.microsoft.com/technet/security/advisory/972890.mspx SANS: http://isc.sans.org/diary.html?storyid=6733 I would take this on