RE: 0-day IE Exploit "in the wild"

twork + From: Alex Eckelberry [mailto:al...@sunbelt-software.com] Sent: Thursday, December 18, 2008 8:55 AM To: NT System Admin Issues Subject: RE: 0-day IE Exploit "in the wild" Incidentally, there's still a zero day out there with Wordpad. http:

Re: 0-day IE Exploit "in the wild"

3 but still worth keeping in > mind if you have machines that aren't up to the latest grade. > > Alex > > > -- > *From:* James Rankin [mailto:kz2...@googlemail.com] > *Sent:* Wednesday, December 17, 2008 10:10 AM > *To:* NT System Admin

RE: 0-day IE Exploit "in the wild"

grade. Alex From: James Rankin [mailto:kz2...@googlemail.com] Sent: Wednesday, December 17, 2008 10:10 AM To: NT System Admin Issues Subject: Re: 0-day IE Exploit "in the wild" I forgot to mention that the net view command will only work well if, like mine, all your machines are

RE: 0-day IE Exploit "in the wild" - Update is available now

Glad someone watched the Webcast ;) Sean Rector, MCSE -Original Message- From: Romel Jacinto [mailto:romel.jaci...@gmail.com] Sent: Wednesday, December 17, 2008 4:38 PM To: NT System Admin Issues Subject: Re: 0-day IE Exploit "in the wild" - Update is available now >Fro

Re: 0-day IE Exploit "in the wild" - Update is available now

> From: David Lum [mailto:david@nwea.org] > Sent: Wednesday, December 17, 2008 11:49 AM > To: NT System Admin Issues > Subject: RE: 0-day IE Exploit "in the wild" - Update is available now > > > > I already have it on my WSUS server and have started deploying

RE: 0-day IE Exploit "in the wild" - Update is available now

It rebooted my BES but not my SBS or APP server for the client I was working with today. Odd. From: David Lum [mailto:david@nwea.org] Sent: Wednesday, December 17, 2008 11:49 AM To: NT System Admin Issues Subject: RE: 0-day IE Exploit "in the wild" - Update is available now

Re: 0-day IE Exploit "in the wild" - Update is available now

Not always, some components can be updated without a reboot. IE security updates have always required a reboot. Micheal Espinola Jr wrote: > A reboot is always required for security updates. -- Phil Brutsche p...@optimumdata.com ~ Finally, powerful endpoint security that ISN'T a resource hog!

Re: 0-day IE Exploit "in the wild" - Update is available now

Ditto, servers that don't run Terminal Services can wait. David Lum wrote: > Fair Q. Here we're pushing to desktops only, servers are staying as-is. -- Phil Brutsche p...@optimumdata.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~

RE: 0-day IE Exploit "in the wild" - Update is available now

Fair Q. Here we're pushing to desktops only, servers are staying as-is. Dave -Original Message- From: Sam Cayze [mailto:sam.ca...@rollouts.com] Sent: Wednesday, December 17, 2008 12:10 PM To: NT System Admin Issues Subject: RE: 0-day IE Exploit "in the wild" - Update i

RE: 0-day IE Exploit "in the wild" - Update is available now

ndows? -Original Message- From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Wednesday, December 17, 2008 2:03 PM To: NT System Admin Issues Subject: Re: 0-day IE Exploit "in the wild" - Update is available now I'd do it anyways as a best practice. But perh

Re: 0-day IE Exploit "in the wild" - Update is available now

gt; > > > Sean Rector, MCSE > > > > From: David Lum [mailto:david@nwea.org] > Sent: Wednesday, December 17, 2008 2:49 PM > To: NT System Admin Issues > Subject: RE: 0-day IE Exploit "in the wild" - Update is available now > > > > I already h

RE: 0-day IE Exploit "in the wild" - Update is available now

6 of my 10 servers didn't require a reboot. Curious Sean Rector, MCSE From: David Lum [mailto:david@nwea.org] Sent: Wednesday, December 17, 2008 2:49 PM To: NT System Admin Issues Subject: RE: 0-day IE Exploit "in the wild" - Update is available now I already hav

Re: 0-day IE Exploit "in the wild" - Update is available now

reboot required… > > > > > > From: Sean Rector [mailto:sean.rec...@vaopera.org] > Sent: Wednesday, December 17, 2008 11:36 AM > To: NT System Admin Issues > Subject: RE: 0-day IE Exploit "in the wild" - Update is available now > > > > Just FYI… > > &g

RE: 0-day IE Exploit "in the wild" - Update is available now

stem Admin Issues Subject: RE: 0-day IE Exploit "in the wild" - Update is available now Just FYI... Sean Rector, MCSE Information Technology Manager Virginia Opera Association E-Mail: sean.rec...@vaopera.org<mailto:sean.rec...@vaopera.org> Phone:(757) 213-4548 (di

RE: 0-day IE Exploit "in the wild" - Update is available now

Just FYI... Sean Rector, MCSE > 2008-2009 Season: Tosca | The Barber of Seville > Recently Announced: Virginia Opera's 35th Anniversary Season 2009-2010 Visit us online at www.vaopera.org or call 1.866.OPERA.VA This e-mail and any attached files are confidential and intended solely for the

Re: 0-day IE Exploit "in the wild"

t;> created 6 batch files of 50 machines each and let 'er rip. Works great. >> >> >> >> David Lum >> -- >> >> *From:* Jason Morris [mailto:jmor...@mjmc.com] >> *Sent:* Tuesday, December 16, 2008 1:44 PM >>

RE: 0-day IE Exploit "in the wild"

M To: NT System Admin Issues Subject: RE: 0-day IE Exploit "in the wild" My experience with PSEXEC is that it doesn't like to have multiple commands pasted in. I work them individually, but it's usually in small batches of users so it's not bad. I connect to the computer to

Re: 0-day IE Exploit "in the wild"

t; > > Then I do my things from there one at a time. I've tried to run batch files > from that cmd prompt but had very poor luck. If you do find a way to do it, > that would be nice. > > Good luck! > > Jason > > > > > > *From:* Sean Rector [mailto:sean

RE: 0-day IE Exploit "in the wild"

Admin Issues Subject: RE: 0-day IE Exploit "in the wild" My experience with PSEXEC is that it doesn't like to have multiple commands pasted in. I work them individually, but it's usually in small batches of users so it's not bad. I connect to the computer to run cmd.exe th

RE: 0-day IE Exploit "in the wild"

ld be nice. Good luck! Jason From: Sean Rector [mailto:sean.rec...@vaopera.org] Sent: Tuesday, December 16, 2008 3:35 PM To: NT System Admin Issues Subject: RE: 0-day IE Exploit "in the wild" Does anyone have a psexec batch file to pass psexec a list of systems (from a te

RE: 0-day IE Exploit "in the wild"

Umm... You can have psexec look through a text file... instead of \\computername do @list.txt From: Sean Rector [mailto:sean.rec...@vaopera.org] Sent: Tuesday, December 16, 2008 4:35 PM To: NT System Admin Issues Subject: RE: 0-day IE Exploit "in the wild" Does anyone hav

RE: 0-day IE Exploit "in the wild"

Issues Subject: RE: 0-day IE Exploit "in the wild" Just got this... patch is supposed to be released out of band tomorrow... http://www.microsoft.com/technet/security/bulletin/ms08-dec.mspx -Bonnie From: Miller Bonnie L. [mailto:mille...@mukilteo.wednet.edu] Sent: Thursday, D

RE: 0-day IE Exploit "in the wild"

Just got this... patch is supposed to be released out of band tomorrow... http://www.microsoft.com/technet/security/bulletin/ms08-dec.mspx -Bonnie From: Miller Bonnie L. [mailto:mille...@mukilteo.wednet.edu] Sent: Thursday, December 11, 2008 9:12 AM To: NT System Admin Issues Subject: 0-day IE E

RE: 0-day IE Exploit "in the wild"

tacks affecting these versions (yet.)" -Original Message- From: David Lum [mailto:david@nwea.org] Sent: Friday, December 12, 2008 9:26 AM To: NT System Admin Issues Subject: RE: 0-day IE Exploit "in the wild" "Microsoft has updated Security Advisory (961051) to i

RE: 0-day IE Exploit "in the wild"

AM To: NT System Admin Issues Subject: Re: 0-day IE Exploit "in the wild" Yep. Its not IE emulation - its IE integration. So, you will be open to any of the rendering issues effecting your installed version of IE. -- ME2 On Thu, Dec 11, 2008 at 1:09 PM, Kennedy, Jim wrote: > The

Re: 0-day IE Exploit "in the wild"

n that tab. That at least is how I understand it. > > >> -Original Message- >> From: richardmccl...@aspca.org [mailto:richardmccl...@aspca.org] >> Sent: Thursday, December 11, 2008 12:49 PM >> To: NT System Admin Issues >> Subject: Re: 0-day IE Exploit &qu

RE: 0-day IE Exploit "in the wild"

OTOH, apparently the ability to turn on "DES" (or whatever) on XP systems is not an option in IE7. One can do this in IE8. -- Richard McClary, Systems Administrator ASPCA Knowledge Management 1717 S Philo Rd, Ste 36, Urbana, IL 61802 217-337-9761 http://www.as

RE: 0-day IE Exploit "in the wild"

On 11 Dec 2008 at 11:35, Sam Cayze wrote: > I feel a little better for not deploying IE 7 yet J > > IE 6 appears safe according to this advisory... Later versions of the MSKB also list IE6 and IE8 as possibly vulnerable. -- Angus Scott-Fleming GeoApps, Tucson, Arizona 1-520-290-5038 +-

RE: 0-day IE Exploit "in the wild"

: NT System Admin Issues Subject: RE: 0-day IE Exploit "in the wild" We dropped the net's inbound and outbound and looking at emerging threats and ISC for updates on any new updates. Plus a few other things I can't discuss. Z Edward E. Ziots Network Engineer Lifespan Org

RE: 0-day IE Exploit "in the wild"

, Security +, Network + -Original Message- From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Thursday, December 11, 2008 1:43 PM To: NT System Admin Issues Subject: RE: 0-day IE Exploit "in the wild" I'm confused, nothing new there. Should I block the url listed below or s

RE: 0-day IE Exploit "in the wild"

ot; > > Yes only in Vista but the option is dimmed ! > > > GuidoElia > HELPPC > > -Messaggio originale- > Da: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] > Inviato: giovedì 11 dicembre 2008 19.52 > A: NT System Admin Issues > Oggetto: RE: 0-day IE

RE: 0-day IE Exploit "in the wild"

ion is dimmed ! > > > GuidoElia > HELPPC > > -Messaggio originale- > Da: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] > Inviato: giovedì 11 dicembre 2008 19.52 > A: NT System Admin Issues > Oggetto: RE: 0-day IE Exploit "in the wild" > > &q

RE: 0-day IE Exploit "in the wild"

d I cannot find DEP option in IE settings > > > GuidoElia > HELPPC > > -Messaggio originale- > Da: Glen Johnson [mailto:gjohn...@vhcc.edu] > Inviato: giovedì 11 dicembre 2008 19.43 > A: NT System Admin Issues > Oggetto: RE: 0-day IE Exploit "in the wild&qu

RE: 0-day IE Exploit "in the wild"

: Thursday, December 11, 2008 12:59 PM To: NT System Admin Issues Subject: RE: 0-day IE Exploit "in the wild" Also block the following. http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20081210 Z Edward E. Ziots Network Engineer Lifespan Organization Email: ezi...@lifespan.org

Re: 0-day IE Exploit "in the wild"

TED] > *Sent:* Thursday, December 11, 2008 1:04 PM > *To:* NT System Admin Issues > *Subject:* Re: 0-day IE Exploit "in the wild" > > > > > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~

RE: 0-day IE Exploit "in the wild"

urity +, Network + From: Jon Harris [mailto:[EMAIL PROTECTED] Sent: Thursday, December 11, 2008 1:04 PM To: NT System Admin Issues Subject: Re: 0-day IE Exploit "in the wild" ~ Finally, powerful endpoint security that ISN'T a res

RE: 0-day IE Exploit "in the wild"

es > Subject: Re: 0-day IE Exploit "in the wild" > > Fortunately (for this one, at least) we're a Mozilla shop... > > Do the "IE" add-ins for Firefox ("IE Tab", etc) share the > vulnerability? > > Thanks! > --

Re: 0-day IE Exploit "in the wild"

Better than having to rebuild a bunch of machines. I still think rounding up as many of these guys as can be found and burning them at the stake publicly would at least slow them down a bit, but that is only my opinion. Jon On Thu, Dec 11, 2008 at 12:54 PM, Ziots, Edward <[EMAIL PROTECTED]> wrot

RE: 0-day IE Exploit "in the wild"

, Edward [mailto:[EMAIL PROTECTED] Sent: Thursday, December 11, 2008 12:55 PM To: NT System Admin Issues Subject: RE: 0-day IE Exploit "in the wild" They got exploit code out for IE 7.0 and I have "heard" that IE 6.0 isnt that far behind. I have switched to Firefox for browser for t

RE: 0-day IE Exploit "in the wild"

They got exploit code out for IE 7.0 and I have "heard" that IE 6.0 isnt that far behind. I have switched to Firefox for browser for the time being. Don't be surprised if they go "out of Cycle" with this one. Just what we all need at Christmas. Z Edward E. Ziots Network Engineer Lifespa

Re: 0-day IE Exploit "in the wild"

Fortunately (for this one, at least) we're a Mozilla shop... Do the "IE" add-ins for Firefox ("IE Tab", etc) share the vulnerability? Thanks! -- Richard McClary, Systems Administrator ASPCA Knowledge Management 1717 S Philo Rd, Ste 36, Urbana, IL 61802 217-337

RE: 0-day IE Exploit "in the wild"

Does anyone know how to enable DEP/NX using Group Policy? According to the M$ article, if that is done, it will help mitigate the issue. Sean Rector, MCSE From: Sam Cayze [mailto:[EMAIL PROTECTED] Sent: Thursday, December 11, 2008 12:35 PM To: NT System Admin Issues Subject: RE: 0-day IE

RE: 0-day IE Exploit "in the wild"

I feel a little better for not deploying IE 7 yet J IE 6 appears safe according to this advisory... From: Miller Bonnie L. [mailto:[EMAIL PROTECTED] Sent: Thursday, December 11, 2008 11:12 AM To: NT System Admin Issues Subject: 0-day IE Exploit "in the wild" http://isc.sans.org/ ht