RE: Insecure Library Loading Vulnerability

Oggetto: RE: Insecure Library Loading Vulnerability Apply the hotfix accordingly. Set the registry key on a machine, export the .REG file and apply via a computer Startup GPO to the targeted systems. Or you can use regini to script out the install, etc etc. Z Edward E. Ziots CISSP, Network

Re: Insecure Library Loading Vulnerability

On Thu, Aug 26, 2010 at 11:21 AM, Carl Houseman wrote: >> You forget about all the COTS software designed to run from a network >> share. > > I didn't forget, I read the patch documentation thoroughly.  With registry > value=2, if the app is run from a network share then loading DLLs from a > netw

Re: Insecure Library Loading Vulnerability

:c.house...@gmail.com] > *Inviato:* giovedì 26 agosto 2010 8.21 > > *A:* NT System Admin Issues > *Oggetto:* RE: Insecure Library Loading Vulnerability > > I don't see where MS advised that "many things" may not work after > implementing the 2264107 patch. I just

RE: Insecure Library Loading Vulnerability

foolish. Carl -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Thursday, August 26, 2010 11:16 AM To: NT System Admin Issues Subject: Re: Insecure Library Loading Vulnerability On Thu, Aug 26, 2010 at 11:11 AM, Carl Houseman wrote: >> Only CWDIllegalInDllSearch=IN

RE: Insecure Library Loading Vulnerability

From: Carl Houseman [mailto:c.house...@gmail.com] Sent: Thursday, 26 August 2010 11:11 PM To: NT System Admin Issues Subject: RE: Insecure Library Loading Vulnerability See my response to ASB. Those who are setting the registry value to INT_MAX don't understand the problem they are tr

RE: Insecure Library Loading Vulnerability

Sent: Thursday, August 26, 2010 11:11 AM To: NT System Admin Issues Subject: Re: Insecure Library Loading Vulnerability On Thu, Aug 26, 2010 at 11:05 AM, Carl Houseman wrote: > Never mind, and Outlook's behavior (assuming it does need .DLLs from the CWD) > isn't significant to the pro

Re: Insecure Library Loading Vulnerability

On Thu, Aug 26, 2010 at 11:11 AM, Carl Houseman wrote: >> Only CWDIllegalInDllSearch=INT_MAX would cause the problem. > > See my response to ASB.  Those who are setting the registry value to INT_MAX > don't understand the problem they are trying to prevent. See my response to Carl Houseman. ;-

Re: Insecure Library Loading Vulnerability

On Thu, Aug 26, 2010 at 11:09 AM, Carl Houseman wrote: > Why would anyone use the 0x option to combat the vulnerability? For the same reason people wanted a way to influence this behavior before it started being attacked: Because it's quite likely that someday it *will* be attacked.

RE: Insecure Library Loading Vulnerability

t: Re: Insecure Library Loading Vulnerability On Thu, Aug 26, 2010 at 10:21 AM, Carl Houseman wrote: > Outlook relies on it?  What version? Someone has reported that Outlook 2002 changes directory to load the MAPI DLLs: http://isc.sans.edu/diary.html?storyid=9445 (comment from Erik van Strate

Re: Insecure Library Loading Vulnerability

On Thu, Aug 26, 2010 at 11:05 AM, Carl Houseman wrote: > Never mind, and Outlook's behavior (assuming it does need .DLLs from the CWD) > isn't significant to the problem at hand.  I doubt that any COTS app will > break with the Microsoft patch installed and system-wide registry setting=2. You f

RE: Insecure Library Loading Vulnerability

...@gmail.com] Sent: Thursday, August 26, 2010 10:34 AM To: NT System Admin Issues Subject: Re: Insecure Library Loading Vulnerability Problems occur more with the 0x option, than the others. ASB <http://XeeSM.com/AndrewBaker> (My XeeSM Profile) Exploiting Technology for Busine

RE: Insecure Library Loading Vulnerability

to:c.house...@gmail.com] Sent: Thursday, August 26, 2010 10:22 AM To: NT System Admin Issues Subject: RE: Insecure Library Loading Vulnerability Outlook relies on it? What version? My 2007 hasn't noticed a difference since applying the workaround patch and registry value=2. Carl -O

Re: Insecure Library Loading Vulnerability

On Thu, Aug 26, 2010 at 10:32 AM, Andrew S. Baker wrote: > There are quite a number of programs that break with the change. > People have found some mitigation for some of them already. > See the comments here:  http://isc.sans.edu/diary.html?storyid=9445 Ah, some new comments since I was there

Re: Insecure Library Loading Vulnerability

On Thu, Aug 26, 2010 at 10:21 AM, Michael B. Smith wrote: > You (the editorial "you", not you specifically) can't require MSFT to > always provide compatible interfaces and then scream when that causes > problems. Why not, people do that all the time? ;-) -- Ben ~ Finally, powerful endpoint

Re: Insecure Library Loading Vulnerability

On Thu, Aug 26, 2010 at 10:21 AM, Carl Houseman wrote: > Outlook relies on it?  What version? Someone has reported that Outlook 2002 changes directory to load the MAPI DLLs: http://isc.sans.edu/diary.html?storyid=9445 (comment from Erik van Straten) > My 2007 hasn't noticed a difference since

Re: Insecure Library Loading Vulnerability

lying the workaround patch and registry value=2. > > Carl > > -Original Message- > From: Ben Scott [mailto:mailvor...@gmail.com] > Sent: Thursday, August 26, 2010 10:18 AM > To: NT System Admin Issues > Subject: Re: Insecure Library Loading Vulnerability > > On

Re: Insecure Library Loading Vulnerability

There are quite a number of programs that break with the change. People have found some mitigation for some of them already. See the comments here: http://isc.sans.edu/diary.html?storyid=9445 *ASB *(My XeeSM Profile) *Exploiting Technology for Business Advantag

RE: Insecure Library Loading Vulnerability

t: Re: Insecure Library Loading Vulnerability On Thu, Aug 26, 2010 at 10:00 AM, Andrew S. Baker wrote: > Changing that decision more recently (via OS upgrade or patch) > would have a debilitating impact on compatibility ... My beef is not that Microsoft valued compatibility, but that they didn&

RE: Insecure Library Loading Vulnerability

Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Thursday, August 26, 2010 10:11 AM To: NT System Admin Issues Subject: Re: Insecure Library Loading Vulnerability On Thu, Aug 26, 2010 at 9:56 AM, Michael B. Smith wrote: >> Microsoft's software has been

Re: Insecure Library Loading Vulnerability

On Thu, Aug 26, 2010 at 10:00 AM, Andrew S. Baker wrote: > Changing that decision more recently (via OS upgrade or patch) > would have a debilitating impact on compatibility ... My beef is not that Microsoft valued compatibility, but that they didn't take this vulnerability seriously until it w

RE: Insecure Library Loading Vulnerability

2010 9:57 AM To: NT System Admin Issues Subject: RE: Insecure Library Loading Vulnerability I can't go along with you here. This has been documented as an issue -- for decades -- and MSFT has told people how to do it right -- for decades. Don't blame MSFT as a company for people

Re: Insecure Library Loading Vulnerability

On Thu, Aug 26, 2010 at 9:56 AM, Michael B. Smith wrote: >> Microsoft's software has been criticized for its search path >> behavior for literally decades. > > This has been documented as an issue -- for decades -- and MSFT > has told people how to do it right -- for decades. A design which is

RE: Insecure Library Loading Vulnerability

Organization Email:ezi...@lifespan.org Cell:401-639-3505 From: Steven M. Caesare [mailto:scaes...@caesare.com] Sent: Thursday, August 26, 2010 9:10 AM To: NT System Admin Issues Subject: RE: Insecure Library Loading Vulnerability Seriously? -sc From: HELP_PC [mailto:g...@enter.it

Re: Insecure Library Loading Vulnerability

The problem is one of market share and compatibility. (not the normal market share argument) - Microsoft made a bad decision long ago. - Changing that decision very early would have been good, but that didn't happen. - Changing that decision more recently (via OS upgrade or patch) w

RE: Insecure Library Loading Vulnerability

"their" Oof. Apparently I can blame Jeff. -sc > -Original Message- > From: Steven M. Caesare [mailto:scaes...@caesare.com] > Sent: Thursday, August 26, 2010 9:57 AM > To: NT System Admin Issues > Subject: RE: Insecure Library Loading Vulnerability > >

RE: Insecure Library Loading Vulnerability

com] > Sent: Thursday, August 26, 2010 9:46 AM > To: NT System Admin Issues > Subject: Re: Insecure Library Loading Vulnerability > > On Thu, Aug 26, 2010 at 9:08 AM, Steven M. Caesare > wrote: > > For all of the bashing MS gets, I think it's good to see that > &g

RE: Insecure Library Loading Vulnerability

AM To: NT System Admin Issues Subject: Re: Insecure Library Loading Vulnerability On Thu, Aug 26, 2010 at 9:08 AM, Steven M. Caesare wrote: > For all of the bashing MS gets, I think it's good to see that > internally the security teams take the vuln notifications seriously > and were

Re: Insecure Library Loading Vulnerability

On Thu, Aug 26, 2010 at 9:08 AM, Steven M. Caesare wrote: > For all of the bashing MS gets, I think it’s good to see that internally the > security teams take the vuln notifications seriously and were diligent in > cooperating… Seriously? As I mentioned earlier, Microsoft's software has been c

Re: Insecure Library Loading Vulnerability

On Thu, Aug 26, 2010 at 1:18 AM, Carl Houseman wrote: > And those are likely just the beginning. I'd expect the number to get to > 100's of apps. I expect it to be in the thousands, if not tens or hundreds of thousands. Keep in mind that most executables probably won't be tested for this, so w

RE: Insecure Library Loading Vulnerability

GPO? TIA GuidoElia HELPPC Da: Carl Houseman [mailto:c.house...@gmail.com] Inviato: giovedì 26 agosto 2010 8.21 A: NT System Admin Issues Oggetto: RE: Insecure Library Loading Vulnerability I don't see where MS advised that "many thing

RE: Insecure Library Loading Vulnerability

ssues Subject: RE: Insecure Library Loading Vulnerability According to these guys, they've found 121 vulnerabilities in 41 Microsoft products. And over 512 issues altogether... http://acrossecurity.blogspot.com/ Cheers Ken From: HELP_PC [mailto:g...@enter.it] Sent: Thursday, 26 A

RE: Insecure Library Loading Vulnerability

ELPPC Da: Carl Houseman [mailto:c.house...@gmail.com] Inviato: giovedì 26 agosto 2010 7.19 A: NT System Admin Issues Oggetto: RE: Insecure Library Loading Vulnerability And these as well: Firefox, Dreamweaver, Opera, Teamviewer, VLC Media player, Avast, Camtasia, SnagIt, Live

Re: Insecure Library Loading Vulnerability

t; *Da:* Carl Houseman [mailto:c.house...@gmail.com] > *Inviato:* giovedì 26 agosto 2010 8.21 > > *A:* NT System Admin Issues > *Oggetto:* RE: Insecure Library Loading Vulnerability > > I don't see where MS advised that "many things" may not work after > implementin

Re: Insecure Library Loading Vulnerability

It is definitely going to take some time before vendors implement the following: http://support.microsoft.com/kb/2389418 The number is definitely going to get well into the hundreds of apps. Interestingly enough, I'll bet that fixing this one issue is going to lead to all sorts of improved stabil

RE: Insecure Library Loading Vulnerability

Carl Houseman [mailto:c.house...@gmail.com] Inviato: giovedì 26 agosto 2010 7.19 A: NT System Admin Issues Oggetto: RE: Insecure Library Loading Vulnerability And these as well: Firefox, Dreamweaver, Opera, Teamviewer, VLC Media player, Avast, Camtasia, SnagIt, Live Mail, Powerpoint.

RE: Insecure Library Loading Vulnerability

According to these guys, they've found 121 vulnerabilities in 41 Microsoft products. And over 512 issues altogether... http://acrossecurity.blogspot.com/ Cheers Ken From: HELP_PC [mailto:g...@enter.it] Sent: Thursday, 26 August 2010 1:15 PM To: NT System Admin Issues Subject: R: Insecure Library

RE: Insecure Library Loading Vulnerability

And these as well: Firefox, Dreamweaver, Opera, Teamviewer, VLC Media player, Avast, Camtasia, SnagIt, Live Mail, Powerpoint. And those are likely just the beginning. I'd expect the number to get to 100's of apps. As for remedy, you either wait for the apps be updated or patched with secur