Any idea what that Fix It does? In the MS 
advisory<http://technet.microsoft.com/en-us/security/advisory/2934088>, one of 
the workarounds is to "Set Internet and Local intranet security zone settings 
to "High" to block ActiveX Controls and Active Scripting in these zones". If 
that's what it does, seeing how most users react and call the help desk about 
any little message, I imagine we'll want to notify users as they'll probably 
start receiving extra prompts when accessing certain sites that contain ActiveX.

From: [email protected] [mailto:[email protected]] On 
Behalf Of Rod Trent
Sent: Thursday, February 20, 2014 5:06 PM
To: [email protected]
Subject: RE: [mssms] MS and Adobe OOB Updates

Yep...that's right...

http://windowsitpro.com/msrc/microsoft-releases-temporary-fix-ie10-and-ie9-remote-code-execution-vulnerability

The IE10 vuln was reported to Microsoft by FireEye on the 13th and confirmed by 
Microsoft (and announced it also affects IE9) on the 18th. The Fix-It was 
released yesterday evening. Keep in mind the flaw is actually in Adobe's Flash 
scripting language.

Coincidentally, Adobe released its 2nd zero-day update this month today. It's 
also a Flash vuln.

http://windowsitpro.com/security/adobe-releases-second-critical-zero-day-flash-update-short-month

From: [email protected]<mailto:[email protected]> 
[mailto:[email protected]] On Behalf Of Marcum, John
Sent: Thursday, February 20, 2014 4:54 PM
To: SMS List ([email protected]<mailto:[email protected]>)
Subject: [mssms] MS and Adobe OOB Updates

Am I reading this right???? Microsoft released an OOB warning but the only way 
to patch it is with a fix it?

http://news.cnet.com/8301-1009_3-57619214-83/adobe-issues-emergency-patch-again/

However, people who use those browsers must apply the fix manually with the 
FixIt shim tool<http://support.microsoft.com/kb/2934088>. A permanent fix for 
the exploit is expected in three weeks or so



________________________________
John Marcum
Lead Desktop Engineer
Bradley Arant Boult Cummings LLP
________________________________


________________________________

Confidentiality Notice: This e-mail is from a law firm and may be protected by 
the attorney-client or work product privileges. If you have received this 
message in error, please notify the sender by replying to this e-mail and then 
delete it from your computer.


________________________________

IRS Compliance: Any tax advice contained in this communication (including any 
attachments) is not intended or written to be used, and cannot be used, for the 
purpose of (i) avoiding penalties imposed under the Internal Revenue Code or 
applicable state or local tax law or (ii) promoting, marketing, or recommending 
to another party any transaction or matter addressed herein.

________________________________

Confidentiality Notice: This e-mail is intended only for the addressee named 
above. It contains information that is privileged, confidential or otherwise 
protected from use and disclosure. If you are not the intended recipient, you 
are hereby notified that any review, disclosure, copying, or dissemination of 
this transmission, or taking of any action in reliance on its contents, or 
other use is strictly prohibited. If you have received this transmission in 
error, please reply to the sender listed above immediately and permanently 
delete this message from your inbox. Thank you for your cooperation.



Reply via email to