Any idea what that Fix It does? In the MS advisory<http://technet.microsoft.com/en-us/security/advisory/2934088>, one of the workarounds is to "Set Internet and Local intranet security zone settings to "High" to block ActiveX Controls and Active Scripting in these zones". If that's what it does, seeing how most users react and call the help desk about any little message, I imagine we'll want to notify users as they'll probably start receiving extra prompts when accessing certain sites that contain ActiveX.
From: [email protected] [mailto:[email protected]] On Behalf Of Rod Trent Sent: Thursday, February 20, 2014 5:06 PM To: [email protected] Subject: RE: [mssms] MS and Adobe OOB Updates Yep...that's right... http://windowsitpro.com/msrc/microsoft-releases-temporary-fix-ie10-and-ie9-remote-code-execution-vulnerability The IE10 vuln was reported to Microsoft by FireEye on the 13th and confirmed by Microsoft (and announced it also affects IE9) on the 18th. The Fix-It was released yesterday evening. Keep in mind the flaw is actually in Adobe's Flash scripting language. Coincidentally, Adobe released its 2nd zero-day update this month today. It's also a Flash vuln. http://windowsitpro.com/security/adobe-releases-second-critical-zero-day-flash-update-short-month From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Marcum, John Sent: Thursday, February 20, 2014 4:54 PM To: SMS List ([email protected]<mailto:[email protected]>) Subject: [mssms] MS and Adobe OOB Updates Am I reading this right???? Microsoft released an OOB warning but the only way to patch it is with a fix it? http://news.cnet.com/8301-1009_3-57619214-83/adobe-issues-emergency-patch-again/ However, people who use those browsers must apply the fix manually with the FixIt shim tool<http://support.microsoft.com/kb/2934088>. A permanent fix for the exploit is expected in three weeks or so ________________________________ John Marcum Lead Desktop Engineer Bradley Arant Boult Cummings LLP ________________________________ ________________________________ Confidentiality Notice: This e-mail is from a law firm and may be protected by the attorney-client or work product privileges. If you have received this message in error, please notify the sender by replying to this e-mail and then delete it from your computer. ________________________________ IRS Compliance: Any tax advice contained in this communication (including any attachments) is not intended or written to be used, and cannot be used, for the purpose of (i) avoiding penalties imposed under the Internal Revenue Code or applicable state or local tax law or (ii) promoting, marketing, or recommending to another party any transaction or matter addressed herein. ________________________________ Confidentiality Notice: This e-mail is intended only for the addressee named above. It contains information that is privileged, confidential or otherwise protected from use and disclosure. If you are not the intended recipient, you are hereby notified that any review, disclosure, copying, or dissemination of this transmission, or taking of any action in reliance on its contents, or other use is strictly prohibited. If you have received this transmission in error, please reply to the sender listed above immediately and permanently delete this message from your inbox. Thank you for your cooperation.

