+1 Phillip Partipilo Parametric Solutions Inc. Jupiter, Florida (561) 747-6107 _____
From: Jonathan Link [mailto:[email protected]] Sent: Wednesday, July 08, 2009 10:53 AM To: NT System Admin Issues Subject: Re: New IE zero day exploit in the wild After taking local admin rights away from users my plate is less full. YMMV. On Wed, Jul 8, 2009 at 10:47 AM, Kurt Buff <[email protected]> wrote: Yes, unfortunately, all our users are admins. It sucks, but I use it to my advantage when I can. The reason we've not done a GP is because we haven't had the luxury of studying to understand them. Our plates always seem to be full with other things. On Tue, Jul 7, 2009 at 19:04, Ken Schaefer<[email protected]> wrote: > Are all your users admins? Otherwise, how is that logon script going to update HKLM? > > Machine-based startup script would be better idea, no? > > Cheers > Ken > > ________________________________________ > From: Kurt Buff [[email protected]] > Sent: Wednesday, 8 July 2009 2:41 AM > To: NT System Admin Issues > Subject: Re: New IE zero day exploit in the wild > > I'm just pushing out the .reg file in the login script: > > regedit /s \\fileserver\public\patches\videokillbits.reg > > The file was easy to create, in a capable editor (not notepad or > wordpad) that allows metacharacter search and replace, such as '\n' > for CRLF and '\t' for tab. I used the ancient, no-longer-supported > PFE32. I really should switch to VIM, I suppose. > > On Tue, Jul 7, 2009 at 08:40, Eric > Wittersheim<[email protected]> wrote: >> I'm pushing out the .reg via GP. So far so good. >> >> On Tue, Jul 7, 2009 at 10:38 AM, David Lum <[email protected]> wrote: >>> >>> The "Microsoft fix-it" is an MSI that I am pushing via SMS and is pushing >>> fine (so far just a few test cases have it, but no issues). Beats trying to >>> push out a .REG or something. >>> >>> >>> >>> David Lum // SYSTEMS ENGINEER >>> NORTHWEST EVALUATION ASSOCIATION >>> (Desk) 971.222.1025 // (Cell) 503.267.9764 >>> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ _____ If this email is spam, report it here: http://www.OnlyMyEmail.com/ReportSpam <http://www.onlymyemail.com/view/?action=reportSpam&Id=ODEzNjQ6OTI2MTkwNzgwO nBqcEBwc25ldC5jb20%3D> THIS ELECTRONIC MESSAGE AND ANY ATTACHMENTS ARE CONFIDENTIAL AND PROPRIETARY PROPERTY OF THE SENDER. THE INFORMATION IS INTENDED FOR USE BY THE ADDRESSEE ONLY. ANY OTHER INTERCEPTION, COPYING, ACCESSING, OR DISCLOSURE OF THIS MESSAGE IS PROHIBITED. IF YOU HAVE RECEIVED THIS MESSAGE IN ERROR, PLEASE IMMEDIATELY NOTIFY THE SENDER AND DELETE THIS MAIL AND ALL ATTACHMENTS. DO NOT FORWARD THIS MESSAGE WITHOUT PERMISSION OF THE SENDER. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
