*>>**Can you explain to me how to apply it ? Launch the MS file locally and revisit the registry ? Is it doable through GPO?*
Um... The instructions for installation are right here: http://support.microsoft.com/kb/2264107 What about them do you not understand? Software installation can be handled by whatever mechanism you deploy software to your organization today using the provided .MSU and .EXE files. *ASB *(My XeeSM Profile) <http://XeeSM.com/AndrewBaker> *Exploiting Technology for Business Advantage...* * * Signature powered by WiseStamp <http://www.wisestamp.com/email-install> On Thu, Aug 26, 2010 at 2:41 AM, HELP_PC <[email protected]> wrote: > Can you explain to me how to apply it ? Launch the MS file locally and > revisit the registry ? Is it doable through GPO? > > TIA > > *GuidoElia* > *HELPPC* > > > ------------------------------ > *Da:* Carl Houseman [mailto:[email protected]] > *Inviato:* giovedì 26 agosto 2010 8.21 > > *A:* NT System Admin Issues > *Oggetto:* RE: Insecure Library Loading Vulnerability > > I don't see where MS advised that "many things" may not work after > implementing the 2264107 patch. I just re-read the security advisory and > there is no "impact of workaround" mentioned for the patch. In short, MS > has fairly much implied that the patch is without severe consequences. > > > > You should test the 2264107 patch with your chosen registry setting(s) that > enable the patch, just the same as you would test any security patch, before > putting it into production. > > > > Carl > > > > *From:* HELP_PC [mailto:[email protected]] > *Sent:* Thursday, August 26, 2010 1:29 AM > *To:* NT System Admin Issues > *Subject:* R: Insecure Library Loading Vulnerability > > > > You are right! The problem is not I don't like the workaround but the > unknown results I can get in a network. MS advices many things may not work > after. ( Or did I misunderstand?) > > > > *GuidoElia* > > *HELPPC* > > > > > ------------------------------ > > *Da:* Carl Houseman [mailto:[email protected]] > *Inviato:* giovedì 26 agosto 2010 7.19 > *A:* NT System Admin Issues > *Oggetto:* RE: Insecure Library Loading Vulnerability > > And these as well: Firefox, Dreamweaver, Opera, Teamviewer, VLC Media > player, Avast, Camtasia, SnagIt, Live Mail, Powerpoint. > > > > And those are likely just the beginning. I'd expect the number to get to > 100's of apps. > > > > As for remedy, you either wait for the apps be updated or patched with > secure DLL loading code, or you implement the workaround patch from > Microsoft that you don't like. > > > > Carl > > > > *From:* HELP_PC [mailto:[email protected]] > *Sent:* Thursday, August 26, 2010 1:04 AM > *To:* NT System Admin Issues > *Subject:* Insecure Library Loading Vulnerability > > > > > > According to Secunia already found vulnerabilities on Windows Address Book > and Office Groove. > Are we going to an out of band remedy ? > > *GuidoElia* > *HELPPC* > > > > > > > > > > > > > > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
