Problems occur more with the 0xFFFFFFFF option, than the others.
*ASB *(My XeeSM Profile) <http://XeeSM.com/AndrewBaker> *Exploiting Technology for Business Advantage...* * * Signature powered by <http://www.wisestamp.com/email-install?utm_source=extension&utm_medium=email&utm_campaign=footer> WiseStamp<http://www.wisestamp.com/email-install?utm_source=extension&utm_medium=email&utm_campaign=footer> On Thu, Aug 26, 2010 at 10:21 AM, Carl Houseman <[email protected]>wrote: > Outlook relies on it? What version? My 2007 hasn't noticed a difference > since applying the workaround patch and registry value=2. > > Carl > > -----Original Message----- > From: Ben Scott [mailto:[email protected]] > Sent: Thursday, August 26, 2010 10:18 AM > To: NT System Admin Issues > Subject: Re: Insecure Library Loading Vulnerability > > On Thu, Aug 26, 2010 at 10:00 AM, Andrew S. Baker <[email protected]> > wrote: > > Changing that decision more recently (via OS upgrade or patch) > > would have a debilitating impact on compatibility ... > > My beef is not that Microsoft valued compatibility, but that they > didn't take this vulnerability seriously until it was attacked. As > has been demonstrated, it is possible to change the default behavior > to be more secure while still allowing exceptions on case-by-case > basis. That's all I would ask for. But Microsoft ignored the problem > until it became an emergency. I do hold them accountable for that. > > I do wonder just how many programs will break if the default > behavior is changed. Of course, apparently Outlook relies on the "DLL > in CWD" behavior, so that's pretty significant. > > -- Ben > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
