Never mind, and Outlook's behavior (assuming it does need .DLLs from the CWD) isn't significant to the problem at hand. I doubt that any COTS app will break with the Microsoft patch installed and system-wide registry setting=2.
Carl -----Original Message----- From: Carl Houseman [mailto:[email protected]] Sent: Thursday, August 26, 2010 10:22 AM To: NT System Admin Issues Subject: RE: Insecure Library Loading Vulnerability Outlook relies on it? What version? My 2007 hasn't noticed a difference since applying the workaround patch and registry value=2. Carl -----Original Message----- From: Ben Scott [mailto:[email protected]] Sent: Thursday, August 26, 2010 10:18 AM To: NT System Admin Issues Subject: Re: Insecure Library Loading Vulnerability On Thu, Aug 26, 2010 at 10:00 AM, Andrew S. Baker <[email protected]> wrote: > Changing that decision more recently (via OS upgrade or patch) > would have a debilitating impact on compatibility ... My beef is not that Microsoft valued compatibility, but that they didn't take this vulnerability seriously until it was attacked. As has been demonstrated, it is possible to change the default behavior to be more secure while still allowing exceptions on case-by-case basis. That's all I would ask for. But Microsoft ignored the problem until it became an emergency. I do hold them accountable for that. I do wonder just how many programs will break if the default behavior is changed. Of course, apparently Outlook relies on the "DLL in CWD" behavior, so that's pretty significant. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
