Why would anyone use the 0xFFFFFFFF option to combat the vulnerability? CWD on the local system is not a part of the threat landscape.
I can't help myself - it's another "Dr. Dr. it hurts when I do this..." problem. Carl From: Andrew S. Baker [mailto:[email protected]] Sent: Thursday, August 26, 2010 10:34 AM To: NT System Admin Issues Subject: Re: Insecure Library Loading Vulnerability Problems occur more with the 0xFFFFFFFF option, than the others. ASB <http://XeeSM.com/AndrewBaker> (My XeeSM Profile) Exploiting Technology for Business Advantage... <http://www.wisestamp.com/email-install?utm_source=extension&utm_medium=email &utm_campaign=footer> Signature powered by <http://www.wisestamp.com/email-install?utm_source=extension&utm_medium=email &utm_campaign=footer> WiseStamp <http://s.wisestamp.com/pixel.png?p=chrome&v=1.2.3.0&t=1282833155090&u=760673 6&e=3236> On Thu, Aug 26, 2010 at 10:21 AM, Carl Houseman <[email protected]> wrote: Outlook relies on it? What version? My 2007 hasn't noticed a difference since applying the workaround patch and registry value=2. Carl -----Original Message----- From: Ben Scott [mailto:[email protected]] Sent: Thursday, August 26, 2010 10:18 AM To: NT System Admin Issues Subject: Re: Insecure Library Loading Vulnerability On Thu, Aug 26, 2010 at 10:00 AM, Andrew S. Baker <[email protected]> wrote: > Changing that decision more recently (via OS upgrade or patch) > would have a debilitating impact on compatibility ... My beef is not that Microsoft valued compatibility, but that they didn't take this vulnerability seriously until it was attacked. As has been demonstrated, it is possible to change the default behavior to be more secure while still allowing exceptions on case-by-case basis. That's all I would ask for. But Microsoft ignored the problem until it became an emergency. I do hold them accountable for that. I do wonder just how many programs will break if the default behavior is changed. Of course, apparently Outlook relies on the "DLL in CWD" behavior, so that's pretty significant. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
