Hi Dan, I'm running 10.0.1.13. But, the signatures should be the same as yours. Not sure if the version matters all that much. Joseph -----Original Message----- From: Ball, Dan [mailto:DBall@xxxxxxxxxxx] Sent: Wednesday, January 04, 2006 11:03 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: WMF Vunrability http://www.ISAserver.org Oh sure, you just HAD to throw cold water on my warm and fuzzy feelings, didn't ya? *grin* What version did you test? I'm running 10.0.0.359 here. -----Original Message----- From: JosephK [mailto:josephk@xxxxxxxxx] Sent: Wednesday, January 04, 2006 12:59 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: WMF Vunrability http://www.ISAserver.org Hi Dan, I setup a test box with Norton and surfed to sites where I could get the *.wmf thing so I could see what it does. And Norton did not catch this. Well at least with the desktop version I ran. good thing I just closed down my virtual pc without saving anything! I noticed that on sites that use this they use this class ID 2D360201-FFF5-11d1-8D03-00A0C959BC0A and that belongs to the : Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DHTMLSafe.DHTMLSafe] @="DHTML Edit Control Safe for Scripting for IE5" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DHTMLSafe.DHTMLSafe\CLSID] @="{2D360201-FFF5-11d1-8D03-00A0C959BC0A}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DHTMLSafe.DHTMLSafe\CurVer] @="DHTMLSafe.DHTMLSafe.1" So, I'm going to do more research on this myself Thank you, Joseph -----Original Message----- From: Ball, Dan [mailto:DBall@xxxxxxxxxxx] Sent: Wednesday, January 04, 2006 9:25 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: WMF Vunrability http://www.ISAserver.org I searched for about an hour last night about how to "block" this, but only came up with a couple of solutions. One is a patch written by a third-party that you install on your computer, and the other is to unregister some DLLs to disable that feature entirely. Both of these seemed to be very time-consuming methods, and with 1200 computers to update in a little over 24 hours it didn't seem worth it. Symantec appears to be confident that their real-time protection with current definitions will vastly reduce that threat, so I think we'll just ride out the storm until the "official" patch is released. Since all workstations are behind the ISA server, Internet access to a compromised machine is difficult at best. -----Original Message----- From: Brian Boyes [mailto:BrianB@xxxxxxxxx] Sent: Wednesday, January 04, 2006 12:02 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: WMF Vunrability http://www.ISAserver.org > I have installed the "wmf" block to my ISA 2004 clients > but I not sure how to set this up for ISA 2000. > Could someone provide advice of the best way to do this. Did anyone ever post an answer? I'm curious about this "wmf block". Brian ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: dball@xxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: josephk@xxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: dball@xxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: josephk@xxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx