RE: WMF Vunrability
- From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 5 Jan 2006 06:39:24 -0800
If it encounters any errors, it will *not* save the changes.
This prevents "half-updates" that are often impossible to revert without
deleting the corrupted rule.
Can you re-run it and C&P the screen output?
Also, your ISAInfo would help.
--------------------------------------------
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
--------------------------------------------
-----Original Message-----
From: Paul Crisp [mailto:PCrisp@xxxxxxxxxxxxxxxxx]
Sent: Thursday, January 05, 2006 12:57 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: WMF Vunrability
http://www.ISAserver.org
Hey Jim,
After getting page not found then realised the spelling mistake in your
URL. Downloaded the script and decided to test, and I get the following
error appear:
*** Failed to upodate the HTTP Filter settings....
Error 0x424
Error: Object required
It seems to do this when examining my rules and its trying to add the
.emf and .wmf definitions and it only does it on some rules.
Also, looked at one of the rules it said it modified but it doesn't seem
to have done anything, how can I tell?
ps
Running ISA 2004 SE on Windows 2000 box
Regards
Paul Crisp
Snr Network Support Analyst
-----Original Message-----
From: Greg Mulholland [mailto:greg@xxxxxxxxxxxxxx]
Sent: 05 January 2006 07:26
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: WMF Vunrability
http://www.ISAserver.org
Same
Greg Mulholland
Just because I don't care, doesn't mean i dont understand - Homer
Simpson
-----Original Message-----
From: John T (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx]
Sent: Thursday, January 05, 2006 6:22 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: WMF Vunrability
http://www.ISAserver.org
Page not found. :(
John T
eServices For You
> -----Original Message-----
> From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
> Sent: Wednesday, January 04, 2006 10:33 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: WMF Vunrability
>
> http://www.ISAserver.org
>
> Anyone interested in trying the beta script, it's at
> http://isatools.org/block_wsf.zip.
>
> It's not been through code-review of final approval, so YMMV (works
> for me in 2004 SE & EE).
>
> --------------------------------------------
> Jim Harrison
> MCP(NT4, W2K), A+, Network+, PCG
> http://isaserver.org/Jim_Harrison/
> http://isatools.org
> Read the help / books / articles!
> --------------------------------------------
>
> -----Original Message-----
> From: Andy Haigh [mailto:ahaigh@xxxxxxxxxxxxxxxx]
> Sent: Wednesday, January 04, 2006 9:57 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: WMF Vunrability
>
> http://www.ISAserver.org
>
> We have been running anti-wife software since v1.0
>
> So far has worked very well, though there were a couple of close
shaves.
>
> Know of others who were not so lucky and got caught out. They didn't
> notice anything initially, but all of a sudden they realised they
> behaviour and dress was being changed by this malware. They lost
> control of what they spent their income on, who they went out with and
> where they went.
>
> They were suddenly spurred into action and the removal of this malware
> became the prime goal. What they thought would be a simple removal
> turned into a painfull and costly process which took a lot of time and
> recources.
>
> Finally they are rid of it though!!!!
>
> I have been told that there are versions of the wife malware that
> doesn't effect your user experience and I have even heard tales of
> this malware actually enhancing it.
>
> You have been warned!!
>
> -----Original Message-----
> From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx]
> Sent: Thursday, 5 January 2006 3:33 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: WMF Vunrability
>
> http://www.ISAserver.org
>
> Regarding the wmf vulnerability, the Microsoft Outlook spell-checker
> wants to change it to "wife." Now THAT'S some intuitive damn code!!!
>
> t
>
> -----
> "I may disapprove of what you say,
> but I will defend to the death your
> right to say it."
>
>
> ----- Original Message -----
> From: "Greg Mulholland" <greg@xxxxxxxxxxxxxx>
> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> Sent: Wednesday, January 04, 2006 8:20 PM
> Subject: [isalist] RE: WMF Vunrability
>
>
> http://www.ISAserver.org
>
> You've earned you stripes today Harrison :) nice work
>
> Greg Mulholland
>
> ________________________________
>
> From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
> Sent: Thu 5/01/2006 12:57 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: WMF Vunrability
>
>
>
> http://www.ISAserver.org
>
> Updated:
>
> HTTP filter settings (you all know how to get there).
>
> 1. Extensions:
> <choice>
> Set "block specified"
> Add .emf
> Description="application/x-msmetafile"
> Add .wmf
> Description="application/x-msmetafile"
> </choice>
> <choice>
> Set "allow specified"
> Remove .emf
> Remove .wmf
> </choice>
> <notachoice>
> Set "allow all"
> </notachoice>
>
>
>
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> thor@xxxxxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> ahaigh@xxxxxxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> jim@xxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
> All mail to and from this domain is GFI-scanned.
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> johnlist@xxxxxxxxxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
greg@xxxxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
pcrisp@xxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is GFI-scanned.
Other related posts:
