RE: WMF Vulnerability

• From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Wed, 4 Jan 2006 17:26:09 -0600

Hey Jim,

I've done those things already, but it seems there is more to the story.
Still have to worry about e-mail too.

Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls

 

> -----Original Message-----
> From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] 
> Sent: Wednesday, January 04, 2006 3:09 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: WMF Vulnerability
> 
> http://www.ISAserver.org
> 
> Those are two separate questions.
> ISA doesn't use the OS file associations to make its 
> decisions, so blocking file types of .wmf or content-types of 
> application/x-msmetafile will get you some relief.
> 
> -------------------------------------------------------
>    Jim Harrison
>    MCP(NT4, W2K), A+, Network+, PCG
>    http://isaserver.org/Jim_Harrison/
>    http://isatools.org
>    Read the help / books / articles!
> -------------------------------------------------------
>  
> 
> -----Original Message-----
> From: Hillaert, Todd [mailto:THillaert@xxxxxxxx] 
> Sent: Wednesday, January 04, 2006 12:42
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: WMF Vulnerability
> 
> http://www.ISAserver.org
> 
> Hi
> 
> Correct me if I'm wrong, but as I understand it, a WMF  is 
> not handled by the operating system only according its 
> extension, but by special flags set within the file itself. 
> 
> That's why blocking *.wmf or the mime types will not stop it. 
> 
> Todd
> 
> -----Original Message-----
> From: Brian Boyes [mailto:BrianB@xxxxxxxxx]
> Sent: Wednesday, January 04, 2006 2:37 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: WMF Vulnerability
> 
> http://www.ISAserver.org
> 
> True enough. You had mentioned it was doable with GFI and I 
> though it might be useful to mention how it could be done via 
> surfcontrol as well.
> Personally, I blocked WMF files at ISA and with my 
> surfcontrol filter, just in case.
> 
> Brian 
> 
> -----Original Message-----
> From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
> Sent: Wednesday, January 04, 2006 2:41 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: WMF Vulnerability
> 
> Hi Brian,
> 
> You don't need SurfControl just to block .wmf files, you can 
> use the OOB ISA firewall to do that.
> 
> Tom
> 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> thillaert@xxxxxxxx To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> 
> 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion 
> List as: jim@xxxxxxxxxxxx To unsubscribe visit 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> All mail to and from this domain is GFI-scanned.
> 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion 
> List as: tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe visit 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> 

Other related posts:

• » RE: WMF Vulnerability
• » RE: WMF Vulnerability
• » RE: WMF Vulnerability
• » RE: WMF Vulnerability
• » RE: WMF Vulnerability
• » RE: WMF Vulnerability
• » RE: WMF Vulnerability
• » RE: WMF Vulnerability
• » RE: WMF Vulnerability
• » RE: WMF Vulnerability
• » RE: WMF Vulnerability
• » RE: WMF Vulnerability
• » RE: WMF Vulnerability
• » RE: WMF Vulnerability
• » RE: WMF Vulnerability
• » RE: WMF Vulnerability
• » RE: WMF Vulnerability
• » RE: WMF Vulnerability
• » RE: WMF Vulnerability
• » RE: WMF Vulnerability
• » RE: WMF Vulnerability
• » RE: WMF Vulnerability
• » RE: WMF Vulnerability
• » RE: WMF Vulnerability
• » RE: WMF Vulnerability
• » RE: WMF Vulnerability
• » RE: WMF Vulnerability
• » RE: WMF Vulnerability
• » RE: WMF Vulnerability
• » RE: WMF Vulnerability
• » RE: WMF Vulnerability
• » RE: WMF Vulnerability
• » RE: WMF Vulnerability
• » RE: WMF Vulnerability
• » RE: WMF Vulnerability

1. Home
2. isalist
3. Archive
4. 01-2006

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---