RE: WMF Vunrability

  • From: "Andy Haigh" <ahaigh@xxxxxxxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Thu, 5 Jan 2006 10:53:17 +1100

Sorry the block in question for ISA 2004, is:

Go to the rule that allows inbound web traffic and double-click it.
Click the "Protocols" tab
Click "Filtering"
Click "Configure HTTP"
Click the "Extensions" tab
And add wmf
I also have been adding emf as well.

I'm just not sure of how to do this on ISA 2000.

Also the only way I have been able to find to stop this attack on the
clients, using MS fixes, is to unregister the offending dll using. 

regsvr32 /u %windir%\system32\shimgvw.dll

Some sites also say to rename it as well to stop it being re-registered
by malware. This will stop the problem, but will stop certain things
working.

Andy

-----Original Message-----
From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] 
Sent: Thursday, 5 January 2006 1:29 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: WMF Vunrability

http://www.ISAserver.org

It might help to tell us what "block" you used in ISA 2004.

--------------------------------------------
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
--------------------------------------------
-----Original Message-----
From: Andy Haigh [mailto:ahaigh@xxxxxxxxxxxxxxxx]
Sent: Tuesday, January 03, 2006 11:01 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] WMF Vunrability

http://www.ISAserver.org


I have installed the "wmf" block to my ISA 2004 clients but I not sure
how to set this up for ISA 2000.

Could someone provide advice of the best way to do this.

Thanks

Andy 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx 

All mail to and from this domain is GFI-scanned.


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
ahaigh@xxxxxxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 01-2006