RE: WMF Vunrability
- From: "JosephK" <josephk@xxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 4 Jan 2006 23:01:07 -0800
Hi Dan,
I'm running 10.0.1.13. But, the signatures should be the same as yours.
Not sure if the version matters all that much.
Joseph
-----Original Message-----
From: Ball, Dan [mailto:DBall@xxxxxxxxxxx]
Sent: Wednesday, January 04, 2006 11:03 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: WMF Vunrability
http://www.ISAserver.org
Oh sure, you just HAD to throw cold water on my warm and fuzzy feelings,
didn't ya? *grin* What version did you test? I'm running 10.0.0.359
here.
-----Original Message-----
From: JosephK [mailto:josephk@xxxxxxxxx]
Sent: Wednesday, January 04, 2006 12:59 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: WMF Vunrability
http://www.ISAserver.org
Hi Dan,
I setup a test box with Norton and surfed to sites where I could get the
*.wmf thing so I could see what it does. And Norton did not catch this.
Well at least with the desktop version I ran. good thing I just closed
down
my virtual pc without saving anything! I noticed that on sites that use
this they use this class ID 2D360201-FFF5-11d1-8D03-00A0C959BC0A and
that
belongs to the :
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DHTMLSafe.DHTMLSafe]
@="DHTML Edit Control Safe for Scripting for IE5"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DHTMLSafe.DHTMLSafe\CLSID]
@="{2D360201-FFF5-11d1-8D03-00A0C959BC0A}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DHTMLSafe.DHTMLSafe\CurVer]
@="DHTMLSafe.DHTMLSafe.1"
So, I'm going to do more research on this myself
Thank you,
Joseph
-----Original Message-----
From: Ball, Dan [mailto:DBall@xxxxxxxxxxx]
Sent: Wednesday, January 04, 2006 9:25 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: WMF Vunrability
http://www.ISAserver.org
I searched for about an hour last night about how to "block" this, but
only came up with a couple of solutions. One is a patch written by a
third-party that you install on your computer, and the other is to
unregister some DLLs to disable that feature entirely. Both of these
seemed to be very time-consuming methods, and with 1200 computers to
update in a little over 24 hours it didn't seem worth it.
Symantec appears to be confident that their real-time protection with
current definitions will vastly reduce that threat, so I think we'll
just ride out the storm until the "official" patch is released. Since
all workstations are behind the ISA server, Internet access to a
compromised machine is difficult at best.
-----Original Message-----
From: Brian Boyes [mailto:BrianB@xxxxxxxxx]
Sent: Wednesday, January 04, 2006 12:02 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: WMF Vunrability
http://www.ISAserver.org
> I have installed the "wmf" block to my ISA 2004 clients
> but I not sure how to set this up for ISA 2000.
> Could someone provide advice of the best way to do this.
Did anyone ever post an answer? I'm curious about this "wmf block".
Brian
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
dball@xxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
josephk@xxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
dball@xxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
josephk@xxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
