"A" patch ..not "The" patch.There's a difference.. third party patches makes me unsupported. This too has to be weighed when deciding risk factors.
Gadi Evron wrote:
On Mon, 25 Sep 2006, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote:Jesper's Blog : More options on protecting against recent IE vulnerabilities on a domain:http://msinfluentials.com/blogs/jesper/archive/2006/09/22/More-options-on-protecting-against-the-VML-vulnerability-on-a-domain.aspxI like that option better. Leaves me supported and honestly I've not seen anything that I'm running that's used VML or freaked since I've done that?The patch is available, but if the workaround works for you, you should definitely use that. All things being even, third party patches should be a last resort. Gadi.Gadi Evron wrote:On Sun, 24 Sep 2006, Bill Stout wrote:http://sunbeltblog.blogspot.com/2006/09/seen-in-wild-zero-day-exploit-being.html "This exploit can be mitigated by turning off Javascripting.Update: Turning off Javascripting is no longer a valid mitigation. A valid mitigation is unregistering the VML dll. "There is, of course, the ZERT (Zeroday Emergency Response Team) patch, available to those who choose to use it. Along with source code, testing methodology, etc. Naturally a vendor patch is BETTER, this is merely an alternative that can be used, right now, by those who choose to do so. http://www.eweek.com/article2/0,1895,2019162,00.asp http://isotf.org/zert/ Richard wrote an interesting blog entry on it: http://taosecurity.blogspot.com/2006/09/zert-evolution.htmlBill StoutGadi.--Letting your vendors set your risk analysis these days? http://www.threatcode.comIf you are a SBSer and you don't subscribe to the SBS Blog... man ... I will hunt you down... http://blogs.technet.com/sbs
--Letting your vendors set your risk analysis these days? http://www.threatcode.com
If you are a SBSer and you don't subscribe to the SBS Blog... man ... I will hunt you down... http://blogs.technet.com/sbs