<<< Date Index >>>     <<< Thread Index >>>

Re: ZERT patch [was: 0day for IE (Disabling Javascript no longer a fix)]



"A" patch ..not "The" patch.

There's a difference.. third party patches makes me unsupported. This too has to be weighed when deciding risk factors.

Gadi Evron wrote:
On Mon, 25 Sep 2006, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote:
Jesper's Blog : More options on protecting against recent IE vulnerabilities on a domain:
http://msinfluentials.com/blogs/jesper/archive/2006/09/22/More-options-on-protecting-against-the-VML-vulnerability-on-a-domain.aspx

I like that option better. Leaves me supported and honestly I've not seen anything that I'm running that's used VML or freaked since I've done that?

The patch is available, but if the workaround works for you, you should
definitely use that. All things being even, third party patches should be
a last resort.

        Gadi.

Gadi Evron wrote:
On Sun, 24 Sep 2006, Bill Stout wrote:
http://sunbeltblog.blogspot.com/2006/09/seen-in-wild-zero-day-exploit-be
ing.html "This exploit can be mitigated by turning off Javascripting.
Update: Turning off Javascripting is no longer a valid mitigation. A
valid mitigation is unregistering the VML dll. "
There is, of course, the ZERT (Zeroday Emergency Response Team) patch,
available to those who choose to use it.
Along with source code, testing methodology, etc.

Naturally a vendor patch is BETTER, this is merely an alternative that can
be used, right now, by those who choose to do so.

http://www.eweek.com/article2/0,1895,2019162,00.asp
http://isotf.org/zert/

Richard wrote an interesting blog entry on it:
http://taosecurity.blogspot.com/2006/09/zert-evolution.html

Bill Stout
        Gadi.


--
Letting your vendors set your risk analysis these days? http://www.threatcode.com

If you are a SBSer and you don't subscribe to the SBS Blog... man ... I will 
hunt you down...
http://blogs.technet.com/sbs




--
Letting your vendors set your risk analysis these days? http://www.threatcode.com

If you are a SBSer and you don't subscribe to the SBS Blog... man ... I will 
hunt you down...
http://blogs.technet.com/sbs