[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [SAGE] What are you all doing about the WMF exploit?

To: Trey Darley <trey@treyka.net>
Subject: Re: [SAGE] What are you all doing about the WMF exploit?
From: "Richard Johnson" <rdump@river.com>
Date: Wed, 4 Jan 2006 12:01:22 -0700
Cc: sage-members@sage.org
In-Reply-To: <1BCEBD6E-D0B2-4E56-A1C8-09F06F731150@treyka.net>
References: <1BCEBD6E-D0B2-4E56-A1C8-09F06F731150@treyka.net>
Sender: owner-sage-members@usenix.org

At 10:18 +0100 on 2006-01-03, Trey Darley wrote:
> Have any of you deployed Guilfanov's patch? What do you think?


Testing hasn't revealed any side effects.  The MSI version appears to
uninstall properly, as well.

We've mandated the unofficial patch in the face of 1) ~6 hosts per day on a
/16 falling to one or more of the hundreds of exploit versions out there,
2) anti-virus firms not keeping up with the morph rate, and 3) Microsoft
not planning on releasing their official patch in a more timely manner.

If the unofficial patch causes problems, it'll be with attention focused on
it as the possible cause.  The compromises, on the other hand, will
generally be much harder to spot, let alone clean up short of a reinstall
of every one of our MS Windows boxes [1].

The unofficial patch is thus a much smaller long-term risk, and (based on
the testing) an easily tolerable immediate risk.


Richard

-------
[1] Yes, this may be necessary anyway due to all the myriad other spyware
infestations out there, but... ;-)

Follow-Ups:
- Re: [SAGE] What are you all doing about the WMF exploit?
  - From: Mario Obejas <obejas@exile.esn.us.ray.com>

References:
- [SAGE] What are you all doing about the WMF exploit?
  - From: Trey Darley <trey@treyka.net>

Prev by Date: Re: [SAGE] BayLISA Video galore..
Next by Date: Re: [SAGE] Cheap USB NTP Reference Clocks?
Prev by thread: Re: [SAGE] What are you all doing about the WMF exploit?
Next by thread: Re: [SAGE] What are you all doing about the WMF exploit?
Index(es):
- Date
- Thread