Re: what is your advice to your users

["H. Morrow Long" <morrow.long () YALE EDU>]

Leslie -

Waiting so far (luckily most of our users are away -- and the # of
WMF exploit attempts
we've seen have been small therefore) as an unofficial patch could be
a big problem
if installed on thousands of desktops and proves to be broken, etc (a
case of the cure
being worse than the disease).  We're hoping for a MS patch and
hoping that Symantec
on the desktop (and ClamAV/Sophos on the mail servers) protect the
bulk of users
against the known variants (we are also blocking email with 'Happy
New Year' as the
subject -- which is an unfortunate step to have to take I know).

Some Windows admins have (and more will) installed some of the
workarounds and
will install stop gap patch most likely.

We've put up status messages in various places as well at:

        www.yale.edu/its/security
        www.yale.edu/its/security/exploit-wmf.html

And we are thinking about next steps (whether to do a communication
to end-users, etc.).

Morrow


On Jan 2, 2006, at 11:23 AM, Ken Connelly wrote:

> Yes, I have suggested that local Windows admins install this
> unofficial patch.
>
> - ken
>
> Leslie Maltz wrote:
>
> > "Users of the Windows OS should install an unofficial security
> > patch now without waiting for Microsoft Corp. to make its move,
> > security researchers at The SANS Institute's Internet Storm Center
> > (ISC) advised yesterday."   see     http://www.computerworld.com/
> > securitytopics/security/holes/story/0,10801,107420,00.html
> >
> > Are you advising your users to install an unofficial patch or are
> > you waiting?
> >
> > And Happy New Year to all as we start the year off with new problems.
> > -leslie