Educause Security Discussion mailing list archives

Re: what is your advice to your users

From: "Sadler, Connie" <Connie_Sadler () BROWN EDU>
Date: Mon, 2 Jan 2006 16:24:45 -0500

 
Does anyone know how close we are to a patch from Microsoft? I have to
think they are working on something now - this can't wait!! We don't
want to get ourselves into a situation where we are asking users to
install the unofficial patch (especially on servers), only to have to
back it out in a few days and re-apply something else. Anybody have some
status?

Connie J. Sadler, CM, CISSP, CISM, GIAC GSLC
Director, IT Security, Brown University
Box 1885, Providence, RI 02912
Office: 401-863-7266


-----Original Message-----
From: H. Morrow Long [mailto:morrow.long () YALE EDU] 
Sent: Monday, January 02, 2006 1:28 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] what is your advice to your users

Leslie -

Waiting so far (luckily most of our users are away -- and the # of WMF
exploit attempts we've seen have been small therefore) as an unofficial
patch could be a big problem if installed on thousands of desktops and
proves to be broken, etc (a case of the cure being worse than the
disease).  We're hoping for a MS patch and hoping that Symantec on the
desktop (and ClamAV/Sophos on the mail servers) protect the bulk of
users against the known variants (we are also blocking email with 'Happy
New Year' as the subject -- which is an unfortunate step to have to take
I know).

Some Windows admins have (and more will) installed some of the
workarounds and will install stop gap patch most likely.

We've put up status messages in various places as well at:

        www.yale.edu/its/security
        www.yale.edu/its/security/exploit-wmf.html

And we are thinking about next steps (whether to do a communication to
end-users, etc.).

Morrow


On Jan 2, 2006, at 11:23 AM, Ken Connelly wrote:

Yes, I have suggested that local Windows admins install this 
unofficial patch.

- ken

Leslie Maltz wrote:

"Users of the Windows OS should install an unofficial security patch 
now without waiting for Microsoft Corp. to make its move, security 
researchers at The SANS Institute's Internet Storm Center
(ISC) advised yesterday."   see     http://www.computerworld.com/ 
securitytopics/security/holes/story/0,10801,107420,00.html

Are you advising your users to install an unofficial patch or are you

waiting?

And Happy New Year to all as we start the year off with new problems.
-leslie

Current thread:

what is your advice to your users Leslie Maltz (Jan 02)
- <Possible follow-ups>
- Re: what is your advice to your users Ken Connelly (Jan 02)
- Re: what is your advice to your users Todd Kisida (Jan 02)
- Re: what is your advice to your users H. Morrow Long (Jan 02)
- Re: what is your advice to your users Sadler, Connie (Jan 02)
- Re: what is your advice to your users Gary Flynn (Jan 02)
- Re: what is your advice to your users Chris Harrington (Jan 02)
- Re: what is your advice to your users Todd Kisida (Jan 03)
- Re: what is your advice to your users Ken Connelly (Jan 03)
- Re: what is your advice to your users Mike Iglesias (Jan 03)
- Re: what is your advice to your users Flagg, Martin D. (Jan 04)
- Re: what is your advice to your users Drake, Craig (Jan 04)
- Re: what is your advice to your users Gary Flynn (Jan 04)
- Re: what is your advice to your users Todd Kisida (Jan 04)
- Re: what is your advice to your users Jeni Li (Jan 04)

(Thread continues...)