It was inevitable. A third party (ZERT) has issued a patch for the VML vulnerability in IE.

I can’t recommend this patch because I haven’t tested it nor do I know anything about ZERT. (more…)

There is yet another zero-day exploit for IE (the second within four days).

We’re two weeks away from Microsoft’s next patch cycle and I’ll bet dollars to donuts we won’t see a patch before then.

What options does an enterprise have in these cases? Recommending that the enterprise as a whole switches completely to a different web browser (usually Firefox) isn’t yet a viable solution. Whysat? Glad you asked; (more…)

Yes, its been over a week since my last blog entry. I’ve been fairly pre-occupied and haven’t had much time to blog, as I’ve been supporting offices in other time-zones (thing GMT and GMT+, not EST or PST) But now I’m back and ready to get on with boring people to death.

First thing I want to comment on now that I’m back is the lack of wide-scale impact of the mocbot variant that targeted MS06-040. (more…)

I have a post sitting in my ‘drafts’ section, in which I ramble on about why we’re forced to patch like a bunch of sheep once a month. That post might take a while because I keep having to edit it for rants to keep it concise and on point. (more…)

Yes, ‘pay it forward’ was originally a week-long deal, but it is a lot of fun and turned out to be pretty successful so I’ve made it a permanent fixture of the site.

This month’s security bulletins from Microsoft include a bulletin and patch regarding a vulnerability in the Server service. The server service is enabled by default and on file and print servers, is a critical service that can neither be firewalled nor disabled. (more…)