[92496] in North American Network Operators' Group
Re: tech support being flooded due to IE 0day
daemon@ATHENA.MIT.EDU (Paul Vixie)
Fri Sep 22 11:20:45 2006
To: nanog@merit.edu
From: Paul Vixie <vixie@vix.com>
Date: 22 Sep 2006 15:18:57 +0000
In-Reply-To: <Pine.GSO.4.64.0609220236200.14505@clifden.donelan.com>
Errors-To: owner-nanog@merit.edu
sean@donelan.com (Sean Donelan) writes:
> For assistance with Microsoft security issues in the US, call (866) PC-SAFETY
according to http://www.eweek.com/article2/0,1895,2019162,00.asp, microsoft has
not released a patch for the VML thing, so calling (866) PC-SAFETY isn't going
to be a universal fix (and who will $user call after that, we wonder?)
according to http://www.websense.com/securitylabs/alerts/alert.php?AlertID=628,
there is now malware-in-the-field that exploits the VML thing. and according
to http://www.auscert.org.au/render.html?it=6771, there's already phishing.
last but not least, according to http://isotf.org/zert/ there is a non-MSFT
patch for the VML thing. i don't expect ISP's to recommend its use, due to
liability reasons, but mentioning it or even proactively notifying about it
might be a way to get people off the phone (or keep them from calling in).
(i'll remove the ISC training ad from my .signature for this post, since i've
gone way over my NANOG quota here -- three messages in 24 hours, oops.)
--
Paul Vixie
