[BESAdmin-Announcements] Microsoft Security Advisory 926043 - Vulnerability in Windows Shell

Annoucements for BES Administrators besadmin-announcements at bigmail.bigfix.com
Wed Oct 4 11:05:15 PDT 2006

Microsoft released Security Advisory 926043 on September 28th to warn
users of a publicly known vulnerability in Windows Shell that is exposed
by the Microsoft WebViewFolderIcon ActiveX Control (Web View). Microsoft
is working on a security update currently scheduled for an October 10th

Two of Microsoft's three suggested workarounds involves changing
Internet Explorer's Web content zone security settings to prompt before
running ActiveX Controls or disable Active X Controls completely.
Various tasks and analyses are available in the "Security Policy
Manager" site that allow you to modify and retrieve Web content zone
security settings through BES.

The other suggested workaround sets the kill bit specifically for the
WebViewFolderIcon Control by modifying the registry. Custom tasks that
implement and undo this workaround are available to all BES customers
and can be downloaded from the URL listed below. The .bes file can be
imported into a BES 6.0 deployment by double clicking on the file on a
machine with the BES Console installed. Please contact BigFix Technical
Support if you have any questions regarding this announcement.

Microsoft Security Advisory 926043:
http://www.microsoft.com/technet/securi ... 26043.mspx
.BES File for Kill Bit Workaround:


BigFix Product Team

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://bigmail.bigfix.com/pipermail/besadmin-announcements/attachments/20061004/c35c0692/attachment.htm 

More information about the Besadmin-announcements mailing list