Did anybody figure out how to apply this to a domain using group policy?
Thanks,
[cid:***@01CFEDE7.496D4580]
Justin Spawn
Business Technology Manager
Girl Scouts of Eastern Iowa and Western Illinois
940 Golden Valley Drive
Bettendorf, IA 52722
D 309-283-2320
T 563-823-9940 x333
F 563-823-0162
GirlScoutsToday.org<http://www.girlscoutstoday.org/>
Facebook<https://www.facebook.com/GSEIWI> | Twitter<http://twitter.com/#!/GSEIWI>
Pinterest<http://pinterest.com/girlscoutstoday/>
Girl Scouting builds girls of
courage, confidence,
and character who make
the world a better place.
From: Julian Harper [mailto:***@Laytons.co.uk]
Sent: Wednesday, October 22, 2014 3:25 AM
To: Patch Management Mailing List
Subject: RE: [patchmanagement] New Microsoft Advisory and FixIt
Does anyone know how to roll this out with EMET via group policy?
You can add custom settings for applications but for the dllhost.exe below I couldnât see the switch for ASR in the Group Policy help.
<EMET Version="5.0.5324.31801">
<Settings />
<EMET_Apps>
<AppConfig Path="*" Executable="dllhost.exe">
<Mitigation Name="DEP" Enabled="false" />
<Mitigation Name="SEHOP" Enabled="false" />
<Mitigation Name="NullPage" Enabled="false" />
<Mitigation Name="HeapSpray" Enabled="false" />
<Mitigation Name="EAF" Enabled="false" />
<Mitigation Name="EAF+" Enabled="false" />
<Mitigation Name="MandatoryASLR" Enabled="false" />
<Mitigation Name="BottomUpASLR" Enabled="false" />
<Mitigation Name="LoadLib" Enabled="false" />
<Mitigation Name="MemProt" Enabled="false" />
<Mitigation Name="Caller" Enabled="false" />
<Mitigation Name="SimExecFlow" Enabled="false" />
<Mitigation Name="StackPivot" Enabled="false" />
<Mitigation Name="ASR" Enabled="true">
<asr_modules>packager.dll</asr_modules>
</Mitigation>
</AppConfig>
<AppConfig Path="*\OFFICE1*" Executable="POWERPNT.EXE">
<Mitigation Name="DEP" Enabled="true" />
<Mitigation Name="SEHOP" Enabled="true" />
<Mitigation Name="NullPage" Enabled="true" />
<Mitigation Name="HeapSpray" Enabled="true" />
<Mitigation Name="EAF" Enabled="true" />
<Mitigation Name="EAF+" Enabled="false" />
<Mitigation Name="MandatoryASLR" Enabled="true" />
<Mitigation Name="BottomUpASLR" Enabled="true" />
<Mitigation Name="LoadLib" Enabled="true" />
<Mitigation Name="MemProt" Enabled="true" />
<Mitigation Name="Caller" Enabled="true" />
<Mitigation Name="SimExecFlow" Enabled="true" />
<Mitigation Name="StackPivot" Enabled="true" />
<Mitigation Name="ASR" Enabled="true">
<asr_modules>flash*.ocx;packager.dll</asr_modules>
</Mitigation>
</AppConfig>
</EMET_Apps>
</EMET>
Julian Harper
IT Manager
Laytons Wine Services Ltd
From: Dave [mailto:***@gmx.us]
Sent: 21 October 2014 22:37
To: Patch Management Mailing List
Subject: [patchmanagement] New Microsoft Advisory and FixIt
Greetings
Microsoft has just released Advisory 3010060 for Microsoft OLE
https://technet.microsoft.com/en-us/library/security/3010060
FixIt available here -
https://support.microsoft.com/kb/3010060
Best Regards
Dave
---
PatchManagement.org is hosted by Shavlik
The content on the email list is intended for assisting administrators. If you would like to use any of this content in a blog or media publication, please contact the owners of the list for approval.
To unsubscribe send a blank email to leave-***@patchmanagement.org
If you are unable to unsubscribe via this email address, please email
owner-***@patchmanagement.org