I'm wondering what other security risk administrators do with vulnerability like this "Microsoft Data Access Objects Library 3.6 DLL Hijacking Vulnerability" .
There is no official patch for it, applications on server use DAO, so what to do? ignore or not
what is te best pratice or how to deal with vulnerabilities like this
thanks for answers
First the "Microsoft Data Access Objects Library 3.6 DLL Hijacking Vulnerability" CVE-2010-4182 was already covered by MVM please check this document: http://www.mcafee.com/us/resources/release-notes/foundstone/fsl_08_02_2011.pdf
Second, if you detected that vulnerability the best thing to do in my opinion is to use a preventive solution as an IPS. That's why I checked the my McAfee NSP solution and I looked for that vulnerability in the "all inclusive without audit" policy, I searched by CVE as reference, and ooohh surprise I didn't find any coverage.
Conclusion: in my opinion the best solution for a not patched vuln is use a preventive tool like an IPS. Now I'm wondering Why McAfee NSP has no coverage for that vuln...I feel a little bit worried now.