Hi all, As most of you probably already know, the SANS Internet Storm Center recently rose it's INFOCON level to Yellow to pre-empt the fallout of the recent Windows LNK vulnerability (still considered a zero-day). It kinda got me thinking - what protocols do you\your company have in place for when these kinds of events occur? Do you change Windows Updates settings, schedule more AV scans, ensure PCs are turned-off\locked when not in use, enable more restrictive firewall and proxy rules\ACLs? Obviously you don't have to go into specifics, but I know that there's a number of areas for me that are possibly worth looking in to that I haven't yet had the time to do so. So yeah, thoughts?