Re: MS01-013 revised - other revisions
From: Russ (Russ.Cooper@RC.ON.CA)Date: 10/13/01
- Previous message: Tony Chow: "How to use scripting to secure your Win2K network--part 2--downloadable version"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <E9A01F52DC939448BBDE44ED2E1C468F1F1B8F@muskie.rc.on.ca> Date: Sat, 13 Oct 2001 04:56:40 -0400 From: Russ <Russ.Cooper@RC.ON.CA> Subject: Re: MS01-013 revised - other revisions To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Message delivery co-sponsored by GFI Software
LANguard Security Event Log Monitor offer!
Catch hackers red-handed with LANguard S.E.L.M.! Provides intrusion
detection through centralized NT/2000 security event log monitoring.
Extensive reporting identifies all machines being targeted & local users
trying to hack. Download your FREE starter pack today:
http://www.gfisoftware.com/stats/adentry.asp?adv=107&loc=1
======
List message follows...
-----BEGIN PGP SIGNED MESSAGE-----
According to the Microsoft Security Response Center;
- ---
When the Q article [rc Q299549] talks about "loss of some of the
fixes that are included in SP2" it is NOT saying that any of the
security patches have been removed or regressed, causing the
vulnerabilities to return. None of the issues that the security
patches address are inadvertently re-opened by this issue. Because
this is a general KB rather than a security bulletin, it's advising
that you reapply so that you can be sure to get those additional,
non-security fixes. From a security standpoint, you don't need to
reapply those hotfixes. Of course, if anyone is concerned and wants
to be cautious, there's no harm in reapplying those fixes.
For reference, the security fixes that are listed in that KB are:
MS00-080
MS01-007
MS01-013
MS01-011
MS01-024
MS01-026
MS01-044
- ---
[rc]So, during the development cycle of SP2 other fixes, not related
to security, were made to the components included in the
above-mentioned Security Bulletin (SB) fixes. The final release of
SP2 does not update those components if the preliminary SB fix is
already on the system. Ergo, you're fixed against the particular
security vulnerability, but you don't have all of the non-security
fixes that the component needs.
- From a strict security perspective, you need to nothing more, but
from a functionality/stability/performance perspective, you should
re-apply the revised version of the SB fix when you can.
Cheers,
Russ - NTBugtraq Editor
-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.2
iQCVAwUBO8gByBBh2Kw/l7p5AQE5hgP9FWxd8oimKQRLlDW4cL+MLoOJ9Fv6cWGF
PFOT7QyX5rrgsJtmzgq+bDJEVAKBl7/uuHY5e786NahOThxzVqKP2FbL98C0xGtP
U6pyiw9dsD0HUC2036hE1UZc2ERWlPj25qqMjYuzTUlKuCjfflFMUt/r424Zqumo
p4mUfTzf/gg=
=7Nli
-----END PGP SIGNATURE-----
- Previous message: Tony Chow: "How to use scripting to secure your Win2K network--part 2--downloadable version"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
