Patch. While we have time.

From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (sbradcpa_at_PACBELL.NET)
Date: 07/22/03

  • Next message: Steve Warrick: "W2K sp4, mdac 2.5sp3, and hfnetchk 3.86" 
    Date:         Mon, 21 Jul 2003 17:43:07 -0700
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

    "Waiting for the Worms
    The hole's been announced, the patch has been released. Now there's
    nothing to do but wait for the worm to come and wreak its ugly havoc."

    By Tim Mullen Jul 21 2003 12:00AM PT

    "As a security person, I get paid to be accurate. In this case, I hope
    I'm wrong -- but I hope I'm wrong for the right reason. In six months we
    can sit back and say, "see, I told you so," while others put in
    20-hour-a-day weekends cleaning up Mescaline. Or we can be proactive and
    get the word out as security evangelists: patch and protect your
    systems, practice least privilege and implement security in depth."

    "Let's all do our part to make Mescaline a flash in the pan. I still got
    dibs on the name, though."

    I invite everyone to read an excellent article by Tim Mullen on the 03-026
    patch:

    SecurityFocus HOME Columnists: Waiting for the Worms:
    http://www.securityfocus.com/columnists/174

    I then invite everyone to get the word out.... 03-026 is supported on SP3 and
    SP4,
    thus if you aren't up to that patch level...do it...now while we have time.

    We've had two prior times to get this right. Let's show everyone that third
    time is
    the charm and show Mr. Mullen that we can do it right this time.

    Patch. While we have time.
    Microsoft Security Bulletin MS03-026:
    http://www.microsoft.com/technet/security/bulletin/MS03-026.asp?frame=true

    Susan Bradley

    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
    Are You "Certifiable"? Summer's Hottest Certification Just Got HOTTER!

    With a growth rate exceeding 110%, the TICSA security practitioner
    certification is one of the hottest IT credentials available. And now, for
    a limited time, you can save 33% off of the TICSA certification exam! To
    learn more about the TICSA certification, and to register as a TICSA
    candidate online, just go to

    http://www.trusecure.com/offer/s0100/

    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo

  • Next message: Steve Warrick: "W2K sp4, mdac 2.5sp3, and hfnetchk 3.86"

    Relevant Pages

    • Re: Q329170 (MS02-070), Q327984 and slow logoffs
      ... Service Pack 4", the problem described by Chris Hill on 3/21/03 ... > security bulletin, your computer takes a long time to log off (up to ... > by a handle leak in shlwapi32.dll' whereas this patch does not exist ... Summer's Hottest Certification Just Got HOTTER! ...
      (NT-Bugtraq)
    • Patch 22, eh, make that Catch 22
      ... How to patch 30.000 machines. ... "Better way to perform Microsoft security ... Summer's Hottest Certification Just Got HOTTER! ... you can save 33% off of the TICSA certification exam! ...
      (NT-Bugtraq)
    • Re: [PATCH][RFC] Light-weight Auditing Framework
      ... > auditing framework that's used in production and already has gotten the ... > wizzbang certification you seem to be aiming at. ... In contrast to Olaf's work, for example, my patch does ... the work that the security module will provide. ...
      (Linux-Kernel)
    • VMSA-2006-0006 - VMware ESX Server 2.5.3 Upgrade Patch 4
      ... Patch URL: http://www.vmware.com/download/esx/esx-253-200610-patch.html ... Updated package addresses several security issues. ... Common Vulnerabilities and Exposures project assigned ... VMware Security Response Policy ...
      (Bugtraq)
    • [Full-disclosure] VMSA-2006-0006 - VMware ESX Server 2.5.3 Upgrade Patch 4
      ... Patch URL: http://www.vmware.com/download/esx/esx-253-200610-patch.html ... Updated package addresses several security issues. ... Common Vulnerabilities and Exposures project assigned ... VMware Security Response Policy ...
      (Full-Disclosure)