FW: Microsoft Security Update

• Previous message: Brian Bergin: "ntbackup & MS SQL 2k SP3 on Server 2003"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date:         Thu, 4 Sep 2003 00:56:42 +0200
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

I see a trend going on here, Word, Office, Office, Office and Office. I
guess Office has been overdue in regards to security bulletins lately :)

MS03-034 (NetBIOS information disclosure) gets a rating of Low, even though
Blaster showed us just how many Windows installations run with all ports
accessible.

It's surprising that MS03-035 (circumventing Office Macro security) and
MS03-036 (BO in WordPerfect Converter) got ratings of Important rather than
Critical, I guess the bulletins are waiting for some autoamtic exploit to
surface before revision.

At least MS03-037 (VBA code execution) got a proper Critical rating.

MS03-038 (code execution in Access Snapshot Viewer, an ActiveX control) got
a rating of Moderate for webpage based exploits but completely forgets to
mention HTML email.

Lots of different ratings and lots of details to consider before system
administrators can decide when to apply these patches, but we really want
simplicity over complexity. I would still prefer 2 ratings instead of 4,
Apply Now or Apply Later - with the latter heading for the bi-weekly patch
job. Let's face it, rolling out patches in a big corporation on an almost
daily basis is just not very effective or economical.

Which leads to the positive side, it is definitely great to see Microsoft
releasing 5 vulnerabilities in a single day, rather than releasing a new
every other day. They must have listened to the feedback from administrators
who tired of inefficient and constant patch jobs, and should definitely
adhere to this practice in the future. It may be a small step in optimizing
the entire patch process, but it's a positive trend.

If there is anything we have learnt in the months behind us it is that
producing patches is the least of our worries in security, getting
administrators and endusers to actually apply those patches is an entirely
different ballgame.

Regards
Thor Larholm
PivX Solutions, LLC - Senior Security Researcher

-ooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Whatever Happened to Octopus?

LEGATO RepliStor, formerly known as Octopus, delivers breakthrough
replication performance that's 5X faster than the competition in an
independent head-to-head test. Learn how RepliStor uses patented,
asynchronous, real-time replication, to deliver disaster recovery, data
distribution and consolidated backups. It is the first replication solution
to achieve Windows 2003 certification. Get the performance report now.

http://portal1.legato.com/products/replistor/upgrade.cfm

-ooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo

• Previous message: Brian Bergin: "ntbackup & MS SQL 2k SP3 on Server 2003"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]