Re: Russ Cooper's AusCERT Presentation on MS Security Bulletins
From: BROWN Nick (Nick.BROWN_at_COE.INT)
Date: 06/02/04
- Previous message: Geo.: "Re: Submerged Subkeys in W2K"
- Maybe in reply to: Russ: "Russ Cooper's AusCERT Presentation on MS Security Bulletins"
- Next in thread: Antonio Calvillo: "Re: Russ Cooper's AusCERT Presentation on MS Security Bulletins"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 2 Jun 2004 22:29:19 +0200 To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
>I called for a new SP for Windows NT 4.0, considering the fact its still
widely in use and has >been more than 4 years without one yet has had at
least 68 vulnerabilities patched.
Just a security hotfix roll-up would be pretty good too... although, with
both Sasser and MSBlast, our particular config of NT 4.0 and the IE 5.01
release from Office 2000, seems to have been immune. Except, of course,
that when we applied the "MSBlast" patch prophylactically to NT 4.0 anyway,
we then made our systems genuinely vulnerable to the problems - never
exploited - which were left unfixed by the set of DLLs in that patch, and
necessitated another patch a month or so later...
>I stressed that, IMO, far too much effort is being placed on patching IE
vulnerabilities. To
>the best of my knowledge, only 2 wide-spread attacks have occurred
involving IE
>vulnerabilities, yet there have been at least 83 vulnerabilities patched
for IE.
I think this is tied in with your point about MS addressing the home user,
not the corporate desktop. IE vulnerabilities are not a major headache for
corporations because in a typical scenario, the only person who gets
affected is the one who was surfing where s/he probably shouldn't have been.
On the other hand, the IE patches seem to be particularly "good" at breaking
stuff (such as ERP applications).
Our 1500 users pick up one or two trojans a week (typically we detect these
because the "Run=" registry item changes), but it's only ever the individual
user who's been affected. (And in most cases, the main "victims" are us in
IS who have to clean it up; generally all the user sees, at worst, is that
the IE start page is now a Russian porn site or whatever.)
But then we're back to the general Windows problem: the first three messages
which a user sees on logging on to an OS called "Windows XP Professional"
ought, one might think, not to be "get a .NET passport", "download arbitrary
new software, which your IS department has not yet tested, here", and "talk
to your drinking buddies with Instant Messaging". But that's exactly what
the average IS shop has to disable as part of the Windows XP Professional
post-installation.
Nick Brown, Strasbourg, France
-----
Patch Automation v6.0 by Mobile Automation, Inc. allows you to quickly
identify and fix all PC's that are exposed to the Sasser worm! Our
solution provides quick and seamless discovery and deployment of all your
PC computer's Microsoft security patching needs. Regardless of where
you're PC's reside (inside the LAN, at home or on the road), Patch
Automation gets the job done. Contact us to learn about our free 30-day
trial version at 800-344-1150 or visit our website at
<http://www.patchautomation.com>
-----
- Previous message: Geo.: "Re: Submerged Subkeys in W2K"
- Maybe in reply to: Russ: "Russ Cooper's AusCERT Presentation on MS Security Bulletins"
- Next in thread: Antonio Calvillo: "Re: Russ Cooper's AusCERT Presentation on MS Security Bulletins"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
