RE: Users slam Microsoft Security Analyser

From: Stuart Fox (DSL AK) (StuartF@datacom.co.nz)
Date: 04/15/02 

From: "Stuart Fox (DSL AK)" <StuartF@datacom.co.nz>
To: "'Schwartz, Stanley'" <sschwartz@stlo.smhs.com>, focus-ms@securityfocus.com
Date: Tue, 16 Apr 2002 09:56:47 +1200

>
> Example (read as content): Did you know your Active Directory
> domain was susceptible to that Group Policy vulnerability
> before the alert came out (which was listed on one of the
> pages I referenced)? Ignorance IS bliss....ain't it?

Considering an advisory was released quite a while before the Microsoft
advisory, I certainly wasn't ignorant of it.

>
> Example (read as content): every time a Nimda or Code Red
> type virus gets through to one of our servers (due to a DAT
> file that isn't programmed to detect this new variant yet),
> we are instructed to shut down internet mail, until our
> Anti-Virus vendor makes us a version of the DAT that will
> detect and clean it. Not many businesses want to do this for
> very long. ...and yes, I consider THAT shutting down the
> enterprise (which I understand isn't Microsoft directly, but
> most of these virii targets their code due to vulnerabilities in it).

Two points.

1. Code Red doesn't come through your email gateway. I can't recall Nimda
doing it either. Properly secured web servers weren't vulnerable to either
of these exploits, even those that weren't patched.
2. Content filtering saves a lot of hassle at the email gateway. Sure, you
get a few false negatives, but that's the price you pay for stopping these
things at the gateway.

Since you seem to be on an anti-Microsoft binge, let me ask you this. Would
you put an unpatched RedHat installation on the web without taking the time
to adequately secure it?

Relevant Pages

  • [NT] Vulnerability in Active Directory Allows DoS (MS08-003)
    ... Get your security news from a reliable source. ... This important security update resolves a privately reported vulnerability ... in implementations of Active Directory on Microsoft Windows 2000 Server ...
    (Securiteam)
  • [NT] Active Directory Stack Overflow
    ... Beyond Security in Canada ... Active Directory, which is an essential component of the Windows 2000 ... A vulnerability in Active Directory allows an attacker to crash and force ... The vulnerability can be triggered when an LDAP version 3 search request ...
    (Securiteam)