RE: exploit to vulnerability
From: Steve Manzuik (smanzuik_at_eeye.com)
Date: 08/31/05
- Previous message: Marc Fossi: "SecurityFocus Microsoft Newsletter #253"
- Maybe in reply to: Murad Talukdar: "exploit to vulnerability"
- Next in thread: Murad Talukdar: "RE: exploit to vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 30 Aug 2005 15:37:37 -0700 To: <focus-ms@securityfocus.com>
-----Original Message-----
From: Murad Talukdar [mailto:talukdar_m@subway.com]
Sent: Friday, August 19, 2005 2:11 AM
To: focus-ms@securityfocus.com
Subject: exploit to vulnerability
With all the issues highlighting the speed that exploits are now being
written (eg http://www.securityfocus.com/news/11285 ) The window between
exploit/vuln, appears on average, to be getting tighter.
We have an SME network and I used to have a week or so to test patches
before rolling them out.
This all begs the question now, with limited resources, do I just patch
and not worry about testing? I definitely have fewer resources than some
of the companies that were hit (CNN et al) and less time to dedicate to
patching.
Should I just use auto updates/GP to patch everything regardless?
What do other SME admins do?
Kind Regards
Murad Talukdar
--------------------------------------------------------------
In my opinion. Testing the patches, regardless of what vendor they come
from, is a must in most environments. Be it that this testing is a
group of non-essential machines that get the patches first or a real
test lab environment. While there has not been major issues with
mainstream software and mainstream patches organizations that have less
than mainstream apps or custom apps still have issues with various
patches.
At risk of sounding like the typical vendor, the real answer at the end,
is to mitigate the vulnerability to a point where you can properly test
the patches and roll them out when it makes sense for your
organizations. On smaller to medium sized networks getting the patches
out there is a pain in the rear but doable. Imagine the pain felt by
larger networks who in most cases are never completely patched. At
least this was my experience from my pen-test days.
If you are relying on patching only for your security. You will
eventually get bit. Look at the recent set of Microsoft patches as an
example and how quick we saw not one, but three different exploits
released with in days of the patch and worms shortly after.
Signed,
Steve Manzuik
eEye Digital Security
http://eEye.com/Blink - End-Point Vulnerability Prevention
http://eEye.com/Retina - Network Security Scanner
http://eEye.com/Iris - Network Traffic Analyzer
http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities
I read my email with Outlook
I read your email with Iris
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Previous message: Marc Fossi: "SecurityFocus Microsoft Newsletter #253"
- Maybe in reply to: Murad Talukdar: "exploit to vulnerability"
- Next in thread: Murad Talukdar: "RE: exploit to vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
