RE: exploit to vulnerability

From: Steve Manzuik (
Date: 08/31/05

  • Next message: Murad Talukdar: "RE: exploit to vulnerability"
    Date: Tue, 30 Aug 2005 15:37:37 -0700
    To: <>

    -----Original Message-----
    From: Murad Talukdar []
    Sent: Friday, August 19, 2005 2:11 AM
    Subject: exploit to vulnerability

    With all the issues highlighting the speed that exploits are now being
    written (eg ) The window between
    exploit/vuln, appears on average, to be getting tighter.

    We have an SME network and I used to have a week or so to test patches
    before rolling them out.
    This all begs the question now, with limited resources, do I just patch
    and not worry about testing? I definitely have fewer resources than some
    of the companies that were hit (CNN et al) and less time to dedicate to

    Should I just use auto updates/GP to patch everything regardless?
    What do other SME admins do?

    Kind Regards
    Murad Talukdar


    In my opinion. Testing the patches, regardless of what vendor they come
    from, is a must in most environments. Be it that this testing is a
    group of non-essential machines that get the patches first or a real
    test lab environment. While there has not been major issues with
    mainstream software and mainstream patches organizations that have less
    than mainstream apps or custom apps still have issues with various

    At risk of sounding like the typical vendor, the real answer at the end,
    is to mitigate the vulnerability to a point where you can properly test
    the patches and roll them out when it makes sense for your
    organizations. On smaller to medium sized networks getting the patches
    out there is a pain in the rear but doable. Imagine the pain felt by
    larger networks who in most cases are never completely patched. At
    least this was my experience from my pen-test days.

    If you are relying on patching only for your security. You will
    eventually get bit. Look at the recent set of Microsoft patches as an
    example and how quick we saw not one, but three different exploits
    released with in days of the patch and worms shortly after.

    Steve Manzuik
    eEye Digital Security - End-Point Vulnerability Prevention - Network Security Scanner - Network Traffic Analyzer - Stop known and unknown IIS vulnerabilities

    I read my email with Outlook
    I read your email with Iris


  • Next message: Murad Talukdar: "RE: exploit to vulnerability"