RE: exploit to vulnerability

From: Steve Manzuik (smanzuik_at_eeye.com)
Date: 08/31/05

  • Next message: Murad Talukdar: "RE: exploit to vulnerability"
    Date: Tue, 30 Aug 2005 15:37:37 -0700
    To: <focus-ms@securityfocus.com>
    
    

    -----Original Message-----
    From: Murad Talukdar [mailto:talukdar_m@subway.com]
    Sent: Friday, August 19, 2005 2:11 AM
    To: focus-ms@securityfocus.com
    Subject: exploit to vulnerability

    With all the issues highlighting the speed that exploits are now being
    written (eg http://www.securityfocus.com/news/11285 ) The window between
    exploit/vuln, appears on average, to be getting tighter.

    We have an SME network and I used to have a week or so to test patches
    before rolling them out.
    This all begs the question now, with limited resources, do I just patch
    and not worry about testing? I definitely have fewer resources than some
    of the companies that were hit (CNN et al) and less time to dedicate to
    patching.

    Should I just use auto updates/GP to patch everything regardless?
    What do other SME admins do?

    Kind Regards
    Murad Talukdar

    --------------------------------------------------------------

    In my opinion. Testing the patches, regardless of what vendor they come
    from, is a must in most environments. Be it that this testing is a
    group of non-essential machines that get the patches first or a real
    test lab environment. While there has not been major issues with
    mainstream software and mainstream patches organizations that have less
    than mainstream apps or custom apps still have issues with various
    patches.

    At risk of sounding like the typical vendor, the real answer at the end,
    is to mitigate the vulnerability to a point where you can properly test
    the patches and roll them out when it makes sense for your
    organizations. On smaller to medium sized networks getting the patches
    out there is a pain in the rear but doable. Imagine the pain felt by
    larger networks who in most cases are never completely patched. At
    least this was my experience from my pen-test days.

    If you are relying on patching only for your security. You will
    eventually get bit. Look at the recent set of Microsoft patches as an
    example and how quick we saw not one, but three different exploits
    released with in days of the patch and worms shortly after.

    Signed,
    Steve Manzuik
    eEye Digital Security

    http://eEye.com/Blink - End-Point Vulnerability Prevention
    http://eEye.com/Retina - Network Security Scanner
    http://eEye.com/Iris - Network Traffic Analyzer
    http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities

    I read my email with Outlook
    I read your email with Iris

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------


  • Next message: Murad Talukdar: "RE: exploit to vulnerability"

    Relevant Pages

    • Re: Win2003 RPC failure after Hotfix
      ... I experienced these issues, too, but I did not apply the patches to our ... KB828026 - Windows Media Player URL Script Command Behaviour ... Windows cannot find the machine account, The Local Security Authority ... Better Management for Network Security ...
      (Focus-Microsoft)
    • RE: RPC Scan Issues
      ... Worked for me as I pushed out patches via a login script. ... machine that had installed the patch, ... Download ClearSight Networks Analyzer and see a new network analysis tool ... Better Management for Network Security ...
      (Focus-Microsoft)
    • Re: [Full-Disclosure] Re: Re: <to various comments>EEYE: Microsoft ASN.1 ...
      ... My personal prejudice is that I subscribe to the school of "security by ... I said why release them all on day 0 of the patch release. ... We use the details to create signatures for our vulnerability ... >>these signatures and use them to check for patches or to protect systems ...
      (Full-Disclosure)
    • Re: automating reboot (was RE: RPC Scan Issues)
      ... Yes it does in order to push out the patches at least. ... Then it will reboot the PC insuring they are patched. ... Better Management for Network Security ...
      (Focus-Microsoft)
    • Re: which PC
      ... holes that have been rated as "critical" by security firms. ... should apply the patches immediately. ... agree to accept it as an iChat file transfer, ... this only propagates on the local network - not the internet. ...
      (rec.photo.digital)