RE: Security templates and settings in Windows XP





> -----Original Message-----
> From: MVP Brian B [mailto:mine@xxxxxxxxxxx]
> Sent: Wednesday, December 28, 2005 10:32 PM
> To: focus-ms@xxxxxxxxxxxxxxxxx
> Subject: RE: Security templates and settings in Windows XP
>
> IMO, it's just a matter of doing your homework, really. The
> bypass traverse issues were only due to the fact that certain
> admins didn't research it before implementing. The MS
> Security Templates are often much improved when adding bits
> and pieces of your own, (making your own ADM files or
> altering existing ones.) MS defaults don't hold a lot of
> water much of the time but are certainly good things to use
> if you're just learning active directory, etc.

Research? It took Zotob 6 or 7 days to come out after MS05-39. There's a
0-day for WMF which has been out for two days now:

http://www.f-secure.com/weblog/archives/archive-122005.html#00000752

I'd love to have the time to research updates before applying them but I
think there's more risk in waiting than in having MS standard templates
applied. It won't surprise me in the slightest when I start getting WMF
exploit emails with the pictures embedded (rather than linked). I just
wonder whether Microsoft will have a patch out in time. I can tell you I
won't be taking the time to research it before pushing the update
button.

Derick Anderson

---------------------------------------------------------------------------
---------------------------------------------------------------------------