RE: Security templates and settings in Windows XP
- From: "Derick Anderson" <danderson@xxxxxxxxx>
- Date: Thu, 29 Dec 2005 16:06:49 -0500
> -----Original Message-----
> From: Levinson, Karl [mailto:Karl.Levinson@xxxxxxx]
>
> > -----Original Message-----
> > From: Derick Anderson [mailto:danderson@xxxxxxxxx]
>
> > Research? It took Zotob 6 or 7 days to come out after
> MS05-39. There's
> > a 0-day for WMF which has been out for two days now:
> >
> > http://www.f-secure.com/weblog/archives/archive-122005.html#00000752
>
> In reality they've probably already validated most if not all
> of the vulnerability. Microsoft seems to have decided for
> some reason that it is not in their [or maybe our] best
> interest for them to validate vulnerabilities until there is
> a patch out. Possibly they feel validating the vuln to the
> world increases the risk rather than decreasing it.
I'm not really sure what their thought is on that. I would think the
vast majority of people who find themselves reading such a bulliten
would have already hit Bugtraq and know that the vulnerability is real.
Perhaps they really haven't validated it yet, or perhaps they don't care
what I think.
> > I'd love to have the time to research updates before
> applying them but
> > I think there's more risk in waiting than in having MS standard
> > templates applied.
>
> You have the luxury of installing patches without testing
> them exactly because Microsoft spends 30+ days testing their
> patches. If they didn't, MS patches would break something
> every time, and you would never install them without your own
> testing. I think you're actually supporting the argument for
> MS to take their time to release a tested patch.
I do support MS taking the time to release a tested patch. That was
never my contention. My contention is spending _more_ time testing an
already tested patch because of third-party
templates/guides/blogs/whatever used to make a server more secure.
Based on my admittedly limited security experience, I'd rather have a
fully patched, mostly-hardened server than a mostly-patched, fully
hardened server. I just see way more attacks based on exploits which
relate directly to a patch than those related to some file or protocol
which has slightly more permissive settings than SANS thinks it should.
> > It won't surprise me in the slightest when I start getting
> WMF exploit
> > emails with the pictures embedded (rather than linked). I
> just wonder
> > whether Microsoft will have a patch out in time.
>
> No need to wonder. It will be at least 35 days to get a
> patch. This is nothing new, we all knew this when we bought
> our Windows computers.
Yes, I'm sure it's in the EULA... =) In the meantime I've employed the
workaround (disabling the DLL which does image rendering for Windows
Picture and Fax Viewer). At least there is one (other than unplugging
the ethernet cable).
Derick Anderson
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Follow-Ups:
- Re: Security templates and settings in Windows XP
- From: Thor (Hammer of God)
- Re: Security templates and settings in Windows XP
- Prev by Date: RE: Security templates and settings in Windows XP
- Next by Date: RE: Security templates and settings in Windows XP
- Previous by thread: RE: Security templates and settings in Windows XP
- Next by thread: Re: Security templates and settings in Windows XP
- Index(es):
Relevant Pages
|
