Re: Patch Management - Policy/Practice

From: chris@nospam.com
Date: 03/23/03


From: chris@nospam.com
Date: Sat, 22 Mar 2003 17:52:12 -0800

On Sun, 23 Mar 2003 01:04:12 GMT, "Ric Griffy"
<alakevue.at@tampabay.rr.com> wrote:

>Quite often you can read the details of an exploit and instead of applying
>the patch immediately, just do a work around. For example when M$ said port
>1434 was a problem I immediately killed port 1434 udp and tcp thru the
>firewall. Thus I could wait until later to test and apply the patch.
>It is foolhardy to assume that any patch will work properly in your
>environment.

That's my philosophy. For example, the WebDav patch wasn't critical
if you had already locked down IIS. If you didn't need it, you could
disable WebDav. Of course why the hell its installed as a default is
another question.

In fact, I just yelled and screamed at my help desk guy for installing
the WebDav patch on the intranet server without asking first.

-Chris



Relevant Pages

  • 9_Recommended error codes (specifically return code 5)
    ... * "return code 2" indicates patches are already installed. ... * "return code 25" means a patches requires another patch that is not yet installed. ... With or without using the save option, the patch installation process ... Installing 114008-01... ...
    (SunManagers)
  • Re: Which security patch NOT to install
    ... This revised patch corrects an installation issue that some customers ... has caused some customers difficulty installing the patch. ... Unless she has the previous patch for those languages installed why ... (Command Software A/V) ...
    (microsoft.public.win2000.general)
  • Re: Bit of a rocky start
    ... retrieving character lists which Blizzard says should be resolved by 4:30. ... Patch required, gulp. ... Blizzard updater appears, 1% installing "locale-wnUS.MPQ' ... Okay, so, framerate seems to be slightly up, or maybe my imagination. ...
    (alt.games.warcraft)
  • Re: MS02-018 Breaking ASP ODBC
    ... > after installing the latest security hotfixes as of April ... >>1) IIS 5 web server can't be contacted. ... >>before the patch and that fixed that problem. ... >>load some VB components that fail to connect to my Oracle ...
    (microsoft.public.inetserver.iis.security)
  • Re: Bug in IE critical patch?
    ... The patch is important for your security, ... > I may have left Norton running while installing the patch. ... >> Did you "download" the patch via Windows Update? ...
    (microsoft.public.windows.inetexplorer.ie6_outlookexpress)