Re: Slipstream MS03-039 into Win2Kw/SP4 or WinXPw/SP1 Select/Enterprise CD
From: Patrick J. LoPresti (patl_at_users.sourceforge.net)
Date: 01/03/04
- Next message: Jus10-2_at_nitsuj.servehttp.com: "823559 Security Update for Microsoft Windows"
- Previous message: Veronica Loell: "Re: Watch out for: "Why me" with attachment www.boards4all-terror432.zl6 <----W32/Sober.c@MM virus"
- In reply to: Karl Levinson [x y] mvp: "Re: Slipstream MS03-039 into Win2Kw/SP4 or WinXPw/SP1 Select/Enterprise CD"
- Next in thread: Karl Levinson [x y] mvp: "Re: Slipstream MS03-039 into Win2Kw/SP4 or WinXPw/SP1 Select/Enterprise CD"
- Reply: Karl Levinson [x y] mvp: "Re: Slipstream MS03-039 into Win2Kw/SP4 or WinXPw/SP1 Select/Enterprise CD"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 03 Jan 2004 09:27:09 -0500
"Karl Levinson [x y] mvp" <levinson_k@despammed.com> writes:
> Yes, a few things to note:
> 1) the OP stated he/she also has Win2000 Pro and "AS" [advanced
> server?] in addition to XP, and there are a fair number of critical
> remote code execution post-sp4 vulnerabilities for Win2000 out
> there.
A "fair number"? Try three: MS03-039, MS03-043, and MS03-049. Note
that two of these are the same ones I mentioned for XP.
> 2) The OP didn't specify that these are just workstations behind a
> firewall, so I have to consider the possibility that some of these
> might be servers, and some of them might be on the Internet without
> a firewall, and might be left there overnight while the installer
> goes home in mid-install.
So? Other than these two (for XP) or three (for 2k) hotfixes, can you
name a single remote exploit, for workstations or servers?
> 3) You're just talking just about today, I'm also talking about
> tomorrow... e.g. general best practices and what I feel is the real
> root cause of the problem. Plugging the network cable into a
> computer that isn't fully configured for security is not the
> recommended way to do things.
"Recommended" by whom? ALL serious (non-teenager, non-toy)
deployments of Windows are performed over the network, which requires
plugging in the network cable.
> 4) You're talking just about vulnerabilities with hotfixes, and just
> about vulnerabilities in the default install. With Win2000 server,
> for example, IIS www service is enabled by default, and there are a
> fair number of exploits for which there is no patch, you have to
> manually configure it for safety.
You keep referring to a "fair number of exploits" without giving any
details. Can you name a single, actual remote exploit of IIS in its
initial configuration for Win2k SP4 or WinXP SP1?
> 5) Slipstreaming patches into the windows install CD doesn't
> slipstream antivirus or the latest antivirus updates onto the
> computer.
Without a remote exploit, how is a virus or worm going to get onto the
computer?
We are talking about an admin using the network to complete the
installation of Windows, not to browse untrusted Web sites or read
Email.
> 6) www.microsoft.com/technet/security/current.asp lists a fair
> number of post-sp1 XP vulnerabilities for things that are currently
> causing computer compromises or are being discussed as being near
> term security risks, such as 048, 043, 041, 030 and others.
Not one of those is a remote exploit, except for 043 (which is
redundant with 049 for XP). Every one of the rest requires that you
browse a malicious Web page or read a malicious Email message or
execute a malicious applet.
So again, if you install 039 and 049, and add 043 for 2k, you are
precisely as safe from remote attacks as you are after installing all
other updates.
> I think it's sensible to be concerned here about things besides just
> remote code execution exploits, because things like Qhosts and the
> Coreflood / Autoproxy installations from hacked Interland servers
> including sites like www.labmice.net [a popular windows tech support
> / troubleshooting site]
Nobody is suggesting browsing random Web sites before installing all
updates. But it is quite standard practice to slipstream the two (or
three) remote exploit fixes, and then add the rest of the updates over
the network after the OS is running.
You have still said nothing to suggest any flaws with this practice.
- Pat
http://unattended.sourceforge.net/
- Next message: Jus10-2_at_nitsuj.servehttp.com: "823559 Security Update for Microsoft Windows"
- Previous message: Veronica Loell: "Re: Watch out for: "Why me" with attachment www.boards4all-terror432.zl6 <----W32/Sober.c@MM virus"
- In reply to: Karl Levinson [x y] mvp: "Re: Slipstream MS03-039 into Win2Kw/SP4 or WinXPw/SP1 Select/Enterprise CD"
- Next in thread: Karl Levinson [x y] mvp: "Re: Slipstream MS03-039 into Win2Kw/SP4 or WinXPw/SP1 Select/Enterprise CD"
- Reply: Karl Levinson [x y] mvp: "Re: Slipstream MS03-039 into Win2Kw/SP4 or WinXPw/SP1 Select/Enterprise CD"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
