Re: Microsoft Security Bulletin MS03-026, latest windows 2000 patch

From: Joe Richards [MVP] (humorexpress_at_hotmail.com)
Date: 08/02/03


Date: Sat, 2 Aug 2003 09:12:06 -0400


You want everything patched. Not only for what someone could gain access to but because of the worm that will most
likely get produced that will create network slowdowns and DOS attacks on machines.

-- 
Joe Richards
www.joeware.net
--
"Billy" <email@email.email> wrote in message news:069901c358b3$138a0af0$a301280a@phx.gbl...
> Hello:
> I'm kind of confused by the Technical Description of this
> patch that Windows provides at
> http://www.microsoft.com/technet/treeview/?
> url=/technet/security/bulletin/MS03-026.asp
>
> Here is my problem, I have installed SP4 and all the
> latest patches on my servers and on most workstations on
> my network.  Here is the problem, I know that my Servers
> are protected from the issues in the MS03-026, patch
> because they have SP4 and all the latest updates,
> patches, hotfixes, etc from the windows update web site
> and most of my workstations are protected. Some of the
> worktstations do not have the latest patches installed.
> Do I run the risk of getting attacked on the workstations
> and then the hacker running code to attach to my
> servers?  Is it possible for a vulernabilty like this to
> attack a workstation that is not completely patched and
> then let the hacker connect to a server (that is
> completely patched) from the workstation and then delete
> files or damage the server?
> Many thanks in advance!!!
> Billy


Relevant Pages

  • RE: Changes in IDS Companies?
    ... This means you need a standard IDS sitting behind it/next to it watching the ... Things like port scans and DoS attacks ... >>> If people are running insecure web servers, ... > Pretty sad state of affairs, when people don't update their patches at ...
    (Focus-IDS)
  • RE: Changes in IDS Companies?
    ... In any ID implementation tuning of the device to reduce false alarms is ... necessary flexibility to drop some user specified attacks while only ... >> Pretty sad state of affairs, when people don't update their patches at ... >>> only lazy admins get their servers broken into), ...
    (Focus-IDS)
  • Microsoft Security Bulletin MS03-026, latest windows 2000 patch
    ... I have installed SP4 and all the ... latest patches on my servers and on most workstations on ... I know that my Servers ... and most of my workstations are protected. ...
    (microsoft.public.win2000.security)
  • Re: Changes in IDS Companies?
    ... Things like port scans and DoS attacks very often ... >> If people are running insecure web servers, ... when people don't update their patches at ... > downplay the vulnerability to save face, so admins even if they are trying ...
    (Focus-IDS)
  • RE: Betr.: Re: MS Patches Management software: SUS vs 3rd party
    ... We are also currently looking at a solution for updating our clients and servers. ... The major drawback is that if a new unpatched client connects to it, it retrieves all patches at once. ... There is no management in SUS, ... >The Presidio integrates PGP data encryption and XML Web Services security to ...
    (Security-Basics)