Network Managing, Engineering and Administration with an eye toward security.
Best practices meets the real world!
|
|
| Net Manager Network Managing, Engineering and Administration with an eye toward security. Best practices meets the real world! |
|
|
Wednesday, February 16, 2005 Microsoft Security Patches Microsoft has been quiet for a while, and now in February they release 13 patches, with 8 of them critical. SANS-Internet Storm Center has a great wrapup of the bulletins, and an order to patch them in. They are up to all their usual tricks, including a stealth patch, and the number of vulnerabilities isn't 13, but at least 17. I read in their blog that they had to put out something like 70,000 words, and have it translated into at least 8 languages. It would have helped if they would have provided something that actually told you what the issues were, and how to verify and fix them; the only real info is: patch this (implied: or else). One of my other pet peeves with them is the fact that they don't disclose that at least 2 of these vulnerabilities are from at least 4-6 months old. That would help you to go through your old logs looking for things that may have happened, especially if something was suspicious. I'm definitely glad they are working on these patches and putting them out, and yes I am aware that their target audience isn't very technical. Most of the vulnerabilities are fairly well mitigated if you have your servers behind firewalls, but a couple can get past the firewalls, so they need to get patched. In case your wondering about the "stealth" patch, check out the previous diary entry to see that it is related to DNS and SMTP. This can affect your Exchange servers. posted by David | 2/16/2005 05:15:00 PM |
|
|
|
|
|
|
| ||||
|
|||||
0 Comments:
Post a Comment
<< Home