Dear Colleagues;
I avoid unnecessarily adding to the size of your inbox but due to circumstances I believe warrant it, I am issuing this special update.
=============================================
Proof of concept code reportedly circulating
for 4 of Tuesday's MS security bulletins
=============================================
MS05-038, MS05-039, MS05-043 (and some sources claim MS-040) have apparently already been seized upon by hackers resulting in proof of concept code circulating the Internet. The next logical step would be a worm that exploits one or more of these vulnerabilities as attack vectors.
However don't overreact. It's in the best interests of patch management software companies draw as much attention as possible to new exploits; and on the whole I think awareness is healthy. But remember, loading patches that could otherwise be avoided can cause big problems as well.
Case in point: one of my clients had been in the practice of loading all patches as they were released with Automatic Updates. 3 nights ago (Wednesday) their servers all install all 6 security updates. The next morning none of the Macintosh clients could connect to the file server. The client is an advertising agency and all of their production people use Macs. 7 hours after opening the incident with Microsoft via 866 PC-Safety the problem we finally had the problem fixed but MS still isn't sure of the exact cause. During that time we were able to keep the production staff somewhat operational by having them access the file server via a WebDAV site normally used for remote access.
I recommend reviewing my commentary on these bulletins as well as the full Microsoft bulletin for any updates you are considering for installation. Consider the pre-requisites for exploitation and the available workarounds. With good impact analysis you can identify which systems need which patches and then proceed with brief testing and deployment.
The subject of this update gives me an opportunity to again preach about the importance of automating your patch deployment process using Microsoft's free Windows Server Update Services and Microsoft Baseline Security Analyzer. Shavlik and St. Bernard Software also have products focused on patch management.
If you'd like to learn how to deploy WSUS and MBSA to automate testing and deployment of patches to production systems with the ability to target different classes of systems with selected patches read on...
=========================================================
Complete Windows Security - San Francisco - October 24-28
=========================================================
Complete Windows Security is the only 5-day, hands-on seminar that covers every Windows security technology from a practical, real world perspective.
Visit http://www.ultimatewindowssecurity.com/onsite.asp for more details.
What you'll learn:
- Deploy and manage security updates centrally using Windows Software Update Services, group policy and Microsoft Baseline Security Analyzer
- Increasing expertise in every aspect of Windows & Active Directory security.
- Leveraging the vast amount of security functionality in Windows.
- Solving real world security problems and knowing what works and what doesn't.
- Implementing Active Directory security, Routing and Remote Access Service (RRAS), Group Policy, Internet Authentication Service (IAS), Encrypting File System (EFS), IPSec, L2TP, Certificate Services, Software Update Services (SUS), RADIUS and more.
- Integrating technology with the infrastructure of Active Directory and controlling it centrally using group policy.
- Automating Windows security with little known but free tools.
Visit http://www.ultimatewindowssecurity.com/onsite.asp for more details.
Best wishes on a tough week of security issues.
Regards,
Randy Franklin Smith
CISA, SSCP, Microsoft Security MVP
CEO, Monterey Technology Group, Inc.
============================================
Subscribe, Unsubscribe and Usage Information ============================================
- subscribe to this newsletter
- unsubscribe from this newsletter
- usage information
If you've received this message as a forward from a friend, or are reading it online in the archives, you can sign up for your own newsletter subscription.
Also, if you want to unsubscribe, you can do that too (but we'll be sad to see you go).
You can use this information as you see fit, but if you're going to copy any portion, please FORWARD THE ENTIRE email.
While Monterey Technology Group, Inc. tries to ensure that all information is technically accurate, we make no warranty with regard to the information within. Please use at your own risk.
If you need personalized attention in any way, just email me:
mailto:rsmith@montereytechgroup.com. I endeavor to respond to everyone who emails.
Thanks for reading!
List address: MonthlySecurityTip@ultimatewindowssecurity.com
Subscribe: MonthlySecurityTip-subscribe@ultimatewindowssecurity.com
Unsubscribe: MonthlySecurityTip-unsubscribe@ultimatewindowssecurity.com
No comments:
Post a Comment