Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: exploit to vulnerability

from [Bruce Martins] Network Security [Permanent Link]
Subject: Re: exploit to vulnerability
Date: Sun, 21 Aug 2005 20:46:34 -0400 
There are many factors that have to be taken into account whether the patch 
will break other software installed on other machines in particular developers 
whom may have many apps, so they may not break the OS or other MS apps but they 
can and have other apps
Bruce Martins
Systems Administrator
EXTEND>>MEDIA
190 Liberty Street
Toronto, Ontario
Canada
M6K 3L5
_______________________
e:bmartins@extend.com
t: (416) 535-4222 ext. 2307
f: (416) 535-1201
http://www.extend.com
--------------------------
Sent from my BlackBerry Wireless Handheld


-----Original Message-----
From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] <sbradcpa@pacbell.net>
To: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] <sbradcpa@pacbell.net>
CC: Bruce Martins <BMartins@extend.COM>; talukdar_m@subway.com 
<talukdar_m@subway.com>; focus-ms@securityfocus.com <focus-ms@securityfocus.com>
Sent: Fri Aug 19 22:57:53 2005
Subject: Re: exploit to vulnerability

...and honestly...when's the last time you truly had an issue with a 
security patch on your desktops?

Keep that in mind when you deploy/test.

Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote:


Myself and other person are my 'canaries' in my office.  We get the 
first.  Patches are deployed to a 'like' server at home.  I then watch 
the traffic in my Communities...www.patchmanagement.org has a very 
active patch issue community and issues are reported there.

There's also a WSUS listserve as well.

If you cannot test.. you listen to those who can.

Bruce Martins wrote:


To be honest I use my own machine to test out the patches before 
applying them to machines, not the best way but cuts down on time I 
don't have to test also use of vmware sometimes
Bruce Martins
Systems Administrator
EXTEND>>MEDIA
190 Liberty Street
Toronto, Ontario
Canada
M6K 3L5
_______________________
e:bmartins@extend.com
t: (416) 535-4222 ext. 2307
f: (416) 535-1201
http://www.extend.com
--------------------------
Sent from my BlackBerry Wireless Handheld


-----Original Message-----
From: Murad Talukdar <talukdar_m@subway.com>
To: focus-ms@securityfocus.com <focus-ms@securityfocus.com>
Sent: Fri Aug 19 02:11:17 2005
Subject: exploit to vulnerability

With all the issues highlighting the speed that exploits are now being
written (eg http://www.securityfocus.com/news/11285 )
The window between exploit/vuln, appears on average, to be getting 
tighter.

We have an SME network and I used to have a week or so to test patches
before rolling them out. This all begs the question now, with limited 
resources, do I just patch and
not worry about testing? I definitely have fewer resources than some 
of the
companies that were hit (CNN et al) and less time to dedicate to 
patching.
Should I just use auto updates/GP to patch everything regardless?
What do other SME admins do?

Kind Regards
Murad Talukdar




--------------------------------------------------------------------------- 

--------------------------------------------------------------------------- 





--------------------------------------------------------------------------- 

--------------------------------------------------------------------------- 



 





-- 
Letting your vendors set your risk analysis these days?  
http://www.threatcode.com


---------------------------------------------------------------------------
---------------------------------------------------------------------------




---------------------------------------------------------------------------
---------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: New MS patches crashed my 2k3 SP1 PDC, Matthew Mucker
Next by Date:  RE: Latest patches: restart issues?, Trevor
Previous by Thread:  RE: exploit to vulnerability, Murad Talukdar
Next by Thread:  RE: exploit to vulnerability, Steve Manzuik
Indexes:  [Date] [Thread] [Top] [All Lists]