Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Security templates and settings in Windows XP

from [Derick Anderson] Network Security [Permanent Link]
Subject: RE: Security templates and settings in Windows XP
Date: Thu, 29 Dec 2005 11:13:41 -0500 
 


-----Original Message-----
From: MVP Brian B [mailto:mine@rosetoy.com] 
Sent: Wednesday, December 28, 2005 10:32 PM
To: focus-ms@securityfocus.com
Subject: RE: Security templates and settings in Windows XP

IMO, it's just a matter of doing your homework, really. The 
bypass traverse issues were only due to the fact that certain 
admins didn't research it before implementing. The MS 
Security Templates are often much improved when adding bits 
and pieces of your own, (making your own ADM files or 
altering existing ones.) MS defaults don't hold a lot of 
water much of the time but are certainly good things to use 
if you're just learning active directory, etc.


Research? It took Zotob 6 or 7 days to come out after MS05-39. There's a
0-day for WMF which has been out for two days now:

http://www.f-secure.com/weblog/archives/archive-122005.html#00000752

I'd love to have the time to research updates before applying them but I
think there's more risk in waiting than in having MS standard templates
applied. It won't surprise me in the slightest when I start getting WMF
exploit emails with the pictures embedded (rather than linked). I just
wonder whether Microsoft will have a patch out in time. I can tell you I
won't be taking the time to research it before pushing the update
button.

Derick Anderson

---------------------------------------------------------------------------
---------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Security templates and settings in Windows XP, MVP Brian B
Next by Date:  RE: Security templates and settings in Windows XP, Levinson, Karl
Previous by Thread:  Security events with same timestamp, nandini_pani
Next by Thread:  RE: Security templates and settings in Windows XP, Levinson, Karl
Indexes:  [Date] [Thread] [Top] [All Lists]