Bugtraq mailing list archives
Timely Patching (was: Full analysis of the .ida "Code Red" worm.)
From: Crispin Cowan <crispin () wirex com>
Date: Fri, 20 Jul 2001 15:21:56 -0700
JNJ wrote:
I have to disagree. Microsoft released a patch for this issue on 6/18/2001. Here we are, a tad over a month later, and the issue is being exploited en masse. This calls to question the attention of systems administrators to their networks. The days of selective application of security patches are long since over. IMHO, systems affected by this recent outbreak are being administered by techs that need to pay closer attention to their installations and keeping them up to date.
The issue of timely patch application is rather complex. Bill Arbaugh (bcc'd) had an excellent paper at the 2001 IEEE Symposium on Security and Privacy (Oakland http://www.ieee-security.org/TC/sp2001.html ) that showed how the vast majority of exploitations resulted from known vulnerabilities that had not been patched. The paper http://www.cs.umd.edu/~waa/vulnerability.html shows some interesting trend graphs that draw the balistic curves of rising and subsequent falling exploitation rates, and the eventst that trigger these rate changes. It is also not clear that all patches should be applied immediately. Some vulnerabilities are discovered when they are being actively exploited, forcing vendors to rush patches into production, and resulting in less than optimal QA on those patches. Thus sometimes a patch will come out that breaks stuff, teaching admins to let someone else go first. Which leads to Immunix's research agenda of building tools that protect vulnerable software against unknown vulnerabilities, so that patches don't need to be urgent <insert product pitch here :> Crispin -- Crispin Cowan, Ph.D. Chief Scientist, WireX Communications, Inc. http://wirex.com Security Hardened Linux Distribution: http://immunix.org Available for purchase: http://wirex.com/Products/Immunix/purchase.html
Current thread:
- Full analysis of the .ida "Code Red" worm. Marc Maiffret (Jul 18)
- Re: [BUGTRAQ] Full analysis of the .ida "Code Red" worm. Joe Harris (Jul 19)
- Re: Full analysis of the .ida "Code Red" worm. Laurence Hand (Jul 19)
- Re: Full analysis of the .ida "Code Red" worm. Ryan Russell (Jul 19)
- RE: Full analysis of the .ida "Code Red" worm. Marc Maiffret (Jul 19)
- RE: Full analysis of the .ida "Code Red" worm. Eric Chien (Jul 20)
- Re: Full analysis of the .ida "Code Red" worm. Ryan Russell (Jul 19)
- Re: Full analysis of the .ida "Code Red" worm. Pierre Vandevenne (Jul 19)
- Re: Full analysis of the .ida "Code Red" worm. JNJ (Jul 20)
- Timely Patching (was: Full analysis of the .ida "Code Red" worm.) Crispin Cowan (Jul 23)
- Re: Mitigating some of the effects of the Code Red worm Vincas Ciziunas (Jul 19)
- Re: Mitigating some of the effects of the Code Red worm Johannes B. Ullrich (Jul 19)
- Re: Mitigating some of the effects of the Code Red worm Ryan Russell (Jul 20)
- RE: Mitigating some of the effects of the Code Red worm Linda Custer (Jul 20)