Re: questions re Microsoft updates?

[Gary Flynn <flynngn () JMU EDU>]

Doug Pearson wrote:

> Dear all,
>
> The REN-ISAC participates in a daily cybersecurity status conference call with other ISACs, US-CERT, and DHS. This 
> Friday, the group will be joined by representatives from Microsoft to discuss the April Windows security updates. I can 
> take questions you have regarding the updates to the call, and will report back.
>
> If you haven't checked the updates - published today - you probably should. Several are critical.
> http://www.microsoft.com/security/security_bulletins/200404_windows.asp


I've heard conflicting opinions on Microsoft licensing
restrictions regarding packaging or publishing patches
and the Resource Kit IPSEC tools which are freely
available on Microsoft's web site. Microsoft should
remove any and all impediments in our way of dealing
with the fallout of their product defects and unwise
shipping configurations.

Many organizations can efficiently package and
distribute these in scripted bundles to make
it easier for people to safeguard their computers.
Having a single scripted package may mean the
difference between a person who can and will
make their computer safer (and thus the Internet
safer) and a person who gets overwhelmed by
long lists of sites and instructions and does
nothing.

It can only benefit Microsoft by reducing the
alarming growth in succesful Windows exploits.

Any assistance at expressing your agreement with
this issue to the parties involved and bringing
it to a quick resolution would be greatly
appreciated.

--
Gary Flynn
Security Engineer - Technical Services
James Madison University

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.