Re: what is your advice to your users

[Gary Flynn <flynngn () JMU EDU>]

Leslie Maltz wrote:

> "Users of the Windows OS should install an unofficial security patch
> now without waiting for Microsoft Corp. to make its move, security
> researchers at The SANS Institute's Internet Storm Center (ISC)
> advised yesterday."   see
> http://www.computerworld.com/securitytopics/security/holes/story/0,10801,107420,00.html
>
>
> Are you advising your users to install an unofficial patch or are you
> waiting?


We are currently waiting but I personally feel like I'm
waiting under a teetering rock on a high cliff thats already
pelting me with dust and sand and I see gravel heading
down from the higher elevations. But I've felt like that more
than once before. :)

Today's SANS entry says:

"be sure to test the patch above before deploying it across an enterprise.
While the handlers (including me) are running it on our own personal
systems and it works as advertised, we can't vouch for any special
software you might have in your own systems that could be disabled
after the patch is installed."

I notice in the followup posts that some of you ARE installing the
patch. As you do so, it would be of great benefit and interest
to the entire community if you would post numbers and experiences.



Gary Flynn
Security Engineer
James Madison University