Educause Security Discussion mailing list archives
Re: Internet Explorer Vulnerability
From: "Flynn, Gerald" <flynngn () JMU EDU>
Date: Fri, 11 Dec 2009 18:19:04 -0500
-----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Hudson, Edward Sent: Friday, December 11, 2009 1:58 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Internet Explorer Vulnerability Has anyone run into any issues rolling in the MS Patch regarding this IE bug?
Not yet. Two good early warning systems: -Your students (assuming they get the updates directly from Microsoft and heed automatic updates) -The Microsoft usenet groups, particularly Microsoft.public.windowsupdate@ msnews.microsoft.com. It is probably readable through google groups too. If there is a common problem, you'll see a lot of common threads. In five years of patching with WSUS the two patches causing problems in our environment were flagged here first within three days.
Also curious as to the expediency of implementation given that it is nearing holiday break, finals weeks etc. TIA http://www.microsoft.com/technet/security/Bulletin/MS09-072.mspx
Microsoft says exploit code is likely within 30 days and that the exploit code is apt to be reliable. When a vendor tells me that, I tend to take it seriously. The only saving grace is that they appear not to be simple stack overflows which seem to tend to allow reliable exploit code to be generated in days. There is already unreliable exploit code out there for one of the defects disclosed before the patch was released. http://blogs.technet.com/srd/archive/2009/12/08/assessing-the-risk-of-the-december-security-bulletins.aspx http://www.microsoft.com/technet/security/bulletin/ms09-dec.mspx
Current thread:
- Internet Explorer Vulnerability Hudson, Edward (Dec 11)
- <Possible follow-ups>
- Re: Internet Explorer Vulnerability Charlie Reitsma (Dec 11)
- Re: Internet Explorer Vulnerability Valdis Kletnieks (Dec 11)
- Re: Internet Explorer Vulnerability Flynn, Gerald (Dec 11)