Full Disclosure mailing list archives
RE: Patching networks redux
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Fri, 01 Aug 2003 09:41:24 +1200
John.Airey () rnib org uk wrote:
Please do not forget that the "experts" are not nearly as troubled by this because the problem was largly mitigated by following best practices. I suspect you too could be spending this time appropriately handling the problem cases and systems that required the functionality with a lot less worry and headache.Isn't it interesting that http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS 03-026.asp says that you can install this on either SP3 or SP4. So can Jason please explain what best practices he refers to?
I'm sure he was referring to standard computer security best practices -- you know, things like ensuring least privilege, disabling unused accounts created by a default install, having strong password policy enforcement, uninstalling/disabling/etc unused services, firewalling all but the truly necessary ports, etc, etc, etc. What in that can you see that would _not_ have "largely mitigated" the threat potential of this vuln? Regards, Nick FitzGerald _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Patching networks redux Schmehl, Paul L (Jul 30)
- Re: Patching networks redux Jason (Jul 31)
- <Possible follow-ups>
- RE: Patching networks redux Alan Kloster (Jul 30)
- RE: Patching networks redux Byron Copeland (Jul 31)
- RE: Patching networks redux Nick FitzGerald (Jul 31)
- RE: Patching networks redux Byron Copeland (Jul 31)
- RE: Patching networks redux Schmehl, Paul L (Jul 31)
- RE: Patching networks redux John . Airey (Jul 31)
- RE: Patching networks redux Nick FitzGerald (Jul 31)