Full Disclosure mailing list archives
Re: It's not that simple...
From: Florian Weimer <fw () deneb enyo de>
Date: Wed, 17 Aug 2005 22:59:06 +0200
* Micheal Espinola, Jr.:
PnP is not a show stopper when it comes to patch compatibility testing - especially considering the fact that the exploit allows for remote code execution and elevation of privilege. Perhaps certain people need to learn or take a refresher course of what that exactly implies.
It doesn't exactly help that Microsoft puts random unrelated crap into security updates and not just the fix. This means that you have to perform full regression tests even if something is patched that isn't actually used on your systems.
And I'd say it is just that simple when you consider the fact that San Diego County waited to install the patch *the night after* they got hit by the worm. *That's* why organizations like San Diego County, with ~12,000 Win2k hosts, were bitten so badly.
Doesn't the exploit code need a null session? This leads to the question why people have 12,000 Windows boxes, 2000 or not, on their network, many of them offering null sessions. Especially since disabling null sessions makes tons of other exploits (which use the leaked data for guessing administrator passwords, for example) quite a bit harder. It's actually rather surprising that they had no previous botnet experience with such a setup. Maybe they just didn't notice. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: It's not that simple... [Was: Re: Disney Down?], (continued)
- Re: It's not that simple... [Was: Re: Disney Down?] Micheal Espinola Jr (Aug 17)
- RE: It's not that simple... [Was: Re: Disney Down?] Geo. (Aug 17)
- Re: It's not that simple... [Was: Re: Disney Down?] Micheal Espinola Jr (Aug 17)
- Re: It's not that simple... [Was: Re: Disney Down?] Ron DuFresne (Aug 17)
- Re: It's not that simple... [Was: Re: Disney Down?] fd (Aug 18)
- Re: It's not that simple... [Was: Re: Disney Down?] Nick FitzGerald (Aug 18)
- Re: It's not that simple... [Was: Re: Disney Down?] Ron DuFresne (Aug 22)
- Re: It's not that simple... [Was: Re: Disney Down?] James Tucker (Aug 19)
- Re: It's not that simple... [Was: Re: Disney Down?] Barrie Dempster (Aug 19)
- RE: It's not that simple... [Was: Re: Disney Down?] Geo. (Aug 17)
- Re: It's not that simple... [Was: Re: Disney Down?] Micheal Espinola Jr (Aug 17)
- Re: Re: It's not that simple... Jason Coombs (Aug 17)
- Re: Re: It's not that simple... Kurt Seifried (Aug 17)
- Re: Re: It's not that simple... Micheal Espinola Jr (Aug 17)
- Re: Re: It's not that simple... Jason Coombs (Aug 17)
- Re: Re: It's not that simple... yossarian (Aug 17)
- NULL sessions on Windows 2000 systems [Was: Re: Re: It's not that simple...] Jean-Baptiste Marchand (Aug 18)
- Re: NULL sessions on Windows 2000 systems [Was: Re: [Full-disclosure] Re:It's not that simple...] yossarian (Aug 18)