Re: Microsoft to rush out emergency Windows patch today

[Valdis.Kletnieks () vt edu]

On Thu, 23 Oct 2008 21:50:23 EDT, Erik Harrison said:
> seriously, why is this even a conversation? patch. its important. you
> know why. the devils advocate angle really isn't something anyone
> dealing with deploying this patch to reams of systems wants to hear
> right now.

The devil's advocate angle is something that some of us really *do* want to
deal with.  If I'm about to push an "emergency" patch out to 30,000 desktops, I
*really* want to know *exactly* how big my actual attack surface really is, so
I can make an informed decision whether I should be pushing it out to all 30K
the instant I get it, or push it out immediately to the 10K hosts that don't
have mitigating factors X, Y, or Z in place, or let my internal regression
testing have another 24/48/weekend.

If Larry's machine is in fact suitably firewalled, he has the services turned
off, and he trusts any other machines on the "inside" of the firewalled net,
what *is* his attack surface?  For starters, where's the attack going to come
*from*?

(And I *wish* I was deciding whether to push it out to 30K desktops.  Instead,
I have 30,000 academia users, most of them laptops coming and going several
times a day. It's like herding frikking cats. ;)

Attachment: _bin
Description:

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.