Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Publishing Nimda Logs

From: "Paul_Asadoorian" <paul () ubeer net>
Date: Tue, 7 May 2002 18:57:22 -0400
I agree, auto update is a bad idea.  See this
http://www.eweek.com/article/0,3658,s=712&a=25733,00.asp article for
info on how windows update actually _reomved_ patches due to a bug.  The
irony of it all is that it removes the patch that fixed a vulnerability
in which Nimda exploits!

Paul

-----Original Message-----
From: unprivileged user [mailto:jsbloom () adelphia net] 
Sent: Tuesday, May 07, 2002 6:20 PM
To: zeno
Cc: vuln-dev () securityfocus com
Subject: Re: Publishing Nimda Logs


On Tuesday 07 May 2002 17:06, zeno wrote:

Here is an idea.

Perhaps make windows do updates every 5 minutes in default install. 
Problem solved.


- zeno () cgisecurity com


Aacckkk! No!  Windows XP Pro has the automatic update service enabled by

default and that is a BAD idea.  I want to know what patches are going
to be 
installed before they reach my production servers.  For one thing I
don't 
want to install things that don't apply to my system.  For another
patches 
are not always tested sufficiently (NT4 SP2 anyone?)

I would prefer that Microsoft leave this function out of the default
install 
and opt for "inform me when a patch is available" mode instead.  They
can 
even make it red and flashy and say "critical" but don't install it for
me.
Previous By Date Next
Previous By Thread Next

Current thread: