|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Revised: Microsoft Security Bulletin - MS03-007
From: Geo. (geoincidents
GETINFO.ORG)
Date: Thu May 29 2003 - 11:32:41 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
>Unchecked Buffer In Windows Component Could Cause Server Compromise
(815021)
Thanks for the tip off Russ but now I have a question. Prior to this I had a
system to apply patches in the order they were released, this led to a good
secure setup where no patch was backdating some component of another patch.
This was the order I was using to secure a web server:
NT4
SP6
SRPi.exe
Q301625
Q305399
Q319733
Q321599
Q312895
Q326830
Q323172
fpse0901.exe
Q323255
Q327969
Q329414
Q329115
Q810833 1/23/03
js56men.exe 3/19/03
Q811493 4/29/03
Q813489 4/29/03
Q811114 5/28/03
Ok, so now that they have released an NT4 patch for 815021, where in this
order do I install it so it doesn't backdate anything? It was originally
released on 3/17/03 which would put it right after Q810833 HOWEVER the
release date for the NT4 version shows as 4/23/03 originally so that would
put it after js56men but then the updated NT4 with verification keys shows
as 5/28/03 which would put it after Q811114
You know, I can't trust Microsoft to keep it straight so I was doing it
myself, but with their unprofessional way of releasing and re-releasing and
never doing a service pack 7 I feel that it's just unreasonable to expect
anyone to be able to run NT4 in a secure setup anymore. There should be a
law or something that says before you can discontinue support for a product
you have to release a final version with all the patches and everything
already in it for those customers who choose not to upgrade.
Geo.
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Delivery co-sponsored by TruSecure
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
FREE 14-DAY TRIAL of New Threat & Vulnerability Notification Service
TruSecure's new IntelliShield(tm) web-based threat and vulnerability
service isn't your typical alert service. Supported by TruSecure's vast
intelligence resources - including the ICSA Labs - IntelliShield's early
warning, analysis, decision support, and threat management tools provide
organizations with unmatched intelligence to better protect critical
information assets. Experience it for yourself - just click below to begin
your FREE, NO OBLIGATION 14-day trial today!
http://www.trusecure.com/offer/s0074/
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]