NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > FOCUS-MS> 2000-q3

Subject: Re: Securing Windows NT 4.0 SP6a, or "You can't get there from he re"
From: Eaton, Arthur (EATONASTATE.GOV)
Date: Wed Aug 23 2000 - 11:52:37 CDT

Next message: Gabriel Hammarquist: "Outlook Express Question"
Previous message: Henry Sieff: "Re: Windows firewalls"
Maybe reply: Eaton, Arthur: "Re: Securing Windows NT 4.0 SP6a, or "You can't get there from he re""
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Mr. Anderson:

A copy of your Rated Patch List would be much appreciated and very helpful
in the environment where I work. Even with Microsoft SMS, which we are just
beginning to use, we cannot possibly keep up with the application of every
security patch to every machine (well over 1,000 NT workstations and over a
hundred servers).

Thank you,
Arthur Eaton
Security Coordinator
CA/EX/CSD/DO
202-663-1398 or
eatonastate.gov

-----Original Message-----
From: Anderson, Harry F. [mailto:HFANDERSOPM.GOV]
Sent: Tuesday, August 22, 2000 05:52 PM
To: FOCUS-MSSECURITYFOCUS.COM
Subject: Re: Securing Windows NT 4.0 SP6a, or "You can't get there from he
re"

I evaluate every patch and attempt to determine its seriousness. You have
to take the risk stated in MS bulletins with a grain of salt. So I try to
find the advisory from the person who actually found the hole. This is
usually closer to the truth, and will give you enough info. to determine the
real risk.

Here is how I determine risk:
A HIGH risk Patch allows a remote user to execute code or a program
exists to take advantage of the hole. These should be installed ASAP. The
classic example is the RDS/MADC (MS99-025) vulnerability. It allows code to
be written and RFP published a relatively easy to use exploit.

A MED risk patch is a DOS, Additional Privs, or allows viewing of PW
files. The Undelimited .HTR Request Patch (MS00-31) is like this. These
should be loaded as time permits.

A Low risk patch is anything else. These I won't install on a production
system, unless something unique to the application jumps out. The RDisk
(MS00-004) one is like this. In most situations this is not going happen.

If you send me an E-Mail, I will send a copy of my Rated patch list. It
is behind I haven't had time to update it lately. But hopeful, I will update
it this week.

- Harry Anderson
- Telecommunication Specialist
- Macon TSC
- U.S. Office of Personnel Management

Next message: Gabriel Hammarquist: "Outlook Express Question"
Previous message: Henry Sieff: "Re: Windows firewalls"
Maybe reply: Eaton, Arthur: "Re: Securing Windows NT 4.0 SP6a, or "You can't get there from he re""
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]