[EMAIL PROTECTED] wrote: > > Please do not forget that the "experts" are not nearly as troubled by > > this because the problem was largly mitigated by following best > > practices. I suspect you too could be spending this time > > appropriately > > handling the problem cases and systems that required the > > functionality > > with a lot less worry and headache. > > Isn't it interesting that > http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS > 03-026.asp says that you can install this on either SP3 or SP4. So can Jason > please explain what best practices he refers to?
I'm sure he was referring to standard computer security best practices -- you know, things like ensuring least privilege, disabling unused accounts created by a default install, having strong password policy enforcement, uninstalling/disabling/etc unused services, firewalling all but the truly necessary ports, etc, etc, etc. What in that can you see that would _not_ have "largely mitigated" the threat potential of this vuln? Regards, Nick FitzGerald _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html