Regarding whether it showed up in WindowsUpdate, I don't believe it did,
because a friend of mine ran WUpd the week after the patch came out and
says it wasn't included. The hunter/gatherer method of patching is
about the only good way of keeping patched, it seems. That is a sad
situation.
Charles Frolick wrote:
> There are lots of situations where patches and updates are held off due to
> the structure of business. I work for a small privately funded ISP that is
> trying to keep from going extinct with so many other small ISP's. As a
> result I am the only person that manages 12 critical servers, numerous
> access routers, security, tier 2/3 tech suport, LAN support, workstations, I
> am also our web devloper/designer, and I am cleaning up a mess left by my
> predicessors. We don't all have time to read all the articles, or keep
> track of the latest bugs, we just do the best we can.
>
> BTW, did the patch even show up in the critical updates section of
> windowsupdate? I didn't notice it.
>
> Chuck Frolick
>
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> Curtis Faulkner
> Sent: Friday, July 20, 2001 9:39 AM
> To: [EMAIL PROTECTED]
> Subject: Re: [imail] If you are running IIS read this.
>
>
> While a discussion of the technical side of this is not off-topic, a
> finger pointing match may be, but I feel I should reply to the
> statement: "Maybe this incident will teach the IT admins a lesson, take
> security seriously and patch servers as soon as vulnerabilities are found."
>
> I fully acknowledge that the patch could have already been in place. I
> believe that having an incident like this occur is enough beratement,
> however, for those (like me this time) who only rarely get behind in
> patches.
>
> In many instances, especially in public school systems, the server
> administrator happens to be:
> 1. An hourly employee who is not allowed to go into overtime.
> 2. The only person who knows about or wants to know about how to secure
> a server
> 3. A person who is expected to handle field hardware and software
> support for the full gambit of systems in an organization
> 4. A person who is expected to show up at meetings that that person has
> no real useful involvement
> 5. The only person who knows or cares to know about LAN design,
> troubleshooting, and repair.
> 6. The only person who knows or cares to know about WAN design,
> troubleshooting, and repair.
> 7. Is usually at the mercy of an internal power struggle where the
> person is ordered to spend their time on "more important things" than
> keeping up with patches that are issued every other day for broken M$
> software, as they would LIKE TO DO.
> 8. Is making their very best effort to keep up with security
> developments between emergencies.
> 9. Is usually the one who gets the finger pointed at them when
> something like this happens after they were told other things were more
> important.
>
> I normally keep up with patches much better than colleagues in other
> systems. It just so happened that this one didn't get applied in time.
> I would be to blame only because I wanted to keep my job and follow my
> boss's priorities. In many cases, it is not the system administrator at
> fault, it is that person's support from management or upper
> administration (which can vary depending upon their knowledgability of
> security situations).
>
> Just my opinion,
> Curtis
>
>
> Mail wrote:
>
>
>> If IIS would have been patched as per Microsoft's Security bulletin (June
>> 18th 2001) then you would have not been affected.
>>
>> Maybe this incident will teach the IT admins a lesson, take security
>> seriously and patch servers as soon as vulnerabilities are found. If
>
> admins
>
>> would have patched servers when the advisory was released this would have
>> been a non-issue.
>>
>> Subscribe to Microsoft's security bulletin at
>>
>
> http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
>
>> bulletin/notify.asp and patch servers when vulnerabilities are found. You
>> may also want to subscribe to Cert's list for advisories at
>> http://www.cert.org/contact_cert/certmaillist.html.
>>
>> Just my 2c
>>
>> Peter Verzoni
>>
>>
>> ----- Original Message -----
>> From: "Curtis Faulkner" <[EMAIL PROTECTED]>
>> To: <[EMAIL PROTECTED]>
>> Sent: Friday, July 20, 2001 9:56 AM
>> Subject: Re: [imail] If you are running IIS read this.
>>
>>
>>
>>
>>> If anyone believes this is off topic for an IMail list, I apologize. I
>>> happen to believe it is very much on topic considering the number of us
>>
> ....
>
>
>
>
> ______________________________________________________________________
> The HKSI-IMail Admin List is hosted by........ Humankind Systems, Inc.
> Questions, Comments or Complain like Hell.. mailto:[EMAIL PROTECTED]
> Message Archive... http://www.tallylist.com/archives/index.cfm/mlist.4
> To Manage your Subscription......... http://humankindsystems.com/lists
>
>
>
>
>
> ______________________________________________________________________
> The HKSI-IMail Admin List is hosted by........ Humankind Systems, Inc.
> Questions, Comments or Complain like Hell.. mailto:[EMAIL PROTECTED]
> Message Archive... http://www.tallylist.com/archives/index.cfm/mlist.4
> To Manage your Subscription......... http://humankindsystems.com/lists
______________________________________________________________________
The HKSI-IMail Admin List is hosted by........ Humankind Systems, Inc.
Questions, Comments or Complain like Hell.. mailto:[EMAIL PROTECTED]
Message Archive... http://www.tallylist.com/archives/index.cfm/mlist.4
To Manage your Subscription......... http://humankindsystems.com/lists
