Go to www.microsoft.com/security, click on the Bulletins link, and the
(supposedly) latest patches are shown in order by month of release.
----- Original Message -----
From: "Curtis Faulkner" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, July 20, 2001 10:41 AM
Subject: Re: [imail] If you are running IIS read this.
> Regarding whether it showed up in WindowsUpdate, I don't believe it did,
> because a friend of mine ran WUpd the week after the patch came out and
> says it wasn't included. The hunter/gatherer method of patching is
> about the only good way of keeping patched, it seems. That is a sad
> situation.
>
> Charles Frolick wrote:
>
> > There are lots of situations where patches and updates are held off due
to
> > the structure of business. I work for a small privately funded ISP that
is
> > trying to keep from going extinct with so many other small ISP's. As a
> > result I am the only person that manages 12 critical servers, numerous
> > access routers, security, tier 2/3 tech suport, LAN support,
workstations, I
> > am also our web devloper/designer, and I am cleaning up a mess left by
my
> > predicessors. We don't all have time to read all the articles, or keep
> > track of the latest bugs, we just do the best we can.
> >
> > BTW, did the patch even show up in the critical updates section of
> > windowsupdate? I didn't notice it.
> >
> > Chuck Frolick
> >
> > -----Original Message-----
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> > Curtis Faulkner
> > Sent: Friday, July 20, 2001 9:39 AM
> > To: [EMAIL PROTECTED]
> > Subject: Re: [imail] If you are running IIS read this.
> >
> >
> > While a discussion of the technical side of this is not off-topic, a
> > finger pointing match may be, but I feel I should reply to the
> > statement: "Maybe this incident will teach the IT admins a lesson, take
> > security seriously and patch servers as soon as vulnerabilities are
found."
> >
> > I fully acknowledge that the patch could have already been in place. I
> > believe that having an incident like this occur is enough beratement,
> > however, for those (like me this time) who only rarely get behind in
> > patches.
> >
> > In many instances, especially in public school systems, the server
> > administrator happens to be:
> > 1. An hourly employee who is not allowed to go into overtime.
> > 2. The only person who knows about or wants to know about how to secure
> > a server
> > 3. A person who is expected to handle field hardware and software
> > support for the full gambit of systems in an organization
> > 4. A person who is expected to show up at meetings that that person has
> > no real useful involvement
> > 5. The only person who knows or cares to know about LAN design,
> > troubleshooting, and repair.
> > 6. The only person who knows or cares to know about WAN design,
> > troubleshooting, and repair.
> > 7. Is usually at the mercy of an internal power struggle where the
> > person is ordered to spend their time on "more important things" than
> > keeping up with patches that are issued every other day for broken M$
> > software, as they would LIKE TO DO.
> > 8. Is making their very best effort to keep up with security
> > developments between emergencies.
> > 9. Is usually the one who gets the finger pointed at them when
> > something like this happens after they were told other things were more
> > important.
> >
> > I normally keep up with patches much better than colleagues in other
> > systems. It just so happened that this one didn't get applied in time.
> > I would be to blame only because I wanted to keep my job and follow my
> > boss's priorities. In many cases, it is not the system administrator at
> > fault, it is that person's support from management or upper
> > administration (which can vary depending upon their knowledgability of
> > security situations).
> >
> > Just my opinion,
> > Curtis
> >
> >
> > Mail wrote:
> >
> >
> >> If IIS would have been patched as per Microsoft's Security bulletin
(June
> >> 18th 2001) then you would have not been affected.
> >>
> >> Maybe this incident will teach the IT admins a lesson, take security
> >> seriously and patch servers as soon as vulnerabilities are found. If
> >
> > admins
> >
> >> would have patched servers when the advisory was released this would
have
> >> been a non-issue.
> >>
> >> Subscribe to Microsoft's security bulletin at
> >>
> >
> >
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
> >
> >> bulletin/notify.asp and patch servers when vulnerabilities are found.
You
> >> may also want to subscribe to Cert's list for advisories at
> >> http://www.cert.org/contact_cert/certmaillist.html.
> >>
> >> Just my 2c
> >>
> >> Peter Verzoni
> >>
> >>
> >> ----- Original Message -----
> >> From: "Curtis Faulkner" <[EMAIL PROTECTED]>
> >> To: <[EMAIL PROTECTED]>
> >> Sent: Friday, July 20, 2001 9:56 AM
> >> Subject: Re: [imail] If you are running IIS read this.
> >>
> >>
> >>
> >>
> >>> If anyone believes this is off topic for an IMail list, I apologize.
I
> >>> happen to believe it is very much on topic considering the number of
us
> >>
> > ....
> >
> >
> >
> >
> > ______________________________________________________________________
> > The HKSI-IMail Admin List is hosted by........ Humankind Systems, Inc.
> > Questions, Comments or Complain like Hell.. mailto:[EMAIL PROTECTED]
> > Message Archive... http://www.tallylist.com/archives/index.cfm/mlist.4
> > To Manage your Subscription......... http://humankindsystems.com/lists
> >
> >
> >
> >
> >
> > ______________________________________________________________________
> > The HKSI-IMail Admin List is hosted by........ Humankind Systems, Inc.
> > Questions, Comments or Complain like Hell.. mailto:[EMAIL PROTECTED]
> > Message Archive... http://www.tallylist.com/archives/index.cfm/mlist.4
> > To Manage your Subscription......... http://humankindsystems.com/lists
>
>
>
>
> ______________________________________________________________________
> The HKSI-IMail Admin List is hosted by........ Humankind Systems, Inc.
> Questions, Comments or Complain like Hell.. mailto:[EMAIL PROTECTED]
> Message Archive... http://www.tallylist.com/archives/index.cfm/mlist.4
> To Manage your Subscription......... http://humankindsystems.com/lists
>
______________________________________________________________________
The HKSI-IMail Admin List is hosted by........ Humankind Systems, Inc.
Questions, Comments or Complain like Hell.. mailto:[EMAIL PROTECTED]
Message Archive... http://www.tallylist.com/archives/index.cfm/mlist.4
To Manage your Subscription......... http://humankindsystems.com/lists
