NO Rod, it's the security community trying to help M$ get secure, if they was securing there products or at least the developers of the products, there wouldn't be these 0 days because the code would be secure!. (Well a lot less vulnerabilities)
But when you look at the vulnerabilities from month to month, they are the same old things ( input validation, buffer overflow, stack overflow, bounds checking, information disclosure, don't they test fro these types of flaws during the development process, if not they need a lesson in SDLC as relates to security!)0 Z Edward E. Ziots Network Engineer Lifespan Organization MCSE,MCSA,MCP,Security+,Network+,CCA Phone: 401-639-3505 ________________________________ From: Rod Trent [mailto:[EMAIL PROTECTED] Sent: Thursday, October 23, 2008 12:07 PM To: NT System Admin Issues Subject: RE: Out of Cycle Critical Windows Patch to be released today, stay tuned Dang, Microsoft! I wish they'd stop trying to secure their products!!!! From: Ziots, Edward [mailto:[EMAIL PROTECTED] Sent: Thursday, October 23, 2008 12:00 PM To: NT System Admin Issues Subject: RE: Out of Cycle Critical Windows Patch to be released today, stay tuned Ok not so much of a trend, problem is they probably knew of the issue before this months patch cycle, and didn't release it with Critical rating on patch Tuesday but a week afterwards, during everyone(s) patching cycle for there information systems. Now we have to validate yet another patch and ask yet again for more downtime from the business on servers and workstations etc etc to get required patches on the machines to protect against the latest threat. What compounds it this month that there is already 11 patches to be tested, validated and deployed and vetted for issues afterwards, one of these patches is exploitable and could definitely lead to a worm (SMB flaw) now you add this remote exploitable, wormable patch, quiet possibly with public exploit code in the wild and active exploits, the risk factor goes up through the dam roof. Now imagine if you was the only person responsible for accomplishing all (4) tasks above, and this new exploit on top. That doesn't make for a happy camper in anyones reguards. Then factor the number of assets to protect by about 10,000. I think you start to get the idea, its pretty crystal clear in my mind. Z Edward E. Ziots Network Engineer Lifespan Organization MCSE,MCSA,MCP,Security+,Network+,CCA Phone: 401-639-3505 ________________________________ From: Michael B. Smith [mailto:[EMAIL PROTECTED] Sent: Thursday, October 23, 2008 11:48 AM To: NT System Admin Issues Subject: RE: Out of Cycle Critical Windows Patch to be released today, stay tuned Trend? This is the first out-of-cycle patch from MSFT since April 2007. Regards, Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP My blog: http://TheEssentialExchange.com/blogs/michael Link with me at: http://www.linkedin.com/in/theessentialexchange From: Ziots, Edward [mailto:[EMAIL PROTECTED] Sent: Thursday, October 23, 2008 11:39 AM To: NT System Admin Issues Subject: RE: Out of Cycle Critical Windows Patch to be released today, stay tuned I am just pissed that they couldn't get this one out last week> Don't be surprised if you see a column in a leading magazine from me about this trend with M$ and other vendors. Z Edward E. Ziots Network Engineer Lifespan Organization MCSE,MCSA,MCP,Security+,Network+,CCA Phone: 401-639-3505 ________________________________ From: Tim Vander Kooi [mailto:[EMAIL PROTECTED] Sent: Thursday, October 23, 2008 11:25 AM To: NT System Admin Issues Subject: RE: Out of Cycle Critical Windows Patch to be released today, stay tuned The report on line shows Reboot Required if you open all the drop downs. It is for Remote Code Execution. It is Critical for Server 2003 all SPs and XP all SPs, Important for Vista/SP1 and Server 2008. TVK From: Ziots, Edward [mailto:[EMAIL PROTECTED] Sent: Thursday, October 23, 2008 10:19 AM To: NT System Admin Issues Subject: RE: Out of Cycle Critical Windows Patch to be released today, stay tuned We wont know until 2:00est, I am assuming it is, and it's a bad one so there is probably exploit code for it roaming the internet and its probably wormable on top of it. Z Edward E. Ziots Network Engineer Lifespan Organization MCSE,MCSA,MCP,Security+,Network+,CCA Phone: 401-639-3505 ________________________________ From: Tim Vander Kooi [mailto:[EMAIL PROTECTED] Sent: Thursday, October 23, 2008 11:16 AM To: NT System Admin Issues Subject: RE: Out of Cycle Critical Windows Patch to be released today, stay tuned And it does require a reboot after install. I hate when out of cycle patches require reboots. I prefer when my users don't know. From: Ziots, Edward [mailto:[EMAIL PROTECTED] Sent: Thursday, October 23, 2008 6:28 AM To: NT System Admin Issues Subject: Out of Cycle Critical Windows Patch to be released today, stay tuned Importance: High Heads up gang, more patching for this month, this one out of cycle and critical no additional information yet. Z Edward E. Ziots Network Engineer Lifespan Organization MCSE,MCSA,MCP,Security+,Network+,CCA Phone: 401-639-3505 _____________________________________________ http://www.computerworld.com/action/article.do?command=viewArticleBasic&; articleId=9117878&source=NLT_AM&nlid=1 <http://www.computerworld.com/action/article.do?command=viewArticleBasic &articleId=9117878&source=NLT_AM&nlid=1> As if the 11 patches this month wasn't enough, now they releasing an out-of-cycle critical patch, Gotta love patchin, Z Edward E. Ziots Network Engineer Lifespan Organization MCSE,MCSA,MCP,Security+,Network+,CCA Phone: 401-639-3505 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
