So you came home to find a pink pussy... Well then. I'm going to walk away from my computer now and find a quite section of the building to giggle my ass off in. Thank you very much.
-- ME2 On Mon, Oct 27, 2008 at 7:53 AM, James Rankin <[EMAIL PROTECTED]> wrote: > It is a long time since I've had to do one of these "panic" patch > deployments, so I think that MS must be getting on top of it - most of the > time :-) > > On a lighter note, when I got home yesterday morning my cat was pink. I kid > you not, God knows what he has been into. > > 2008/10/27 Ziots, Edward <[EMAIL PROTECTED]> >> >> Ken, >> >> NO offense but I am too tired and pivved off about this to comment >> anymore about technical merits, or who is right or wrong. This >> vulnerability is attacking the same darn service that MS06-040 did, with >> the same result, unauthenticated remote code execution that is >> propagating malware, spyware and worm activity which could definitely >> bring networks to a halt and have a snowball effect across the next. >> >> Like I said before, /End Thread... Moving on.. >> >> Thanks >> EZ >> >> Edward E. Ziots >> Network Engineer >> Lifespan Organization >> MCSE,MCSA,MCP,Security+,Network+,CCA >> Phone: 401-639-3505 >> -----Original Message----- >> From: Ken Schaefer [mailto:[EMAIL PROTECTED] >> Sent: Sunday, October 26, 2008 9:27 PM >> To: NT System Admin Issues >> Subject: RE: Out of Cycle Critical Windows Patch ? >> >> Nothing you are saying is in dispute here. But I still don't see any >> argument as to why this is the "same type" of vulnerability in 06-040 >> that you previously stated, or why it should have been fixed as such. >> >> That you need to spend time patching things isn't different to anyone >> else here. Unfortunately it's a facet of running software these days - >> no matter what the platform you'd be having to the same thing. So, if >> you are venting, then by all means vent. If you are making some claim >> about the technical aspects of this vulnerability or patch, then as I >> asked before, can you provide some information/facts/evidence/etc to >> substantiate that. Not that I'm doubting you per se, but I'm always >> looking to further my own technical knowledge (which is why I'm on this >> list) >> >> Cheers >> Ken >> >> > -----Original Message----- >> > From: Ziots, Edward [mailto:[EMAIL PROTECTED] >> > Sent: Monday, 27 October 2008 12:08 PM >> > To: NT System Admin Issues >> > Subject: RE: Out of Cycle Critical Windows Patch ? >> > >> > Ken, >> > >> > Basically it's a juicy door for exploits, unauthenticated remote code >> > execution, non-authenticated access is just that, unauthenticated, no >> > trust, no authenticated before authorization and legitimate access. It >> > basically a violate of AAA security principles. Honestly, I personally >> > loathe any type of weak or non-existent access to systems, and we seen >> > it in this one that it keeps opening up the door for attacks. >> > >> > Any its pretty easy to get authenticated credentials harvested from >> one >> > exploited system and use these to wack the rest of them. A quick >> > exploit, dump the hashes, run em through ophcrack or jack the ripper, >> > and then impersonate those credentials ( hey generic dumb user) and >> then >> > run your exploit. Its about a trivial exercise. SO as for Vista and >> W2k8 >> > being a little less vulnerabile, sorry they are just as vulnerable as >> > the Win2k,XP, and Win2k3 boxes, when you look at them being on the >> same >> > network as the others mentioned. >> > >> > Again, it's a total pain in the preverbal keister, been up far too >> many >> > hours getting my network straight with this patch, calling for a lot >> of >> > downtime, and disrupting operations. >> > >> > Thanks M$ you guys take the cake on this one:) >> > >> > /END Thread >> > Z >> > >> > Edward E. Ziots >> > Network Engineer >> > Lifespan Organization >> > MCSE,MCSA,MCP,Security+,Network+,CCA >> > Phone: 401-639-3505 >> > >> > -----Original Message----- >> > From: Ken Schaefer [mailto:[EMAIL PROTECTED] >> > Sent: Sunday, October 26, 2008 8:49 PM >> > To: NT System Admin Issues >> > Subject: RE: Out of Cycle Critical Windows Patch ? >> > >> > Um, not sure what you are saying here... >> > >> > Are you saying that because there are unauthenticated ways of calling >> > the Server service, then Microsoft needs to review all the pieces of >> > code that the server service calls, even if they aren't part of the >> > server service itself? >> > >> > (FWIW Windows Server 2008 and Vista require authentication by default >> to >> > the server service, so there's one fix). >> > >> > I know they are doing code reviews, but as per the SDL blog, this >> > particular issue in netapi32.dll is a particularly different one to >> fix. >> > >> > Cheers >> > Ken >> > >> > > -----Original Message----- >> > > From: Ziots, Edward [mailto:[EMAIL PROTECTED] >> > > Sent: Monday, 27 October 2008 11:44 AM >> > > To: NT System Admin Issues >> > > Subject: RE: Out of Cycle Critical Windows Patch ? >> > > >> > > Yean pretty aware that netapi32.dll is called by a lot of items, >> which >> > > sends the attack vector up quite a bit, but the server service was >> the >> > > route into both if memory serves me right, so question is why did >> > > another unauthenticated RPC error attack with that service as the >> > route >> > > happen again when they made a fix for a similar vulnerability 2+ yrs >> > > ago.. >> > > >> > > Z >> > > >> > > Edward E. Ziots >> > > Network Engineer >> > > Lifespan Organization >> > > MCSE,MCSA,MCP,Security+,Network+,CCA >> > > Phone: 401-639-3505 >> > > -----Original Message----- >> > > From: Ken Schaefer [mailto:[EMAIL PROTECTED] >> > > Sent: Sunday, October 26, 2008 6:50 PM >> > > To: NT System Admin Issues >> > > Subject: RE: Out of Cycle Critical Windows Patch ? >> > > >> > > Hmm - I check MS06-040 again, and I don't think they are the same >> > "type" >> > > of issue. >> > > >> > > The current bug is in the NetCanonicalize API - not in the Server >> > > service. It's just that the server service is a route to get to that >> > bug >> > > - because it calls that API. But it's entirely possible for /other/ >> > > applications to also call that API. Just use Process Explorer, and >> see >> > > how many applications are using Netapi32.dll - I think you'll find >> > it's >> > > a lot. Any of these /might/ also call that API, and become a vector >> > for >> > > compromise. >> > > >> > > Cheers >> > > Ken >> > > >> > > > -----Original Message----- >> > > > From: Ken Schaefer [mailto:[EMAIL PROTECTED] >> > > > Sent: Monday, 27 October 2008 9:28 AM >> > > > To: NT System Admin Issues >> > > > Subject: RE: Out of Cycle Critical Windows Patch ? >> > > > >> > > > According to the SDL blog, this is why this particular issue is >> not >> > > easy to >> > > > discover, especially using automated analysis: >> > > > http://blogs.msdn.com/sdl/archive/2008/10/22/ms08-067.aspx >> > > > >> > > > Cheers >> > > > Ken >> > > > >> > > > > -----Original Message----- >> > > > > From: Ziots, Edward [mailto:[EMAIL PROTECTED] >> > > > > Sent: Monday, 27 October 2008 12:45 AM >> > > > > To: NT System Admin Issues >> > > > > Subject: RE: Out of Cycle Critical Windows Patch ? >> > > > > >> > > > > Yeah someone lit a fire under MSFT arse and they got with the >> > > program on >> > > > > this one, but only after they detected systems getting exploited >> > in >> > > the >> > > > > wild. Why they didn't determine this flaw back when they patched >> > > 06-040 >> > > > > for the same type of issue we probably will never know... >> > > > > >> > > > > Z >> > > > > >> > > > > Edward E. Ziots >> > > > > Network Engineer >> > > > > Lifespan Organization >> > > > > MCSE,MCSA,MCP,Security+,Network+,CCA >> > > > > Phone: 401-639-3505 >> > > > > >> > > > > -----Original Message----- >> > > > > From: Kurt Buff [mailto:[EMAIL PROTECTED] >> > > > > Sent: Friday, October 24, 2008 8:08 PM >> > > > > To: NT System Admin Issues >> > > > > Subject: Re: Out of Cycle Critical Windows Patch ? >> > > > > >> > > > > Taking this in a slightly different direction... >> > > > > >> > > > > I told the IT Director and COO yesterday that I was patching all >> > > > > servers, and sending an email to all of the laptop users to do >> the >> > > > > same. >> > > > > >> > > > > They were a bit skeptical, but not only did the emails that I >> > > > > forwarded them from various lists buttress my opinion, this >> > morning >> > > I >> > > > > got forwarded a voicemail by the IT Director, from a rep at >> MSFT. >> > > Gist >> > > > > of the message - MSFT is taking this extremely seriously, and >> you >> > > > > should patch now. >> > > > > >> > > > > Director's comments was "nice job, good of you to jump on this." >> > > > > >> > > > > Anyone else get a call like this from MSFT? It's the first time >> > I've >> > > > > heard of them doing this, and I take it as a really good sign - >> > MSFT >> > > > > is finally getting the real clue about this stuff. >> > > > > >> > > > > Kurt >> > > > > >> > > > > On Fri, Oct 24, 2008 at 3:52 AM, Oliver Marshall >> > > > > <[EMAIL PROTECTED]> wrote: >> > > > > > Chaps, >> > > > > > >> > > > > > The update that was sent out last night, has that caused any >> > > issues >> > > > > > elsewhere? We've had a spate of calls from users about >> problems >> > > today, >> > > > > > several servers which were set to auto-update for various >> > reasons >> > > have >> > > > > > had varying levels of failure. It's mentally busy here for a >> > > Friday, >> > > > > and >> > > > > > the one thing they have in common is that all the machine >> > rebooted >> > > for >> > > > > > an update last night. >> > > > > > >> > > > > > Is it just us ? >> > > > >> > > > >> > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> > > > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> > > >> > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> > > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> > > >> > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> > > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> > >> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> > >> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
