Too bad it takes one silly user to kill your defense in depth strategy, especially with the lack of egress filtering and inspection from ( trust (internal network) to untrust (DMZ/Internet))
That coupled with client-side exploits, malicious malware, web exploits, the malware writers are always going to have a leg up on us, its just how much pain and how much risk mitigation that you want to do, before the ends don't justify the means anymore. Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:ezi...@lifespan.org Cell:401-639-3505 From: James Rankin [mailto:kz2...@googlemail.com] Sent: Friday, August 20, 2010 9:19 AM To: NT System Admin Issues Subject: Re: 200 + Windows applications trivial to exploit bugs It's times like this that I finally feel vindicated in pushing hard for a defense-in-depth strategy On 20 August 2010 14:14, Andrew S. Baker <asbz...@gmail.com> wrote: Can't wait to see the wide ranging list of apps. You know, unless all the vendors patch at the very same time, or unless Microsoft (or someone else) provides an extra mitigation at the OS level, as soon a few of these are patched, the malware writers will figure out how to exploit it for at least some of the applications, and it's going to be one batch of chaos. ASB (My XeeSM Profile) <http://XeeSM.com/AndrewBaker> Exploiting Technology for Business Advantage... Signature powered by WiseStamp <http://www.wisestamp.com/email-install> On Fri, Aug 20, 2010 at 8:29 AM, Ziots, Edward <ezi...@lifespan.org> wrote: http://www.theregister.co.uk/2010/08/20/windows_code_execution_vuln/ HD Moore: Critical bug in 40 different Windows apps | ZDNet: http://www.zdnet.com/blog/security/hd-moore-critical-bug-in-40-different -windows-apps/7188?tag=nl.e589 SecurityFocus: http://www.securityfocus.com/archive/1/513190 Let the patching pain begin... looks like its going to be a seriously bumpy ride for the next few months as these are vetted, and patches produced. Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:ezi...@lifespan.org <mailto:email%3aezi...@lifespan.org> Cell:401-639-3505 -- "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question." ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
