Re: FW: [ActiveDir] MS09-001 - Get to patching folks!

2009-01-13 Thread Micheal Espinola Jr 
Understood, and thanks.  :-)

--
ME2



On Tue, Jan 13, 2009 at 4:17 PM, Michael B. Smith
 wrote:
> A little birdie told me that this was difficult to fix, in a way that
> allowed SMB to continue working with all versions of Windows, including
> those which aren't patched. The test matrix was massive.
>
> Regards,
>
> Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP
> My blog: http://TheEssentialExchange.com/blogs/michael
> I'll be at TEC'2009! http://www.tec2009.com/vegas/index.php
>
> -Original Message-
> From: Micheal Espinola Jr [mailto:michealespin...@gmail.com]
> Sent: Tuesday, January 13, 2009 3:10 PM
> To: NT System Admin Issues
> Subject: Re: FW: [ActiveDir] MS09-001 - Get to patching folks!
>
> blech:
>
> 2008-06-25 - Vulnerability reported to vendor
> 2009-01-13 - Coordinated public release of advisory
>
> --
> ME2
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: FW: [ActiveDir] MS09-001 - Get to patching folks!

2009-01-13 Thread Michael B. Smith 
A little birdie told me that this was difficult to fix, in a way that
allowed SMB to continue working with all versions of Windows, including
those which aren't patched. The test matrix was massive.

Regards,

Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP
My blog: http://TheEssentialExchange.com/blogs/michael
I'll be at TEC'2009! http://www.tec2009.com/vegas/index.php

-Original Message-
From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] 
Sent: Tuesday, January 13, 2009 3:10 PM
To: NT System Admin Issues
Subject: Re: FW: [ActiveDir] MS09-001 - Get to patching folks!

blech:

2008-06-25 - Vulnerability reported to vendor
2009-01-13 - Coordinated public release of advisory

--
ME2


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Re: FW: [ActiveDir] MS09-001 - Get to patching folks!

2009-01-13 Thread Micheal Espinola Jr 
blech:

2008-06-25 - Vulnerability reported to vendor
2009-01-13 - Coordinated public release of advisory

--
ME2



On Tue, Jan 13, 2009 at 2:31 PM, Todd Lemmiksoo  wrote:
> FYI..Todd
> 
> From: activedir-ow...@mail.activedir.org
> [mailto:activedir-ow...@mail.activedir.org] On Behalf Of joe
> Sent: Tuesday, January 13, 2009 1:19 PM
> To: active...@mail.activedir.org
> Subject: [ActiveDir] MS09-001 - Get to patching folks!
>
>
> http://www.microsoft.com/technet/security/bulletin/ms09-jan.mspx
>
>
>
> Vulnerabilities in SMB Could Allow Remote Code Execution (958687)
>
> This security update resolves several privately reported vulnerabilities in
> Microsoft Server Message Block (SMB) Protocol. The vulnerabilities could
> allow remote code execution on affected systems. An attacker who
> successfully exploited these vulnerabilities could install programs; view,
> change, or delete data; or create new accounts with full user rights.
> Firewall best practices and standard default firewall configurations can
> help protect networks from attacks that originate outside the enterprise
> perimeter. Best practices recommend that systems that are connected to the
> Internet have a minimal number of ports exposed.
>
> "While this is a remote code execution vulnerability, functioning exploit
> code is unlikely."
>
> http://blogs.technet.com/swi/archive/2009/01/09/ms09-001-prioritizing-the-deployment-of-the-smb-bulletin.aspx
>
>
> For all affected versions of Windows, the two RCE vulnerabilities are
> unlikely to result in functioning exploit code as stated in the
> exploitability index
> (http://technet.microsoft.com/en-us/security/cc998259.aspx). There are a few
> reasons for this:
>
> The vulnerabilities cause a fixed value (zero) to be written to kernel
> memory – not data that the attacker controls.
> Controlling what data is overwritten is difficult. To exploit this type of
> kernel buffer overrun, an attacker typically needs to be able to predict the
> layout and contents of memory. The memory layout of the targeted machine
> will depend on various factors such as the physical characteristics (RAM,
> CPUs) of the system, system load, other SMB requests it is processing, etc.
>
> In terms of prioritizing the deployment of this update, we recommend
> updating SMB servers and Domain Controllers immediately since a system DoS
> would have a high impact. Other configurations should be assessed based on
> the role of the machine. For example, non-critical workstations could be
> considered lower priority assuming a system DoS is an acceptable risk.
> Systems with SMB blocked at the host firewall could also be updated more
> slowly.
>
>
>
> --
> O'Reilly Active Directory Fourth Edition -
> http://www.joeware.net/win/ad4e.htm
>
>
>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~