Re: [foxboro] XP Security Patches, whither art thou?

  • From: Neil Martin <neil_martin@xxxxxxxxxxxx>
  • To: foxboro@xxxxxxxxxxxxx
  • Date: Fri, 25 Jan 2008 17:26:54 -0600

The cyber security audits for the Department Homeland Security (DHS) have
already started for many chemical plants, this includes all network
connections to the DCS and PLC  networks, and other process
control/information systems that are connected to DCS, PLC, etc..  For
those not familiar, you can see the link below for a little info.

If your plant makes the chemicals on the   Appendix A: DHS Chemicals of
Interest list  (see DHS link), you may not have much time left to arrange
your cyber audits and send in your information.


http://www.dhs.gov/xprevprot/programs/gc_1181765846511.shtm






                                                                           
             "Hicks, Gaylon F"                                             
             <gfhicks@xxxxxxx>                                             
             Sent by:                                                   To 
             foxboro-bounce@fr         <foxboro@xxxxxxxxxxxxx>             
             eelists.org                                                cc 
                                                                           
                                                                   Subject 
             01/25/2008 04:12          Re: [foxboro] XP Security Patches,  
             PM                        whither art thou?                   
                                                                           
                                                                           
             Please respond to                                             
             foxboro@freelists                                             
                   .org                                                    
                                                                           
                                                                           




This is yet another thing that increases the time and effort required to
maintain an XP workstation.  The Foxboro supplied CD images of approved
patches is a good way to go, if they are somewhat timely, but it appears
that  Microsoft's "commitment" to the process control industry is coming
up (dare I say it?) short.  I find this development shocking and totally
unexpected.

Sarcasm aside, the subject of keeping current on XP patches is likely to
cause great grief if you are in an industry that is going to subject to
some type of cyber security audit in the future.  Be prepared to assume
the position.

Gaylon Hicks
TVA - BFN


-----Original Message-----
From: foxboro-bounce@xxxxxxxxxxxxx [mailto:foxboro-bounce@xxxxxxxxxxxxx]
On Behalf Of Boulay, Russ
Sent: Friday, January 25, 2008 3:42 PM
To: foxboro@xxxxxxxxxxxxx
Subject: Re: [foxboro] XP Security Patches, whither art thou?

Every Microsoft critical patch is tested by Foxboro and either blessed
or not and posted on the website of that status.
=20
We can no longer supply as stated below consolidated on a CD or download
from TAC website directly.
We are working to change that.
=20
But every smoke tested patch that has passed can be downloaded from
Microsoft and applied to I/A
All of the patches on Duc's list have been tested and blessed and show
that status on the website
________________________________

From: foxboro-bounce@xxxxxxxxxxxxx on behalf of
Ed.Zychowski@xxxxxxxxxxxxxx
Sent: Fri 1/25/2008 2:34 PM
To: foxboro@xxxxxxxxxxxxx
Subject: Re: [foxboro] XP Security Patches, whither art thou?



You can mark me down for very concerned!
I spoke with Foxboro TAC and I'm told that Microsoft will not allow
Foxboro to create the ISO CDs any longer. Foxboro will only be allowed
to
point us to the Microsoft update website. (not even allowed to link to
the
specific patch). Still, that shouldn't relieve them of the
responsibility
to test patches. IMHO.




<duc.do@xxxxxxxxxxxxxx>
Sent by: foxboro-bounce@xxxxxxxxxxxxx
01/25/2008 01:25 PM
Please respond to
foxboro@xxxxxxxxxxxxx


To
<foxboro@xxxxxxxxxxxxx>
cc

Subject
[foxboro] XP Security Patches, whither art thou?






Does anyone else share my concern that the security patch process has
grounded to a halt since the middle of last year?

A rough count shows the following outstanding patches for the Win XP,
Service Pack 2 platform:

Aug 2007, 5 critical patches
Oct 2007, 2 critical, 1 important
Nov 2007, 1 critical
Dec 2007, 6 critical, 3 important

The reversed timeline as shown on the IPS web site:

---------------------
9 Jan 2008: MS08-001 and MS08-002 entered Evalutation Testing=3D20

19 Dec 2007: MS07-064, MS07-065, MS07-67, MS07-068 and MS07-069 Passed
Smoke Testing. =3D20
NEW IMAGE NOT MADE AVAILABLE=3D20

12 Dec 2007: MS07-064, MS07-065, MS07-67, MS07-068 and MS07-069 entered
Evalutation Testing=3D20

20 Nov 2007: MS07-061 Passed Smoke Testing. =3D20
NEW IMAGE NOT MADE AVAILABLE=3D20

14 Nov 2007: MS07-061 entered Evalutation Testing=3D20

15 Oct 2007: MS07-056, MS07-57, MS07-058, kb933360 and kb932590 Passed
Smoke Testing. =3D20
NEW IMAGE NOT MADE AVAILABLE=3D20

10 Oct 2007: MS07-056, MS07-57, MS07-058, kb933360 and kb932590 entered
Evalutation Testing=3D20

14 Sep 2007: There were no patches release by Microsoft for this
platform for the month of Sep 2007=3D20

16 Aug 2007: MS07-042, MS07-43, MS07-045, MS07-046 and MS07-050 Passed
Smoke Testing. =3D20
NEW IMAGE NOT MADE AVAILABLE.=3D20

12-Aug 2007: MS07-042, MS07-43, MS07-045, MS07-046 and MS07-050 entered
Evalutation Testing
---------------------

The last time patches were released was in June 2007.

Can anybody from Invensys/Foxboro explain the reasoning behind "NEW
IMAGE NOT MADE AVAILABLE"?

Duc


_______________________________________________________________________
This mailing list is neither sponsored nor endorsed by Invensys Process
Systems (formerly The Foxboro Company). Use the info you obtain here at
your own risks. Read http://www.thecassandraproject.org/disclaimer.html

foxboro mailing list:             //www.freelists.org/list/foxboro
to subscribe:         =
mailto:foxboro-request@xxxxxxxxxxxxx?subject=3Djoin
to unsubscribe:      =
mailto:foxboro-request@xxxxxxxxxxxxx?subject=3Dleave






_______________________________________________________________________
This mailing list is neither sponsored nor endorsed by Invensys Process
Systems (formerly The Foxboro Company). Use the info you obtain here at
your own risks. Read http://www.thecassandraproject.org/disclaimer.html

foxboro mailing list:             //www.freelists.org/list/foxboro
to subscribe:         =
mailto:foxboro-request@xxxxxxxxxxxxx?subject=3Djoin
to unsubscribe:      =
mailto:foxboro-request@xxxxxxxxxxxxx?subject=3Dleave






* Confidentiality Notice:
This e-mail and any associated files are intended solely for the
individual or entity to whom they are addressed. Please do not copy it
or use it for any purposes, or disclose its contents to any other
person. Further, this e-mail and any associated files may be
confidential and further may be legally privileged. This email is from
the Invensys Process Systems business unit of Invensys plc which is a
company registered in England and Wales with its registered office at
Portland House, Bressenden Place, London, SW1E 5BF (Registered number
166023).  For a list of European legal entities within the Invensys
Process Systems business group, please click here
http://www.invensys.com/legal/default.asp?top_nav_id=3D77&nav_id=3D80&pre=
v_i
d=3D77.

If you have received this e-mail in error, you are on notice of its
status. Please notify us immediately by reply e-mail and then delete
this message from your system. Thank you for your co-operation. You may
contact our Helpdesk on +44 (0)20 7821 3859 / 2105 or email
inet.hqhelpdesk@xxxxxxxxxxxxx This e-mail and any attachments thereto
may be subject to the terms of any agreements between Invensys (and/or
its subsidiaries and affiliates) and the recipient (and/or its
subsidiaries and affiliates).


-- No attachments (even text) are allowed --
-- Type: application/ms-tnef
-- File: winmail.dat


=20
=20
_______________________________________________________________________
This mailing list is neither sponsored nor endorsed by Invensys Process
Systems (formerly The Foxboro Company). Use the info you obtain here at
your own risks. Read http://www.thecassandraproject.org/disclaimer.html
=20
foxboro mailing list:             //www.freelists.org/list/foxboro
to subscribe:         =
mailto:foxboro-request@xxxxxxxxxxxxx?subject=3Djoin
to unsubscribe:      =
mailto:foxboro-request@xxxxxxxxxxxxx?subject=3Dleave
=20


_______________________________________________________________________
This mailing list is neither sponsored nor endorsed by Invensys Process
Systems (formerly The Foxboro Company). Use the info you obtain here at
your own risks. Read http://www.thecassandraproject.org/disclaimer.html

foxboro mailing list:             //www.freelists.org/list/foxboro
to subscribe:         mailto:foxboro-request@xxxxxxxxxxxxx?subject=join
to unsubscribe:      mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave



 
 
_______________________________________________________________________
This mailing list is neither sponsored nor endorsed by Invensys Process
Systems (formerly The Foxboro Company). Use the info you obtain here at
your own risks. Read http://www.thecassandraproject.org/disclaimer.html
 
foxboro mailing list:             //www.freelists.org/list/foxboro
to subscribe:         mailto:foxboro-request@xxxxxxxxxxxxx?subject=join
to unsubscribe:      mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave

Other related posts:

  1. Home
  2. foxboro
  3. Archive
  4. 01-2008