Except if the patch breaks your server, so if you don't need it right this moment because as stated it doesn't apply to your server - why be the beta tester :) -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: 26 June 2002 07:08 To: [ISAserver.org Discussion List] Subject: [isalist] Re: ISA Security Bulletin http://www.ISAserver.org Given that many (if not the vast majority) of users have admin rights on their respective machines, patching IE across the board seems like a good idea. I keep my ISA locked down and patched to the gills for two reasons: 1. Anything the good guys can make, the bad guys can break. Once a hole is discovered, you can bet your granny's panties that some slimy script-kiddie is out looking for you. 2. MS doesn't release security patches for no reason. If someone can convince them that they have a hole; they're very quick to plug it and any others lying nearby. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/authors/harrison/ Read the books! ----- Original Message ----- From: "Bryan Andrews" <bandrews@xxxxxxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Tuesday, June 25, 2002 8:16 PM Subject: [isalist] ISA Security Bulletin http://www.ISAserver.org Hey Guys, After reading this thoroughly I am a little confused as to the need to patch. http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secur ity/ bulletin/MS02-027.asp Is this needed only if you are running proxy clients? Or are webservers somehow vulnerable as well... It seems like anyone who has admin access that views a webpage would 'enable' this vulnerability in the users security context. I did not see any conversations here about it... Did most people patch? Thanks! ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: sporens@xxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')